Aug 26 13:10:03.659983: FIPS Product: YES Aug 26 13:10:03.660116: FIPS Kernel: NO Aug 26 13:10:03.660120: FIPS Mode: NO Aug 26 13:10:03.660123: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:10:03.660275: Initializing NSS Aug 26 13:10:03.660284: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:10:03.693050: NSS initialized Aug 26 13:10:03.693068: NSS crypto library initialized Aug 26 13:10:03.693071: FIPS HMAC integrity support [enabled] Aug 26 13:10:03.693072: FIPS mode disabled for pluto daemon Aug 26 13:10:03.720799: FIPS HMAC integrity verification self-test FAILED Aug 26 13:10:03.720880: libcap-ng support [enabled] Aug 26 13:10:03.720886: Linux audit support [enabled] Aug 26 13:10:03.720904: Linux audit activated Aug 26 13:10:03.720911: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16241 Aug 26 13:10:03.720914: core dump dir: /tmp Aug 26 13:10:03.720916: secrets file: /etc/ipsec.secrets Aug 26 13:10:03.720917: leak-detective enabled Aug 26 13:10:03.720918: NSS crypto [enabled] Aug 26 13:10:03.720920: XAUTH PAM support [enabled] Aug 26 13:10:03.720989: | libevent is using pluto's memory allocator Aug 26 13:10:03.720994: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:10:03.721006: | libevent_malloc: new ptr-libevent@0x560d9b10b188 size 40 Aug 26 13:10:03.721011: | libevent_malloc: new ptr-libevent@0x560d9b105cd8 size 40 Aug 26 13:10:03.721014: | libevent_malloc: new ptr-libevent@0x560d9b105dd8 size 40 Aug 26 13:10:03.721015: | creating event base Aug 26 13:10:03.721030: | libevent_malloc: new ptr-libevent@0x560d9b188b18 size 56 Aug 26 13:10:03.721035: | libevent_malloc: new ptr-libevent@0x560d9b134f38 size 664 Aug 26 13:10:03.721044: | libevent_malloc: new ptr-libevent@0x560d9b188b88 size 24 Aug 26 13:10:03.721046: | libevent_malloc: new ptr-libevent@0x560d9b188bd8 size 384 Aug 26 13:10:03.721053: | libevent_malloc: new ptr-libevent@0x560d9b188ad8 size 16 Aug 26 13:10:03.721054: | libevent_malloc: new ptr-libevent@0x560d9b105908 size 40 Aug 26 13:10:03.721056: | libevent_malloc: new ptr-libevent@0x560d9b105d38 size 48 Aug 26 13:10:03.721060: | libevent_realloc: new ptr-libevent@0x560d9b135a38 size 256 Aug 26 13:10:03.721063: | libevent_malloc: new ptr-libevent@0x560d9b188d88 size 16 Aug 26 13:10:03.721067: | libevent_free: release ptr-libevent@0x560d9b188b18 Aug 26 13:10:03.721070: | libevent initialized Aug 26 13:10:03.721072: | libevent_realloc: new ptr-libevent@0x560d9b188b18 size 64 Aug 26 13:10:03.721076: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:10:03.721086: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:10:03.721088: NAT-Traversal support [enabled] Aug 26 13:10:03.721090: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:10:03.721095: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:10:03.721097: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:10:03.721123: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:10:03.721126: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:10:03.721128: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:10:03.721175: Encryption algorithms: Aug 26 13:10:03.721181: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:10:03.721184: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:10:03.721186: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:10:03.721189: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:10:03.721191: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:10:03.721196: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:10:03.721199: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:10:03.721202: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:10:03.721204: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:10:03.721206: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:10:03.721208: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:10:03.721211: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:10:03.721213: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:10:03.721215: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:10:03.721218: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:10:03.721220: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:10:03.721222: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:10:03.721227: Hash algorithms: Aug 26 13:10:03.721229: MD5 IKEv1: IKE IKEv2: Aug 26 13:10:03.721231: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:10:03.721233: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:10:03.721235: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:10:03.721237: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:10:03.721245: PRF algorithms: Aug 26 13:10:03.721247: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:10:03.721249: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:10:03.721252: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:10:03.721254: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:10:03.721256: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:10:03.721258: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:10:03.721274: Integrity algorithms: Aug 26 13:10:03.721276: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:10:03.721279: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:10:03.721281: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:10:03.721284: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:10:03.721286: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:10:03.721299: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:10:03.721305: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:10:03.721307: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:10:03.721309: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:10:03.721317: DH algorithms: Aug 26 13:10:03.721319: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:10:03.721321: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:10:03.721336: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:10:03.721340: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:10:03.721342: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:10:03.721344: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:10:03.721346: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:10:03.721348: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:10:03.721350: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:10:03.721352: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:10:03.721354: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:10:03.721356: testing CAMELLIA_CBC: Aug 26 13:10:03.721358: Camellia: 16 bytes with 128-bit key Aug 26 13:10:03.721449: Camellia: 16 bytes with 128-bit key Aug 26 13:10:03.721468: Camellia: 16 bytes with 256-bit key Aug 26 13:10:03.721488: Camellia: 16 bytes with 256-bit key Aug 26 13:10:03.721505: testing AES_GCM_16: Aug 26 13:10:03.721508: empty string Aug 26 13:10:03.721526: one block Aug 26 13:10:03.721542: two blocks Aug 26 13:10:03.721558: two blocks with associated data Aug 26 13:10:03.721574: testing AES_CTR: Aug 26 13:10:03.721576: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:10:03.721592: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:10:03.721609: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:10:03.721626: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:10:03.721644: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:10:03.721676: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:10:03.721706: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:10:03.721722: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:10:03.721739: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:10:03.721755: testing AES_CBC: Aug 26 13:10:03.721757: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:10:03.721787: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:10:03.721818: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:10:03.721835: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:10:03.721869: testing AES_XCBC: Aug 26 13:10:03.721871: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:10:03.721956: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:10:03.722050: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:10:03.722126: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:10:03.722203: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:10:03.722299: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:10:03.722446: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:10:03.722747: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:10:03.722924: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:10:03.723130: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:10:03.723365: testing HMAC_MD5: Aug 26 13:10:03.723373: RFC 2104: MD5_HMAC test 1 Aug 26 13:10:03.723499: RFC 2104: MD5_HMAC test 2 Aug 26 13:10:03.723593: RFC 2104: MD5_HMAC test 3 Aug 26 13:10:03.723731: 8 CPU cores online Aug 26 13:10:03.723735: starting up 7 crypto helpers Aug 26 13:10:03.723769: started thread for crypto helper 0 Aug 26 13:10:03.723795: | starting up helper thread 0 Aug 26 13:10:03.723806: started thread for crypto helper 1 Aug 26 13:10:03.723810: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:10:03.723810: | starting up helper thread 1 Aug 26 13:10:03.723833: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:10:03.723853: started thread for crypto helper 2 Aug 26 13:10:03.723812: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:03.723889: started thread for crypto helper 3 Aug 26 13:10:03.723891: | starting up helper thread 3 Aug 26 13:10:03.723897: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:10:03.723895: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:03.723911: started thread for crypto helper 4 Aug 26 13:10:03.723931: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:03.723952: | starting up helper thread 4 Aug 26 13:10:03.723958: started thread for crypto helper 5 Aug 26 13:10:03.723961: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:10:03.723962: | starting up helper thread 5 Aug 26 13:10:03.723981: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:10:03.723964: | crypto helper 4 waiting (nothing to do) Aug 26 13:10:03.723971: | starting up helper thread 2 Aug 26 13:10:03.723992: | crypto helper 5 waiting (nothing to do) Aug 26 13:10:03.723995: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:10:03.723994: started thread for crypto helper 6 Aug 26 13:10:03.723998: | starting up helper thread 6 Aug 26 13:10:03.724000: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:03.724009: | checking IKEv1 state table Aug 26 13:10:03.724006: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:10:03.724017: | crypto helper 6 waiting (nothing to do) Aug 26 13:10:03.724019: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724023: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:10:03.724026: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724028: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:10:03.724031: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:10:03.724034: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:10:03.724036: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:03.724039: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:03.724042: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:10:03.724044: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:10:03.724047: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:03.724049: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:03.724052: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:10:03.724055: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:03.724057: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:03.724060: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:03.724063: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:10:03.724066: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:03.724068: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:03.724071: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:03.724074: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:10:03.724077: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724080: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:10:03.724083: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724086: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724088: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:10:03.724091: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724094: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:03.724097: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:03.724100: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:10:03.724103: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:03.724105: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:03.724108: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:10:03.724111: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724114: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:10:03.724117: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724120: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:10:03.724123: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:10:03.724129: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:10:03.724132: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:10:03.724135: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:10:03.724138: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:10:03.724141: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:10:03.724144: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724147: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:10:03.724149: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724152: | INFO: category: informational flags: 0: Aug 26 13:10:03.724155: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724158: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:10:03.724161: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724164: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:10:03.724167: | -> XAUTH_R1 EVENT_NULL Aug 26 13:10:03.724170: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:10:03.724173: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:03.724176: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:10:03.724178: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:10:03.724182: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:10:03.724184: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:10:03.724188: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:10:03.724190: | -> UNDEFINED EVENT_NULL Aug 26 13:10:03.724193: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:10:03.724196: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:03.724199: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:10:03.724202: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:10:03.724205: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:10:03.724208: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:10:03.724214: | checking IKEv2 state table Aug 26 13:10:03.724221: | PARENT_I0: category: ignore flags: 0: Aug 26 13:10:03.724224: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:10:03.724228: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724231: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:10:03.724234: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:10:03.724238: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:10:03.724241: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:10:03.724244: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:10:03.724247: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:10:03.724250: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:10:03.724253: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:10:03.724256: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:10:03.724259: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:10:03.724262: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:10:03.724265: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:10:03.724268: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:10:03.724271: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724274: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:10:03.724277: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:10:03.724280: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:10:03.724283: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:10:03.724287: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:10:03.724298: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:10:03.724303: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:10:03.724306: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:10:03.724308: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:10:03.724311: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:10:03.724314: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:10:03.724317: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:10:03.724320: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:10:03.724323: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:10:03.724327: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:03.724330: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:10:03.724333: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:10:03.724336: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:10:03.724340: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:10:03.724343: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:10:03.724346: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:10:03.724350: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:10:03.724353: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:10:03.724356: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:03.724359: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:10:03.724363: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:10:03.724366: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:10:03.724369: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:10:03.724372: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:10:03.724375: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:10:03.724388: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:10:03.725166: | Hard-wiring algorithms Aug 26 13:10:03.725172: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:10:03.725177: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:10:03.725180: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:10:03.725183: | adding 3DES_CBC to kernel algorithm db Aug 26 13:10:03.725186: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:10:03.725189: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:10:03.725192: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:10:03.725195: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:10:03.725198: | adding AES_CTR to kernel algorithm db Aug 26 13:10:03.725200: | adding AES_CBC to kernel algorithm db Aug 26 13:10:03.725203: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:10:03.725206: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:10:03.725209: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:10:03.725212: | adding NULL to kernel algorithm db Aug 26 13:10:03.725215: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:10:03.725218: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:10:03.725221: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:10:03.725224: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:10:03.725227: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:10:03.725230: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:10:03.725233: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:10:03.725236: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:10:03.725239: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:10:03.725241: | adding NONE to kernel algorithm db Aug 26 13:10:03.725268: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:10:03.725277: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:10:03.725280: | setup kernel fd callback Aug 26 13:10:03.725284: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x560d9b18e398 Aug 26 13:10:03.725313: | libevent_malloc: new ptr-libevent@0x560d9b171be8 size 128 Aug 26 13:10:03.725322: | libevent_malloc: new ptr-libevent@0x560d9b18d8f8 size 16 Aug 26 13:10:03.725329: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x560d9b18d7e8 Aug 26 13:10:03.725334: | libevent_malloc: new ptr-libevent@0x560d9b138128 size 128 Aug 26 13:10:03.725337: | libevent_malloc: new ptr-libevent@0x560d9b18e2e8 size 16 Aug 26 13:10:03.725622: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:10:03.725632: selinux support is enabled. Aug 26 13:10:03.726443: | unbound context created - setting debug level to 5 Aug 26 13:10:03.726476: | /etc/hosts lookups activated Aug 26 13:10:03.726491: | /etc/resolv.conf usage activated Aug 26 13:10:03.726555: | outgoing-port-avoid set 0-65535 Aug 26 13:10:03.726588: | outgoing-port-permit set 32768-60999 Aug 26 13:10:03.726591: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:10:03.726595: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:10:03.726599: | Setting up events, loop start Aug 26 13:10:03.726602: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x560d9b18e328 Aug 26 13:10:03.726606: | libevent_malloc: new ptr-libevent@0x560d9b19a568 size 128 Aug 26 13:10:03.726610: | libevent_malloc: new ptr-libevent@0x560d9b1a57f8 size 16 Aug 26 13:10:03.726617: | libevent_realloc: new ptr-libevent@0x560d9b134bc8 size 256 Aug 26 13:10:03.726621: | libevent_malloc: new ptr-libevent@0x560d9b1a5838 size 8 Aug 26 13:10:03.726624: | libevent_realloc: new ptr-libevent@0x560d9b135478 size 144 Aug 26 13:10:03.726628: | libevent_malloc: new ptr-libevent@0x560d9b1358d8 size 152 Aug 26 13:10:03.726632: | libevent_malloc: new ptr-libevent@0x560d9b1a5878 size 16 Aug 26 13:10:03.726636: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:10:03.726639: | libevent_malloc: new ptr-libevent@0x560d9b1a58b8 size 8 Aug 26 13:10:03.726642: | libevent_malloc: new ptr-libevent@0x560d9b1a58f8 size 152 Aug 26 13:10:03.726646: | signal event handler PLUTO_SIGTERM installed Aug 26 13:10:03.726649: | libevent_malloc: new ptr-libevent@0x560d9b1a59c8 size 8 Aug 26 13:10:03.726652: | libevent_malloc: new ptr-libevent@0x560d9b1a5a08 size 152 Aug 26 13:10:03.726655: | signal event handler PLUTO_SIGHUP installed Aug 26 13:10:03.726658: | libevent_malloc: new ptr-libevent@0x560d9b1a5ad8 size 8 Aug 26 13:10:03.726661: | libevent_realloc: release ptr-libevent@0x560d9b135478 Aug 26 13:10:03.726665: | libevent_realloc: new ptr-libevent@0x560d9b1a5b18 size 256 Aug 26 13:10:03.726668: | libevent_malloc: new ptr-libevent@0x560d9b1a5c48 size 152 Aug 26 13:10:03.726671: | signal event handler PLUTO_SIGSYS installed Aug 26 13:10:03.727057: | created addconn helper (pid:16423) using fork+execve Aug 26 13:10:03.727074: | forked child 16423 Aug 26 13:10:03.727130: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:03.727581: listening for IKE messages Aug 26 13:10:03.728059: | Inspecting interface lo Aug 26 13:10:03.728069: | found lo with address 127.0.0.1 Aug 26 13:10:03.728075: | Inspecting interface eth0 Aug 26 13:10:03.728079: | found eth0 with address 192.0.1.254 Aug 26 13:10:03.728083: | Inspecting interface eth1 Aug 26 13:10:03.728087: | found eth1 with address 192.1.2.45 Aug 26 13:10:03.728179: Kernel supports NIC esp-hw-offload Aug 26 13:10:03.728192: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:10:03.728244: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:03.728249: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:03.728253: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:10:03.728284: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:10:03.728311: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:03.728332: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:03.728351: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:10:03.728378: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:10:03.728413: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:03.728418: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:03.728422: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:10:03.728504: | no interfaces to sort Aug 26 13:10:03.728508: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:03.728515: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a61a8 Aug 26 13:10:03.728518: | libevent_malloc: new ptr-libevent@0x560d9b19a4b8 size 128 Aug 26 13:10:03.728521: | libevent_malloc: new ptr-libevent@0x560d9b1a6218 size 16 Aug 26 13:10:03.728527: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:03.728529: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6258 Aug 26 13:10:03.728532: | libevent_malloc: new ptr-libevent@0x560d9b136388 size 128 Aug 26 13:10:03.728533: | libevent_malloc: new ptr-libevent@0x560d9b1a62c8 size 16 Aug 26 13:10:03.728537: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:03.728538: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6308 Aug 26 13:10:03.728540: | libevent_malloc: new ptr-libevent@0x560d9b138228 size 128 Aug 26 13:10:03.728542: | libevent_malloc: new ptr-libevent@0x560d9b1a6378 size 16 Aug 26 13:10:03.728545: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:10:03.728547: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a63b8 Aug 26 13:10:03.728549: | libevent_malloc: new ptr-libevent@0x560d9b135378 size 128 Aug 26 13:10:03.728550: | libevent_malloc: new ptr-libevent@0x560d9b1a6428 size 16 Aug 26 13:10:03.728553: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:10:03.728555: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6468 Aug 26 13:10:03.728558: | libevent_malloc: new ptr-libevent@0x560d9b10bba8 size 128 Aug 26 13:10:03.728559: | libevent_malloc: new ptr-libevent@0x560d9b1a64d8 size 16 Aug 26 13:10:03.728562: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:10:03.728564: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6518 Aug 26 13:10:03.728567: | libevent_malloc: new ptr-libevent@0x560d9b1061d8 size 128 Aug 26 13:10:03.728568: | libevent_malloc: new ptr-libevent@0x560d9b1a6588 size 16 Aug 26 13:10:03.728571: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:10:03.728575: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:03.728577: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:03.728591: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:03.728600: | id type added to secret(0x560d9b101c48) PKK_PSK: @east Aug 26 13:10:03.728604: | id type added to secret(0x560d9b101c48) PKK_PSK: 192.1.2.45 Aug 26 13:10:03.728607: | Processing PSK at line 1: passed Aug 26 13:10:03.728608: | certs and keys locked by 'process_secret' Aug 26 13:10:03.728611: | certs and keys unlocked by 'process_secret' Aug 26 13:10:03.728618: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:03.728624: | spent 1.49 milliseconds in whack Aug 26 13:10:03.747683: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:03.747708: listening for IKE messages Aug 26 13:10:03.747736: | Inspecting interface lo Aug 26 13:10:03.747742: | found lo with address 127.0.0.1 Aug 26 13:10:03.747744: | Inspecting interface eth0 Aug 26 13:10:03.747747: | found eth0 with address 192.0.1.254 Aug 26 13:10:03.747748: | Inspecting interface eth1 Aug 26 13:10:03.747751: | found eth1 with address 192.1.2.45 Aug 26 13:10:03.747798: | no interfaces to sort Aug 26 13:10:03.747809: | libevent_free: release ptr-libevent@0x560d9b19a4b8 Aug 26 13:10:03.747812: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a61a8 Aug 26 13:10:03.747814: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a61a8 Aug 26 13:10:03.747816: | libevent_malloc: new ptr-libevent@0x560d9b19a4b8 size 128 Aug 26 13:10:03.747822: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:03.747824: | libevent_free: release ptr-libevent@0x560d9b136388 Aug 26 13:10:03.747826: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6258 Aug 26 13:10:03.747828: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6258 Aug 26 13:10:03.747830: | libevent_malloc: new ptr-libevent@0x560d9b136388 size 128 Aug 26 13:10:03.747833: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:03.747835: | libevent_free: release ptr-libevent@0x560d9b138228 Aug 26 13:10:03.747837: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6308 Aug 26 13:10:03.747839: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6308 Aug 26 13:10:03.747840: | libevent_malloc: new ptr-libevent@0x560d9b138228 size 128 Aug 26 13:10:03.747843: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:10:03.747846: | libevent_free: release ptr-libevent@0x560d9b135378 Aug 26 13:10:03.747847: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a63b8 Aug 26 13:10:03.747849: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a63b8 Aug 26 13:10:03.747851: | libevent_malloc: new ptr-libevent@0x560d9b135378 size 128 Aug 26 13:10:03.747854: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:10:03.747856: | libevent_free: release ptr-libevent@0x560d9b10bba8 Aug 26 13:10:03.747858: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6468 Aug 26 13:10:03.747860: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6468 Aug 26 13:10:03.747861: | libevent_malloc: new ptr-libevent@0x560d9b10bba8 size 128 Aug 26 13:10:03.747864: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:10:03.747867: | libevent_free: release ptr-libevent@0x560d9b1061d8 Aug 26 13:10:03.747868: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6518 Aug 26 13:10:03.747870: | add_fd_read_event_handler: new ethX-pe@0x560d9b1a6518 Aug 26 13:10:03.747872: | libevent_malloc: new ptr-libevent@0x560d9b1061d8 size 128 Aug 26 13:10:03.747875: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:10:03.747877: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:03.747878: forgetting secrets Aug 26 13:10:03.747884: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:03.747894: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:03.747900: | id type added to secret(0x560d9b101c48) PKK_PSK: @east Aug 26 13:10:03.747903: | id type added to secret(0x560d9b101c48) PKK_PSK: 192.1.2.45 Aug 26 13:10:03.747906: | Processing PSK at line 1: passed Aug 26 13:10:03.747908: | certs and keys locked by 'process_secret' Aug 26 13:10:03.747910: | certs and keys unlocked by 'process_secret' Aug 26 13:10:03.747916: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:03.747921: | spent 0.247 milliseconds in whack Aug 26 13:10:03.748420: | processing signal PLUTO_SIGCHLD Aug 26 13:10:03.748433: | waitpid returned pid 16423 (exited with status 0) Aug 26 13:10:03.748436: | reaped addconn helper child (status 0) Aug 26 13:10:03.748440: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:03.748444: | spent 0.0134 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:03.802624: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:03.802644: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:03.802648: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:03.802650: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:03.802651: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:03.802654: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:03.802660: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:03.802702: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:10:03.802706: | from whack: got --esp= Aug 26 13:10:03.802731: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:10:03.802736: | counting wild cards for 192.1.2.45 is 0 Aug 26 13:10:03.802739: | counting wild cards for @east is 0 Aug 26 13:10:03.802746: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:10:03.802748: | new hp@0x560d9b1a8828 Aug 26 13:10:03.802751: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:10:03.802760: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:03.802771: | 192.0.1.0/24===192.1.2.45<192.1.2.45>...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:10:03.802794: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:03.802802: | spent 0.183 milliseconds in whack Aug 26 13:10:03.864356: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:03.864588: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:03.864595: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:03.864656: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:10:03.864686: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:03.864694: | spent 0.344 milliseconds in whack Aug 26 13:10:03.920443: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:03.920486: | old debugging base+cpu-usage + none Aug 26 13:10:03.920490: | base debugging = base+cpu-usage Aug 26 13:10:03.920494: | old impairing none + suppress-retransmits Aug 26 13:10:03.920497: | base impairing = suppress-retransmits Aug 26 13:10:03.920506: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:03.920528: | spent 0.0805 milliseconds in whack Aug 26 13:10:04.060869: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:04.060932: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:10:04.060945: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:04.060962: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:10:04.060973: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:10:04.060985: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:10:04.060994: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:10:04.061042: | creating state object #1 at 0x560d9b1a8948 Aug 26 13:10:04.061053: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:10:04.061079: | pstats #1 ikev2.ike started Aug 26 13:10:04.061091: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:04.061102: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:10:04.061121: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:04.061143: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:04.061161: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:04.061186: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:10:04.061202: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:10:04.061216: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 13:10:04.061258: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 13:10:04.061285: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:04.061323: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.061337: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:04.061362: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.061375: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:04.061394: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.061407: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:04.061426: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.061464: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.061495: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:10:04.061508: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560d9b1ab078 Aug 26 13:10:04.061521: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:04.061533: | libevent_malloc: new ptr-libevent@0x560d9b1ab0e8 size 128 Aug 26 13:10:04.061571: | #1 spent 0.597 milliseconds in ikev2_parent_outI1() Aug 26 13:10:04.061583: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:04.061600: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:04.061611: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:04.061618: | crypto helper 0 resuming Aug 26 13:10:04.061621: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:10:04.061670: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:10:04.061692: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:10:04.061703: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:10:04.061707: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:04.061731: | spent 0.865 milliseconds in whack Aug 26 13:10:04.063513: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001811 seconds Aug 26 13:10:04.063537: | (#1) spent 1.8 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:10:04.063543: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:10:04.063548: | scheduling resume sending helper answer for #1 Aug 26 13:10:04.063554: | libevent_malloc: new ptr-libevent@0x7f8388002888 size 128 Aug 26 13:10:04.063568: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:04.063587: | processing resume sending helper answer for #1 Aug 26 13:10:04.063608: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:04.063620: | crypto helper 0 replies to request ID 1 Aug 26 13:10:04.063627: | calling continuation function 0x560d992b4b50 Aug 26 13:10:04.063634: | ikev2_parent_outI1_continue for #1 Aug 26 13:10:04.063706: | **emit ISAKMP Message: Aug 26 13:10:04.063715: | initiator cookie: Aug 26 13:10:04.063722: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.063729: | responder cookie: Aug 26 13:10:04.063735: | 00 00 00 00 00 00 00 00 Aug 26 13:10:04.063743: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:04.063750: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:04.063757: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:04.063765: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:04.063772: | Message ID: 0 (0x0) Aug 26 13:10:04.063781: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:04.063820: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.063829: | Emitting ikev2_proposals ... Aug 26 13:10:04.063837: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:04.063845: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.063852: | flags: none (0x0) Aug 26 13:10:04.063860: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:04.063868: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.063875: | discarding INTEG=NONE Aug 26 13:10:04.063883: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.063890: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.063897: | prop #: 1 (0x1) Aug 26 13:10:04.063904: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:04.063910: | spi size: 0 (0x0) Aug 26 13:10:04.063917: | # transforms: 11 (0xb) Aug 26 13:10:04.063925: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.063933: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.063940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.063947: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.063954: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.063961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.063976: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.063984: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.063991: | length/value: 256 (0x100) Aug 26 13:10:04.063998: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.064005: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064019: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.064025: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:04.064034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064048: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064055: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064069: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.064076: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:04.064084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064099: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064105: | discarding INTEG=NONE Aug 26 13:10:04.064112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064126: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064132: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.064140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064155: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064162: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064183: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:04.064191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064206: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064213: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064232: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:04.064241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064248: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064255: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064262: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064280: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064287: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:04.064313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064328: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064340: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064361: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:04.064369: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064383: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064389: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064403: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064410: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:04.064417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064438: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064452: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064458: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:04.064466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064481: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064487: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064494: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.064500: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064507: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:04.064515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064522: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064529: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064535: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:04.064543: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.064550: | discarding INTEG=NONE Aug 26 13:10:04.064558: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.064565: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.064573: | prop #: 2 (0x2) Aug 26 13:10:04.064580: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:04.064586: | spi size: 0 (0x0) Aug 26 13:10:04.064593: | # transforms: 11 (0xb) Aug 26 13:10:04.064602: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.064615: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.064623: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064637: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.064643: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.064650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064658: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.064665: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.064671: | length/value: 128 (0x80) Aug 26 13:10:04.064679: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.064686: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064700: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.064707: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:04.064716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064723: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064731: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064738: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064751: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.064757: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:04.064765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064780: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064786: | discarding INTEG=NONE Aug 26 13:10:04.064793: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064813: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.064821: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064835: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064842: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064862: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:04.064870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064884: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064891: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064916: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:04.064924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064938: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064945: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.064951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064958: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.064965: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:04.064973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.064980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.064987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.064994: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065013: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:04.065021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065034: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065041: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065053: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065060: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:04.065067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065075: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065082: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065088: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065102: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065108: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:04.065116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065130: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065137: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065143: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.065150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065156: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:04.065164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065179: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065194: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:04.065202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.065209: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.065216: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.065222: | prop #: 3 (0x3) Aug 26 13:10:04.065228: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:04.065235: | spi size: 0 (0x0) Aug 26 13:10:04.065241: | # transforms: 13 (0xd) Aug 26 13:10:04.065249: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.065256: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.065263: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065277: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.065283: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:04.065299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065307: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.065314: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.065320: | length/value: 256 (0x100) Aug 26 13:10:04.065327: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.065338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065352: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.065358: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:04.065366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065394: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065400: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.065407: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:04.065414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065429: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065435: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065442: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065448: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.065455: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:04.065463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065477: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065484: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065497: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.065504: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:04.065512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065539: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065552: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065559: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.065567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065588: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065607: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:04.065615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065630: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065656: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:04.065664: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065678: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065684: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065704: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:04.065712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065726: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065733: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065752: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:04.065760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065774: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065781: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065787: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065804: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:04.065812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065819: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065826: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065832: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065846: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065852: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:04.065860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065874: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.065887: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.065894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.065901: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:04.065908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.065916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.065923: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.065929: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:04.065937: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.065944: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.065951: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:04.065957: | prop #: 4 (0x4) Aug 26 13:10:04.065963: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:04.065970: | spi size: 0 (0x0) Aug 26 13:10:04.065976: | # transforms: 13 (0xd) Aug 26 13:10:04.065984: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.065991: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.065998: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066011: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.066018: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:04.066025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066032: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.066039: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.066045: | length/value: 128 (0x80) Aug 26 13:10:04.066052: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.066059: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066072: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.066078: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:04.066086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066095: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066103: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066109: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066122: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.066129: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:04.066137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066151: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066158: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066171: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.066177: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:04.066185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066192: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066199: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066206: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066219: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.066226: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:04.066234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066248: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066254: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066267: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066273: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.066281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066295: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066303: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066309: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066330: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:04.066341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066356: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066376: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066383: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:04.066395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066410: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066416: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066429: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066436: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:04.066444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066458: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066465: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066484: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:04.066492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066500: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066507: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066526: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066533: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:04.066540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066554: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066561: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066574: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066580: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:04.066588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066609: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.066615: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.066622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.066629: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:04.066636: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.066644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.066651: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.066658: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:04.066668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.066675: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:10:04.066683: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:04.066690: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:04.066697: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.066704: | flags: none (0x0) Aug 26 13:10:04.066711: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.066719: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:04.066726: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.066735: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:04.066742: | ikev2 g^x 34 fc 94 fe a0 b6 8e 53 6b aa 5b a5 34 1c 32 e5 Aug 26 13:10:04.066749: | ikev2 g^x 8d 66 41 a4 d4 73 a8 6f 23 d9 65 c9 54 9c ee 54 Aug 26 13:10:04.066755: | ikev2 g^x 46 2a df 8a 33 85 d2 30 75 46 c7 b7 02 87 c9 64 Aug 26 13:10:04.066762: | ikev2 g^x b2 fa 01 3c 9e 7e 2e 59 02 84 7c 65 66 55 d2 85 Aug 26 13:10:04.066768: | ikev2 g^x 38 d1 66 8e be 6a 8e 58 30 1b e9 11 b2 bd 8d 88 Aug 26 13:10:04.066774: | ikev2 g^x 72 35 cb b3 2a 2b 04 0d 23 d5 00 43 e3 53 fb be Aug 26 13:10:04.066781: | ikev2 g^x 4e 26 8e ef d3 aa fc 5e 1d c4 cd 51 40 4b 13 a2 Aug 26 13:10:04.066787: | ikev2 g^x b3 30 ce 00 41 e5 11 e6 2f cc 05 e0 d7 fd 34 9d Aug 26 13:10:04.066793: | ikev2 g^x 20 bc cf f3 69 af 84 64 3f ba b3 54 c9 6d 4f 89 Aug 26 13:10:04.066800: | ikev2 g^x a5 b2 22 b5 86 91 6e 31 af 01 08 85 61 bc c6 6f Aug 26 13:10:04.066806: | ikev2 g^x 3f 25 af cc 8f e6 3b 8b 36 4a 30 52 0d 36 40 79 Aug 26 13:10:04.066812: | ikev2 g^x 82 d5 7d b2 fb fa f2 e8 77 68 d9 c1 b6 37 1a cc Aug 26 13:10:04.066819: | ikev2 g^x b4 08 d9 ec b4 e6 6e 4d ca 4b dd f6 ad 25 e9 35 Aug 26 13:10:04.066825: | ikev2 g^x 01 be e5 56 d4 19 15 2d 36 da 0d 60 f0 16 8b 32 Aug 26 13:10:04.066831: | ikev2 g^x 46 bf 54 86 21 2f 12 d3 a8 22 ff fe f4 1e 7e 81 Aug 26 13:10:04.066838: | ikev2 g^x 07 8a 15 45 b2 f8 50 a6 f2 9a c0 1f c2 a7 c2 43 Aug 26 13:10:04.066844: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:04.066851: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:04.066857: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:04.066864: | flags: none (0x0) Aug 26 13:10:04.066872: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:04.066879: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:04.066887: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.066894: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:04.066900: | IKEv2 nonce e6 da 2d e3 77 b4 cb 15 9c 20 9e 20 3b c4 fd a1 Aug 26 13:10:04.066907: | IKEv2 nonce de 5b 85 f6 07 80 8b 35 f8 3d ce f8 18 2c a7 55 Aug 26 13:10:04.066914: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:04.066920: | Adding a v2N Payload Aug 26 13:10:04.066927: | ***emit IKEv2 Notify Payload: Aug 26 13:10:04.066933: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.066940: | flags: none (0x0) Aug 26 13:10:04.066947: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.066953: | SPI size: 0 (0x0) Aug 26 13:10:04.066960: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:04.066968: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:04.066975: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.066985: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:04.066993: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:04.067000: | natd_hash: rcookie is zero Aug 26 13:10:04.067029: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:04.067037: | natd_hash: icookie= 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.067044: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:04.067050: | natd_hash: ip= c0 01 02 2d Aug 26 13:10:04.067056: | natd_hash: port=500 Aug 26 13:10:04.067063: | natd_hash: hash= ec 80 7d 2f 86 e2 0f 7c 90 68 62 98 c0 60 4b 57 Aug 26 13:10:04.067069: | natd_hash: hash= 07 6e a2 bb Aug 26 13:10:04.067075: | Adding a v2N Payload Aug 26 13:10:04.067082: | ***emit IKEv2 Notify Payload: Aug 26 13:10:04.067089: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.067095: | flags: none (0x0) Aug 26 13:10:04.067102: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.067108: | SPI size: 0 (0x0) Aug 26 13:10:04.067115: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:04.067123: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:04.067130: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.067138: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:04.067144: | Notify data ec 80 7d 2f 86 e2 0f 7c 90 68 62 98 c0 60 4b 57 Aug 26 13:10:04.067150: | Notify data 07 6e a2 bb Aug 26 13:10:04.067157: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:04.067163: | natd_hash: rcookie is zero Aug 26 13:10:04.067181: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:04.067188: | natd_hash: icookie= 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.067195: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:04.067201: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:04.067207: | natd_hash: port=500 Aug 26 13:10:04.067214: | natd_hash: hash= dd 30 b1 35 7f 3f 98 7d 85 c1 49 99 1c d7 2e 21 Aug 26 13:10:04.067220: | natd_hash: hash= 9d 91 77 e4 Aug 26 13:10:04.067226: | Adding a v2N Payload Aug 26 13:10:04.067232: | ***emit IKEv2 Notify Payload: Aug 26 13:10:04.067239: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.067246: | flags: none (0x0) Aug 26 13:10:04.067252: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.067258: | SPI size: 0 (0x0) Aug 26 13:10:04.067265: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:04.067273: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:04.067280: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.067306: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:04.067314: | Notify data dd 30 b1 35 7f 3f 98 7d 85 c1 49 99 1c d7 2e 21 Aug 26 13:10:04.067320: | Notify data 9d 91 77 e4 Aug 26 13:10:04.067327: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:04.067334: | emitting length of ISAKMP Message: 828 Aug 26 13:10:04.067354: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:10:04.067379: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:04.067389: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:10:04.067397: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:10:04.067405: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:10:04.067413: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:10:04.067420: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:10:04.067436: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:04.067444: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:04.067469: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:10:04.067492: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:04.067500: | 06 2e 9f aa 15 2a 96 f6 00 00 00 00 00 00 00 00 Aug 26 13:10:04.067506: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:10:04.067512: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:10:04.067519: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:10:04.067525: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:10:04.067531: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:10:04.067537: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:10:04.067543: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:10:04.067550: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:10:04.067556: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:10:04.067562: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:10:04.067569: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:10:04.067575: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:10:04.067581: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:10:04.067587: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:10:04.067593: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:10:04.067599: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:04.067605: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:10:04.067611: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:10:04.067617: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:10:04.067623: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:10:04.067630: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:10:04.067636: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:10:04.067642: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:10:04.067648: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:10:04.067654: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:10:04.067660: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:10:04.067666: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:10:04.067673: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:10:04.067680: | 28 00 01 08 00 0e 00 00 34 fc 94 fe a0 b6 8e 53 Aug 26 13:10:04.067686: | 6b aa 5b a5 34 1c 32 e5 8d 66 41 a4 d4 73 a8 6f Aug 26 13:10:04.067692: | 23 d9 65 c9 54 9c ee 54 46 2a df 8a 33 85 d2 30 Aug 26 13:10:04.067698: | 75 46 c7 b7 02 87 c9 64 b2 fa 01 3c 9e 7e 2e 59 Aug 26 13:10:04.067704: | 02 84 7c 65 66 55 d2 85 38 d1 66 8e be 6a 8e 58 Aug 26 13:10:04.067710: | 30 1b e9 11 b2 bd 8d 88 72 35 cb b3 2a 2b 04 0d Aug 26 13:10:04.067716: | 23 d5 00 43 e3 53 fb be 4e 26 8e ef d3 aa fc 5e Aug 26 13:10:04.067722: | 1d c4 cd 51 40 4b 13 a2 b3 30 ce 00 41 e5 11 e6 Aug 26 13:10:04.067728: | 2f cc 05 e0 d7 fd 34 9d 20 bc cf f3 69 af 84 64 Aug 26 13:10:04.067734: | 3f ba b3 54 c9 6d 4f 89 a5 b2 22 b5 86 91 6e 31 Aug 26 13:10:04.067741: | af 01 08 85 61 bc c6 6f 3f 25 af cc 8f e6 3b 8b Aug 26 13:10:04.067747: | 36 4a 30 52 0d 36 40 79 82 d5 7d b2 fb fa f2 e8 Aug 26 13:10:04.067753: | 77 68 d9 c1 b6 37 1a cc b4 08 d9 ec b4 e6 6e 4d Aug 26 13:10:04.067759: | ca 4b dd f6 ad 25 e9 35 01 be e5 56 d4 19 15 2d Aug 26 13:10:04.067766: | 36 da 0d 60 f0 16 8b 32 46 bf 54 86 21 2f 12 d3 Aug 26 13:10:04.067772: | a8 22 ff fe f4 1e 7e 81 07 8a 15 45 b2 f8 50 a6 Aug 26 13:10:04.067778: | f2 9a c0 1f c2 a7 c2 43 29 00 00 24 e6 da 2d e3 Aug 26 13:10:04.067787: | 77 b4 cb 15 9c 20 9e 20 3b c4 fd a1 de 5b 85 f6 Aug 26 13:10:04.067793: | 07 80 8b 35 f8 3d ce f8 18 2c a7 55 29 00 00 08 Aug 26 13:10:04.067800: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ec 80 7d 2f Aug 26 13:10:04.067806: | 86 e2 0f 7c 90 68 62 98 c0 60 4b 57 07 6e a2 bb Aug 26 13:10:04.067812: | 00 00 00 1c 00 00 40 05 dd 30 b1 35 7f 3f 98 7d Aug 26 13:10:04.067818: | 85 c1 49 99 1c d7 2e 21 9d 91 77 e4 Aug 26 13:10:04.067889: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:04.067900: | libevent_free: release ptr-libevent@0x560d9b1ab0e8 Aug 26 13:10:04.067909: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560d9b1ab078 Aug 26 13:10:04.067917: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:04.067925: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:10:04.067942: | event_schedule: new EVENT_RETRANSMIT-pe@0x560d9b1ab078 Aug 26 13:10:04.067952: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:10:04.067960: | libevent_malloc: new ptr-libevent@0x560d9b1ab0e8 size 128 Aug 26 13:10:04.067972: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10289.810406 Aug 26 13:10:04.067982: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:10:04.067995: | #1 spent 4.3 milliseconds in resume sending helper answer Aug 26 13:10:04.068007: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:04.068016: | libevent_free: release ptr-libevent@0x7f8388002888 Aug 26 13:10:04.072187: | spent 0.00415 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:04.072225: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:10:04.072232: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.072238: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:10:04.072243: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:10:04.072248: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:10:04.072253: | 04 00 00 0e 28 00 01 08 00 0e 00 00 3e c5 d1 47 Aug 26 13:10:04.072258: | 2f e8 74 8c a1 1d d4 ad cb a8 a0 d2 b7 93 40 b7 Aug 26 13:10:04.072263: | 84 67 f4 ae d3 a3 d3 db 43 21 f6 c5 5c df 3e ec Aug 26 13:10:04.072268: | 12 a4 e1 13 31 47 41 90 a1 9b d6 8c e6 f6 59 d8 Aug 26 13:10:04.072274: | b5 ec 0a 4d 60 08 56 e5 c7 1c d9 ea 94 48 48 9a Aug 26 13:10:04.072279: | 9f a2 99 db dc bb d3 e9 90 b7 d9 39 1e 31 d9 80 Aug 26 13:10:04.072284: | fa e3 d4 41 f0 54 9b 23 ae 82 f4 19 55 f0 70 08 Aug 26 13:10:04.072294: | ce 0a 2f 39 cb 4d e4 6b 1f fb 60 b3 bc 58 16 38 Aug 26 13:10:04.072302: | 47 c4 41 e6 ef cb 7b f1 07 52 0f a6 0a b9 60 b6 Aug 26 13:10:04.072307: | 30 6e 1e be b7 eb 36 84 25 ec c3 47 2b 39 15 74 Aug 26 13:10:04.072312: | 9f 1b d3 5b 5c 22 7f 1b 6d 9c b7 1d aa 54 b1 96 Aug 26 13:10:04.072317: | 2d 93 c8 d6 55 f4 b6 a3 b4 8f e9 c0 34 a1 c2 92 Aug 26 13:10:04.072322: | 1d c3 a6 bc ba 17 41 9c 0a a2 3b c3 0e 8a f1 22 Aug 26 13:10:04.072327: | ef e3 1e 29 e8 d5 cc 68 90 9a 75 63 80 24 5c 3c Aug 26 13:10:04.072332: | e9 d0 7c 84 0a 54 5f 90 34 82 7e 31 90 cf 20 45 Aug 26 13:10:04.072338: | 73 f7 82 ba 1c 49 91 45 d7 2b 18 b5 4f 9a 53 bc Aug 26 13:10:04.072343: | d4 f1 4e 82 0c e9 bd 0d af e2 7c b6 29 00 00 24 Aug 26 13:10:04.072348: | ba a4 e4 89 4a 87 fa 67 41 db d1 9b bc 8f c2 7d Aug 26 13:10:04.072353: | 2c b5 22 91 73 b6 0f 01 8a bb d5 ef 56 0f 09 7c Aug 26 13:10:04.072358: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:10:04.072363: | 17 29 34 68 cc a1 b2 7c e4 5a 91 ed d3 24 4b 80 Aug 26 13:10:04.072368: | f3 73 82 b0 00 00 00 1c 00 00 40 05 58 64 f7 c8 Aug 26 13:10:04.072377: | 4b d7 3c 7a 77 68 0f c3 4e bd 50 63 58 42 40 c7 Aug 26 13:10:04.072386: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:04.072393: | **parse ISAKMP Message: Aug 26 13:10:04.072399: | initiator cookie: Aug 26 13:10:04.072404: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.072409: | responder cookie: Aug 26 13:10:04.072414: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.072420: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:04.072425: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:04.072431: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:04.072437: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:04.072442: | Message ID: 0 (0x0) Aug 26 13:10:04.072447: | length: 432 (0x1b0) Aug 26 13:10:04.072453: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:10:04.072461: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:10:04.072468: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:10:04.072480: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:04.072490: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:04.072495: | #1 is idle Aug 26 13:10:04.072500: | #1 idle Aug 26 13:10:04.072505: | unpacking clear payload Aug 26 13:10:04.072511: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:04.072517: | ***parse IKEv2 Security Association Payload: Aug 26 13:10:04.072522: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:04.072528: | flags: none (0x0) Aug 26 13:10:04.072533: | length: 40 (0x28) Aug 26 13:10:04.072539: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:10:04.072544: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:04.072549: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:10:04.072555: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:04.072560: | flags: none (0x0) Aug 26 13:10:04.072565: | length: 264 (0x108) Aug 26 13:10:04.072570: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.072576: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:10:04.072582: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:04.072587: | ***parse IKEv2 Nonce Payload: Aug 26 13:10:04.072593: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:04.072598: | flags: none (0x0) Aug 26 13:10:04.072603: | length: 36 (0x24) Aug 26 13:10:04.072608: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:04.072613: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:04.072619: | ***parse IKEv2 Notify Payload: Aug 26 13:10:04.072624: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:04.072630: | flags: none (0x0) Aug 26 13:10:04.072635: | length: 8 (0x8) Aug 26 13:10:04.072640: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.072645: | SPI size: 0 (0x0) Aug 26 13:10:04.072651: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:04.072656: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:10:04.072662: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:04.072667: | ***parse IKEv2 Notify Payload: Aug 26 13:10:04.072672: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:04.072677: | flags: none (0x0) Aug 26 13:10:04.072682: | length: 28 (0x1c) Aug 26 13:10:04.072688: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.072693: | SPI size: 0 (0x0) Aug 26 13:10:04.072698: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:04.072704: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:04.072709: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:04.072715: | ***parse IKEv2 Notify Payload: Aug 26 13:10:04.072720: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.072728: | flags: none (0x0) Aug 26 13:10:04.072734: | length: 28 (0x1c) Aug 26 13:10:04.072739: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:04.072744: | SPI size: 0 (0x0) Aug 26 13:10:04.072749: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:04.072755: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:04.072761: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:10:04.072771: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:04.072776: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:04.072782: | Now let's proceed with state specific processing Aug 26 13:10:04.072787: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:04.072795: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:10:04.072826: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:04.072834: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:10:04.072841: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:04.072846: | local proposal 1 type PRF has 2 transforms Aug 26 13:10:04.072852: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:04.072857: | local proposal 1 type DH has 8 transforms Aug 26 13:10:04.072862: | local proposal 1 type ESN has 0 transforms Aug 26 13:10:04.072869: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:04.072875: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:04.072880: | local proposal 2 type PRF has 2 transforms Aug 26 13:10:04.072885: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:04.072891: | local proposal 2 type DH has 8 transforms Aug 26 13:10:04.072896: | local proposal 2 type ESN has 0 transforms Aug 26 13:10:04.072902: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:04.072908: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:04.072913: | local proposal 3 type PRF has 2 transforms Aug 26 13:10:04.072918: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:04.072924: | local proposal 3 type DH has 8 transforms Aug 26 13:10:04.072929: | local proposal 3 type ESN has 0 transforms Aug 26 13:10:04.072935: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:04.072941: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:04.072946: | local proposal 4 type PRF has 2 transforms Aug 26 13:10:04.072951: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:04.072957: | local proposal 4 type DH has 8 transforms Aug 26 13:10:04.072962: | local proposal 4 type ESN has 0 transforms Aug 26 13:10:04.072969: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:04.072975: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.072980: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:04.072986: | length: 36 (0x24) Aug 26 13:10:04.072991: | prop #: 1 (0x1) Aug 26 13:10:04.072996: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:04.073001: | spi size: 0 (0x0) Aug 26 13:10:04.073006: | # transforms: 3 (0x3) Aug 26 13:10:04.073013: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:10:04.073026: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:04.073032: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.073037: | length: 12 (0xc) Aug 26 13:10:04.073042: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.073048: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.073053: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.073059: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.073065: | length/value: 256 (0x100) Aug 26 13:10:04.073073: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:04.073079: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:04.073085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.073090: | length: 8 (0x8) Aug 26 13:10:04.073095: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:04.073101: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:04.073108: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:10:04.073114: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:04.073119: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.073124: | length: 8 (0x8) Aug 26 13:10:04.073130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:04.073135: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:04.073142: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:04.073150: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:10:04.073159: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:10:04.073177: | remote proposal 1 matches local proposal 1 Aug 26 13:10:04.073183: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:10:04.073187: | converting proposal to internal trans attrs Aug 26 13:10:04.073205: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:04.073211: | natd_hash: icookie= 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.073215: | natd_hash: rcookie= 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.073219: | natd_hash: ip= c0 01 02 2d Aug 26 13:10:04.073224: | natd_hash: port=500 Aug 26 13:10:04.073228: | natd_hash: hash= 58 64 f7 c8 4b d7 3c 7a 77 68 0f c3 4e bd 50 63 Aug 26 13:10:04.073232: | natd_hash: hash= 58 42 40 c7 Aug 26 13:10:04.073243: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:04.073248: | natd_hash: icookie= 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.073252: | natd_hash: rcookie= 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.073256: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:04.073260: | natd_hash: port=500 Aug 26 13:10:04.073264: | natd_hash: hash= 17 29 34 68 cc a1 b2 7c e4 5a 91 ed d3 24 4b 80 Aug 26 13:10:04.073269: | natd_hash: hash= f3 73 82 b0 Aug 26 13:10:04.073273: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:10:04.073277: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:10:04.073281: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:10:04.073294: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:10:04.073301: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:10:04.073307: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:10:04.073313: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:04.073318: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:10:04.073323: | libevent_free: release ptr-libevent@0x560d9b1ab0e8 Aug 26 13:10:04.073330: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560d9b1ab078 Aug 26 13:10:04.073336: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560d9b1ab078 Aug 26 13:10:04.073342: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:04.073347: | libevent_malloc: new ptr-libevent@0x560d9b1aae58 size 128 Aug 26 13:10:04.073366: | #1 spent 0.564 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:10:04.073375: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:04.073382: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:10:04.073386: | suspending state #1 and saving MD Aug 26 13:10:04.073391: | #1 is busy; has a suspended MD Aug 26 13:10:04.073398: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:04.073405: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:04.073407: | crypto helper 1 resuming Aug 26 13:10:04.073426: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:10:04.073413: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:04.073434: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:10:04.073445: | #1 spent 1.22 milliseconds in ikev2_process_packet() Aug 26 13:10:04.073453: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:04.073459: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:04.073463: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:04.073470: | spent 1.24 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:04.074312: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:10:04.074751: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001317 seconds Aug 26 13:10:04.074761: | (#1) spent 1.31 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:10:04.074765: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:10:04.074768: | scheduling resume sending helper answer for #1 Aug 26 13:10:04.074772: | libevent_malloc: new ptr-libevent@0x7f8380000f48 size 128 Aug 26 13:10:04.074781: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:04.074793: | processing resume sending helper answer for #1 Aug 26 13:10:04.074804: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:04.074811: | crypto helper 1 replies to request ID 2 Aug 26 13:10:04.074816: | calling continuation function 0x560d992b4b50 Aug 26 13:10:04.074821: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:10:04.074833: | creating state object #2 at 0x560d9b1adcf8 Aug 26 13:10:04.074838: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:10:04.074844: | pstats #2 ikev2.child started Aug 26 13:10:04.074849: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:10:04.074857: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:04.074867: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:04.074875: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:10:04.074883: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:04.074888: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:04.074894: | libevent_free: release ptr-libevent@0x560d9b1aae58 Aug 26 13:10:04.074899: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560d9b1ab078 Aug 26 13:10:04.074904: | event_schedule: new EVENT_SA_REPLACE-pe@0x560d9b1ab078 Aug 26 13:10:04.074913: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:10:04.074918: | libevent_malloc: new ptr-libevent@0x560d9b1aae58 size 128 Aug 26 13:10:04.074925: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:10:04.074933: | **emit ISAKMP Message: Aug 26 13:10:04.074938: | initiator cookie: Aug 26 13:10:04.074942: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.074946: | responder cookie: Aug 26 13:10:04.074950: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.074955: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:04.074960: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:04.074965: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:04.074969: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:04.074974: | Message ID: 1 (0x1) Aug 26 13:10:04.074979: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:04.074984: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:04.074989: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.074993: | flags: none (0x0) Aug 26 13:10:04.074998: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:04.075004: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.075009: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:04.075021: | IKEv2 CERT: send a certificate? Aug 26 13:10:04.075027: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:10:04.075032: | IDr payload will be sent Aug 26 13:10:04.075055: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:10:04.075061: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.075065: | flags: none (0x0) Aug 26 13:10:04.075070: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:10:04.075076: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:10:04.075081: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.075086: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:10:04.075091: | my identity c0 01 02 2d Aug 26 13:10:04.075096: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:10:04.075110: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:10:04.075116: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:04.075120: | flags: none (0x0) Aug 26 13:10:04.075125: | ID type: ID_FQDN (0x2) Aug 26 13:10:04.075130: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:10:04.075136: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:10:04.075141: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.075146: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:10:04.075150: | IDr 65 61 73 74 Aug 26 13:10:04.075155: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:10:04.075159: | not sending INITIAL_CONTACT Aug 26 13:10:04.075164: | ****emit IKEv2 Authentication Payload: Aug 26 13:10:04.075169: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.075173: | flags: none (0x0) Aug 26 13:10:04.075178: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:10:04.075183: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:10:04.075191: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.075197: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:10:04.075205: | started looking for secret for 192.1.2.45->@east of kind PKK_PSK Aug 26 13:10:04.075211: | actually looking for secret for 192.1.2.45->@east of kind PKK_PSK Aug 26 13:10:04.075218: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Aug 26 13:10:04.075225: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Aug 26 13:10:04.075230: | 2: compared key @east to 192.1.2.45 / @east -> 014 Aug 26 13:10:04.075235: | line 1: match=014 Aug 26 13:10:04.075240: | match 014 beats previous best_match 000 match=0x560d9b101c48 (line=1) Aug 26 13:10:04.075245: | concluding with best_match=014 best=0x560d9b101c48 (lineno=1) Aug 26 13:10:04.075360: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:10:04.075371: | PSK auth 18 9c 1b 3b 11 a7 0d cb b7 66 30 db 8e 69 e9 e3 Aug 26 13:10:04.075376: | PSK auth 21 9b 12 ac 0e b3 a9 2c 91 9d 91 7e c2 0b 63 f4 Aug 26 13:10:04.075380: | PSK auth dd 6a be 4e 1e ca 1f 8d c1 5d 15 2e b6 05 d4 b0 Aug 26 13:10:04.075384: | PSK auth 25 f4 af 62 08 d2 13 56 7b d0 f9 b2 1e 12 48 2d Aug 26 13:10:04.075389: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:10:04.075394: | getting first pending from state #1 Aug 26 13:10:04.075423: | netlink_get_spi: allocated 0x935f0ddb for esp.0@192.1.2.45 Aug 26 13:10:04.075431: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:10:04.075441: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:10:04.075449: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:04.075455: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:10:04.075462: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:04.075467: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:04.075475: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:04.075480: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:04.075487: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:04.075501: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:04.075514: | Emitting ikev2_proposals ... Aug 26 13:10:04.075520: | ****emit IKEv2 Security Association Payload: Aug 26 13:10:04.075525: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.075529: | flags: none (0x0) Aug 26 13:10:04.075535: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:04.075540: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.075545: | discarding INTEG=NONE Aug 26 13:10:04.075549: | discarding DH=NONE Aug 26 13:10:04.075553: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.075558: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.075562: | prop #: 1 (0x1) Aug 26 13:10:04.075567: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:04.075571: | spi size: 4 (0x4) Aug 26 13:10:04.075576: | # transforms: 2 (0x2) Aug 26 13:10:04.075581: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.075590: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:04.075595: | our spi 93 5f 0d db Aug 26 13:10:04.075599: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075609: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.075614: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.075619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075624: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.075629: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.075633: | length/value: 256 (0x100) Aug 26 13:10:04.075638: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.075642: | discarding INTEG=NONE Aug 26 13:10:04.075646: | discarding DH=NONE Aug 26 13:10:04.075651: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075656: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.075660: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:04.075665: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:04.075670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075680: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.075684: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:10:04.075690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.075694: | discarding INTEG=NONE Aug 26 13:10:04.075698: | discarding DH=NONE Aug 26 13:10:04.075702: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.075707: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.075712: | prop #: 2 (0x2) Aug 26 13:10:04.075716: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:04.075720: | spi size: 4 (0x4) Aug 26 13:10:04.075725: | # transforms: 2 (0x2) Aug 26 13:10:04.075730: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.075735: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.075741: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:04.075745: | our spi 93 5f 0d db Aug 26 13:10:04.075749: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075758: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.075763: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.075768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075772: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.075777: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.075781: | length/value: 128 (0x80) Aug 26 13:10:04.075786: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.075790: | discarding INTEG=NONE Aug 26 13:10:04.075794: | discarding DH=NONE Aug 26 13:10:04.075799: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075803: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.075808: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:04.075813: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:04.075818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075830: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.075835: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:10:04.075840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.075844: | discarding DH=NONE Aug 26 13:10:04.075848: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.075853: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.075857: | prop #: 3 (0x3) Aug 26 13:10:04.075861: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:04.075866: | spi size: 4 (0x4) Aug 26 13:10:04.075870: | # transforms: 4 (0x4) Aug 26 13:10:04.075875: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.075880: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.075885: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:04.075890: | our spi 93 5f 0d db Aug 26 13:10:04.075894: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075903: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.075908: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:04.075913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075918: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.075922: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.075927: | length/value: 256 (0x100) Aug 26 13:10:04.075931: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.075936: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075945: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.075949: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:04.075955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075964: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.075969: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.075973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075978: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.075982: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:04.075987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.075992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.075997: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.076001: | discarding DH=NONE Aug 26 13:10:04.076006: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.076010: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.076015: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:04.076020: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:04.076025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.076037: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.076041: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:10:04.076046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.076050: | discarding DH=NONE Aug 26 13:10:04.076055: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.076059: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:04.076064: | prop #: 4 (0x4) Aug 26 13:10:04.076068: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:04.076072: | spi size: 4 (0x4) Aug 26 13:10:04.076077: | # transforms: 4 (0x4) Aug 26 13:10:04.076082: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:04.076087: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:04.076092: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:04.076096: | our spi 93 5f 0d db Aug 26 13:10:04.076101: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.076105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076110: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.076114: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:04.076119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.076124: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.076129: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.076133: | length/value: 128 (0x80) Aug 26 13:10:04.076138: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:04.076143: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.076147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076151: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.076156: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:04.076161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.076171: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.076175: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.076180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076184: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:04.076189: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:04.076194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.076203: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.076207: | discarding DH=NONE Aug 26 13:10:04.076212: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:04.076216: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.076221: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:04.076226: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:04.076231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.076236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:04.076243: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:04.076247: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:10:04.076252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:04.076256: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:10:04.076261: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:04.076267: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:04.076272: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.076276: | flags: none (0x0) Aug 26 13:10:04.076280: | number of TS: 1 (0x1) Aug 26 13:10:04.076286: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:10:04.076300: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.076305: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:04.076310: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:04.076314: | IP Protocol ID: 0 (0x0) Aug 26 13:10:04.076318: | start port: 0 (0x0) Aug 26 13:10:04.076323: | end port: 65535 (0xffff) Aug 26 13:10:04.076328: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:04.076333: | ipv4 start c0 00 01 00 Aug 26 13:10:04.076338: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:04.076342: | ipv4 end c0 00 01 ff Aug 26 13:10:04.076347: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:04.076352: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:10:04.076356: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:04.076361: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.076365: | flags: none (0x0) Aug 26 13:10:04.076369: | number of TS: 1 (0x1) Aug 26 13:10:04.076375: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:10:04.076380: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:04.076384: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:04.076389: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:04.076393: | IP Protocol ID: 0 (0x0) Aug 26 13:10:04.076398: | start port: 0 (0x0) Aug 26 13:10:04.076402: | end port: 65535 (0xffff) Aug 26 13:10:04.076407: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:04.076411: | ipv4 start c0 00 02 00 Aug 26 13:10:04.076416: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:04.076420: | ipv4 end c0 00 02 ff Aug 26 13:10:04.076424: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:04.076429: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:10:04.076434: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:10:04.076439: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:04.076444: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:04.076449: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:04.076454: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:04.076459: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:10:04.076464: | emitting length of ISAKMP Message: 365 Aug 26 13:10:04.076485: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:04.076496: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:04.076502: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:10:04.076508: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:10:04.076513: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:10:04.076518: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:10:04.076526: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:10:04.076535: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:10:04.076543: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:10:04.076557: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:10:04.076567: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:04.076572: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.076576: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:10:04.076580: | e4 1f 99 bc 44 e2 ff 68 a7 c3 3a 68 8b af 20 be Aug 26 13:10:04.076584: | c2 37 03 f2 ff 8e a6 74 6b 86 e0 cc b0 cf eb 88 Aug 26 13:10:04.076589: | 20 a9 a1 28 eb be 82 fc 9b ae 79 b8 1f 84 ba 87 Aug 26 13:10:04.076593: | 71 1b 1c 3b f6 65 42 4f e4 d3 c9 92 db 06 81 57 Aug 26 13:10:04.076597: | 87 97 06 ea cc 63 39 78 88 8c 5e e7 f3 6c d1 90 Aug 26 13:10:04.076601: | 2a 36 0e b3 01 2f 18 bc 74 de ad bc 4a fd 2e 49 Aug 26 13:10:04.076605: | 19 de 1b 5f 28 02 2f 45 5a b0 4c a0 51 11 f0 b8 Aug 26 13:10:04.076609: | f4 34 47 b2 4a 0b 9c b5 8d ca b4 94 7a 90 e0 f6 Aug 26 13:10:04.076613: | b8 7d da f8 a9 b6 19 ea 41 c4 2a 7a b9 3f 0d 1a Aug 26 13:10:04.076618: | 1e f1 eb f8 6c a9 b6 75 ca 00 b8 fa bb 8d ec c6 Aug 26 13:10:04.076622: | 5b 6f 51 a3 e6 4d 45 36 14 b1 4c 76 da 10 d4 be Aug 26 13:10:04.076626: | 35 bf 11 8c 3e ed b8 07 84 c8 65 04 0b 20 38 5a Aug 26 13:10:04.076630: | 9a de b0 5d 61 4d f0 1d c1 9c a6 d9 27 ab ad e2 Aug 26 13:10:04.076635: | 2f 93 18 68 4d 15 45 e8 df b5 f1 dd 26 63 39 4f Aug 26 13:10:04.076639: | c8 73 27 26 6f 5e 4e 6a 21 93 50 26 95 8f 48 e0 Aug 26 13:10:04.076643: | 07 4b 60 9b 56 d1 74 bb 80 e9 b7 71 d6 96 e3 0d Aug 26 13:10:04.076647: | 13 9b 71 dd 51 56 86 c3 44 d8 76 fd 00 25 09 6a Aug 26 13:10:04.076651: | 0c 26 bb eb a3 de f7 c8 c2 d0 ec a6 4d de 40 48 Aug 26 13:10:04.076656: | 0b 08 ea 31 c1 67 2a 87 78 50 d2 19 1c 01 96 04 Aug 26 13:10:04.076660: | f0 d4 e3 21 07 ef c0 62 1e 9d 6a 5f eb 02 b0 9e Aug 26 13:10:04.076664: | 22 3c f4 0f 1d 0d 38 fa 30 84 67 97 a5 Aug 26 13:10:04.076702: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:04.076708: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:10:04.076719: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8388002b78 Aug 26 13:10:04.076726: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:10:04.076731: | libevent_malloc: new ptr-libevent@0x560d9b1ae9c8 size 128 Aug 26 13:10:04.076740: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10289.819184 Aug 26 13:10:04.076746: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:04.076754: | #1 spent 1.91 milliseconds in resume sending helper answer Aug 26 13:10:04.076763: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:04.076771: | libevent_free: release ptr-libevent@0x7f8380000f48 Aug 26 13:10:04.110550: | spent 0.00318 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:04.110573: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:10:04.110578: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.110580: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:10:04.110583: | 87 a2 18 02 4c f3 34 65 25 0e 38 8e be 9c d0 ba Aug 26 13:10:04.110585: | 0a 4b f1 74 e2 10 97 90 ee b6 ca 61 11 a8 30 b7 Aug 26 13:10:04.110588: | 93 cb 8a 80 e4 55 f3 1c f3 25 3f c8 7b c5 2d 9c Aug 26 13:10:04.110591: | 47 05 ac 36 85 55 9e 45 25 b8 a6 1f a9 5f ff ea Aug 26 13:10:04.110593: | 42 0b f1 fb 7e 6e c8 78 21 70 47 af a9 db b3 ba Aug 26 13:10:04.110595: | 49 d9 3a 07 de c9 56 b0 84 8c 1b 91 19 8d dd b5 Aug 26 13:10:04.110598: | 8b 4d 46 1a 88 5f 14 c3 bc e6 d1 56 ab 72 33 9c Aug 26 13:10:04.110601: | 44 4b 1c f5 9a 32 0c 66 b6 ac 3c af cd bf bc 5c Aug 26 13:10:04.110603: | bf 3c 4c 7a 69 26 64 70 e4 d9 63 a7 3d e1 9e 5e Aug 26 13:10:04.110606: | 67 f6 f3 d5 66 d1 ed 9f 0a 65 2d 76 7a 61 6d a0 Aug 26 13:10:04.110608: | 4f 1f 51 62 02 7d da 7f 83 de 14 7e ac 48 b1 b8 Aug 26 13:10:04.110611: | 4f 11 21 b3 c7 e5 a0 34 f8 cb e5 dc a0 80 2f 79 Aug 26 13:10:04.110613: | 60 Aug 26 13:10:04.110618: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:04.110622: | **parse ISAKMP Message: Aug 26 13:10:04.110625: | initiator cookie: Aug 26 13:10:04.110628: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:04.110631: | responder cookie: Aug 26 13:10:04.110633: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:04.110636: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:04.110639: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:04.110642: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:04.110645: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:04.110647: | Message ID: 1 (0x1) Aug 26 13:10:04.110650: | length: 225 (0xe1) Aug 26 13:10:04.110653: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:04.110657: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:10:04.110661: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:10:04.110668: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:04.110671: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:10:04.110676: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:04.110681: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:04.110684: | #2 is idle Aug 26 13:10:04.110686: | #2 idle Aug 26 13:10:04.110689: | unpacking clear payload Aug 26 13:10:04.110692: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:04.110695: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:04.110698: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:10:04.110701: | flags: none (0x0) Aug 26 13:10:04.110703: | length: 197 (0xc5) Aug 26 13:10:04.110706: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:10:04.110709: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:10:04.110724: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:10:04.110728: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:10:04.110731: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:10:04.110734: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:04.110737: | flags: none (0x0) Aug 26 13:10:04.110739: | length: 12 (0xc) Aug 26 13:10:04.110742: | ID type: ID_FQDN (0x2) Aug 26 13:10:04.110747: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:10:04.110750: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:10:04.110753: | **parse IKEv2 Authentication Payload: Aug 26 13:10:04.110756: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:04.110758: | flags: none (0x0) Aug 26 13:10:04.110761: | length: 72 (0x48) Aug 26 13:10:04.110764: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:10:04.110767: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:10:04.110769: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:04.110772: | **parse IKEv2 Security Association Payload: Aug 26 13:10:04.110775: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:10:04.110778: | flags: none (0x0) Aug 26 13:10:04.110780: | length: 36 (0x24) Aug 26 13:10:04.110783: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:10:04.110785: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:10:04.110788: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:04.110790: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:10:04.110793: | flags: none (0x0) Aug 26 13:10:04.110795: | length: 24 (0x18) Aug 26 13:10:04.110798: | number of TS: 1 (0x1) Aug 26 13:10:04.110801: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:10:04.110804: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:10:04.110807: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:04.110809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:04.110811: | flags: none (0x0) Aug 26 13:10:04.110814: | length: 24 (0x18) Aug 26 13:10:04.110816: | number of TS: 1 (0x1) Aug 26 13:10:04.110819: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:10:04.110822: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:10:04.110825: | Now let's proceed with state specific processing Aug 26 13:10:04.110828: | calling processor Initiator: process IKE_AUTH response Aug 26 13:10:04.110834: | offered CA: '%none' Aug 26 13:10:04.110838: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:10:04.110876: | verifying AUTH payload Aug 26 13:10:04.110882: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:10:04.110900: | started looking for secret for 192.1.2.45->@east of kind PKK_PSK Aug 26 13:10:04.110904: | actually looking for secret for 192.1.2.45->@east of kind PKK_PSK Aug 26 13:10:04.110908: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Aug 26 13:10:04.110912: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Aug 26 13:10:04.110916: | 2: compared key @east to 192.1.2.45 / @east -> 014 Aug 26 13:10:04.110918: | line 1: match=014 Aug 26 13:10:04.110922: | match 014 beats previous best_match 000 match=0x560d9b101c48 (line=1) Aug 26 13:10:04.110925: | concluding with best_match=014 best=0x560d9b101c48 (lineno=1) Aug 26 13:10:04.110988: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 13:10:04.110999: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:10:04.111018: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:10:04.111021: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:10:04.111025: | libevent_free: release ptr-libevent@0x560d9b1aae58 Aug 26 13:10:04.111029: | free_event_entry: release EVENT_SA_REPLACE-pe@0x560d9b1ab078 Aug 26 13:10:04.111032: | event_schedule: new EVENT_SA_REKEY-pe@0x560d9b1ab078 Aug 26 13:10:04.111036: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:10:04.111039: | libevent_malloc: new ptr-libevent@0x7f8380000f48 size 128 Aug 26 13:10:04.111109: | pstats #1 ikev2.ike established Aug 26 13:10:04.111115: | TSi: parsing 1 traffic selectors Aug 26 13:10:04.111119: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:04.111122: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:04.111125: | IP Protocol ID: 0 (0x0) Aug 26 13:10:04.111129: | length: 16 (0x10) Aug 26 13:10:04.111132: | start port: 0 (0x0) Aug 26 13:10:04.111135: | end port: 65535 (0xffff) Aug 26 13:10:04.111138: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:04.111140: | TS low c0 00 01 00 Aug 26 13:10:04.111143: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:04.111146: | TS high c0 00 01 ff Aug 26 13:10:04.111149: | TSi: parsed 1 traffic selectors Aug 26 13:10:04.111152: | TSr: parsing 1 traffic selectors Aug 26 13:10:04.111155: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:04.111158: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:04.111160: | IP Protocol ID: 0 (0x0) Aug 26 13:10:04.111163: | length: 16 (0x10) Aug 26 13:10:04.111166: | start port: 0 (0x0) Aug 26 13:10:04.111168: | end port: 65535 (0xffff) Aug 26 13:10:04.111171: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:04.111174: | TS low c0 00 02 00 Aug 26 13:10:04.111177: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:04.111179: | TS high c0 00 02 ff Aug 26 13:10:04.111182: | TSr: parsed 1 traffic selectors Aug 26 13:10:04.111188: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:10:04.111193: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:04.111199: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:10:04.111203: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:04.111206: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:04.111209: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:04.111213: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:04.111218: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:04.111225: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:10:04.111229: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:04.111232: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:04.111235: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:04.111239: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:04.111242: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:04.111245: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:10:04.111248: | printing contents struct traffic_selector Aug 26 13:10:04.111251: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:10:04.111254: | ipprotoid: 0 Aug 26 13:10:04.111257: | port range: 0-65535 Aug 26 13:10:04.111262: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:10:04.111265: | printing contents struct traffic_selector Aug 26 13:10:04.111267: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:10:04.111270: | ipprotoid: 0 Aug 26 13:10:04.111272: | port range: 0-65535 Aug 26 13:10:04.111276: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:10:04.111293: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:04.111300: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:10:04.111304: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:04.111307: | local proposal 1 type PRF has 0 transforms Aug 26 13:10:04.111309: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:04.111312: | local proposal 1 type DH has 1 transforms Aug 26 13:10:04.111314: | local proposal 1 type ESN has 1 transforms Aug 26 13:10:04.111318: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:04.111323: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:04.111326: | local proposal 2 type PRF has 0 transforms Aug 26 13:10:04.111329: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:04.111331: | local proposal 2 type DH has 1 transforms Aug 26 13:10:04.111334: | local proposal 2 type ESN has 1 transforms Aug 26 13:10:04.111337: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:04.111339: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:04.111342: | local proposal 3 type PRF has 0 transforms Aug 26 13:10:04.111345: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:04.111347: | local proposal 3 type DH has 1 transforms Aug 26 13:10:04.111350: | local proposal 3 type ESN has 1 transforms Aug 26 13:10:04.111353: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:04.111356: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:04.111358: | local proposal 4 type PRF has 0 transforms Aug 26 13:10:04.111361: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:04.111364: | local proposal 4 type DH has 1 transforms Aug 26 13:10:04.111366: | local proposal 4 type ESN has 1 transforms Aug 26 13:10:04.111369: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:04.111372: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:04.111375: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:04.111378: | length: 32 (0x20) Aug 26 13:10:04.111393: | prop #: 1 (0x1) Aug 26 13:10:04.111396: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:04.111398: | spi size: 4 (0x4) Aug 26 13:10:04.111401: | # transforms: 2 (0x2) Aug 26 13:10:04.111404: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:04.111407: | remote SPI 90 9f 43 c1 Aug 26 13:10:04.111411: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:10:04.111414: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:04.111417: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:04.111419: | length: 12 (0xc) Aug 26 13:10:04.111422: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:04.111424: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:04.111427: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:04.111430: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:04.111432: | length/value: 256 (0x100) Aug 26 13:10:04.111451: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:04.111454: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:04.111456: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:04.111458: | length: 8 (0x8) Aug 26 13:10:04.111459: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:04.111461: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:04.111463: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:10:04.111466: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:10:04.111469: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:10:04.111470: | remote proposal 1 matches local proposal 1 Aug 26 13:10:04.111473: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:10:04.111476: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=909f43c1;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:10:04.111478: | converting proposal to internal trans attrs Aug 26 13:10:04.111482: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:10:04.111587: | #1 spent 1.02 milliseconds Aug 26 13:10:04.111591: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:10:04.111594: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:10:04.111597: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:04.111600: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:10:04.111602: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:10:04.111604: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:10:04.111607: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:04.111609: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:04.111611: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:04.111613: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:04.111616: | setting IPsec SA replay-window to 32 Aug 26 13:10:04.111618: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:10:04.111621: | netlink: enabling tunnel mode Aug 26 13:10:04.111623: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:04.111624: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:04.111688: | netlink response for Add SA esp.909f43c1@192.1.2.23 included non-error error Aug 26 13:10:04.111691: | set up outgoing SA, ref=0/0 Aug 26 13:10:04.111693: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:04.111695: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:04.111697: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:04.111699: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:04.111701: | setting IPsec SA replay-window to 32 Aug 26 13:10:04.111703: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:10:04.111705: | netlink: enabling tunnel mode Aug 26 13:10:04.111707: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:04.111708: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:04.111734: | netlink response for Add SA esp.935f0ddb@192.1.2.45 included non-error error Aug 26 13:10:04.111737: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:04.111741: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:10:04.111743: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:04.111760: | raw_eroute result=success Aug 26 13:10:04.111763: | set up incoming SA, ref=0/0 Aug 26 13:10:04.111764: | sr for #2: unrouted Aug 26 13:10:04.111766: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:04.111768: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:04.111770: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:10:04.111772: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:10:04.111774: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:10:04.111777: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:10:04.111779: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:04.111783: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:10:04.111785: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:04.111793: | raw_eroute result=success Aug 26 13:10:04.111796: | running updown command "ipsec _updown" for verb up Aug 26 13:10:04.111798: | command executing up-client Aug 26 13:10:04.111815: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Aug 26 13:10:04.111819: | popen cmd is 1054 chars long Aug 26 13:10:04.111821: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:10:04.111823: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 13:10:04.111825: | cmd( 160):2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:10:04.111826: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:10:04.111828: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 13:10:04.111830: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:10:04.111832: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:10:04.111833: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:10:04.111835: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:10:04.111837: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:10:04.111838: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:10:04.111840: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:10:04.111842: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x909f43c1 SPI_OUT=0x935f0ddb ipse: Aug 26 13:10:04.111843: | cmd(1040):c _updown 2>&1: Aug 26 13:10:04.120309: | route_and_eroute: firewall_notified: true Aug 26 13:10:04.120322: | running updown command "ipsec _updown" for verb prepare Aug 26 13:10:04.120325: | command executing prepare-client Aug 26 13:10:04.120348: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 13:10:04.120352: | popen cmd is 1059 chars long Aug 26 13:10:04.120354: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:10:04.120356: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:10:04.120358: | cmd( 160):92.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIE: Aug 26 13:10:04.120360: | cmd( 240):NT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_: Aug 26 13:10:04.120362: | cmd( 320):MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.2: Aug 26 13:10:04.120366: | cmd( 400):3' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET=: Aug 26 13:10:04.120367: | cmd( 480):'192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEE: Aug 26 13:10:04.120369: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON: Aug 26 13:10:04.120371: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: Aug 26 13:10:04.120372: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 13:10:04.120374: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 13:10:04.120376: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 13:10:04.120378: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x909f43c1 SPI_OUT=0x935f0ddb: Aug 26 13:10:04.120379: | cmd(1040): ipsec _updown 2>&1: Aug 26 13:10:04.129981: | running updown command "ipsec _updown" for verb route Aug 26 13:10:04.130013: | command executing route-client Aug 26 13:10:04.130065: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 13:10:04.130072: | popen cmd is 1057 chars long Aug 26 13:10:04.130076: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:10:04.130080: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 13:10:04.130082: | cmd( 160):.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT: Aug 26 13:10:04.130084: | cmd( 240):_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY: Aug 26 13:10:04.130086: | cmd( 320):_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23': Aug 26 13:10:04.130087: | cmd( 400): PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='1: Aug 26 13:10:04.130089: | cmd( 480):92.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_: Aug 26 13:10:04.130091: | cmd( 560):PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_: Aug 26 13:10:04.130092: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Aug 26 13:10:04.130094: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 13:10:04.130096: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 13:10:04.130097: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 13:10:04.130099: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x909f43c1 SPI_OUT=0x935f0ddb i: Aug 26 13:10:04.130101: | cmd(1040):psec _updown 2>&1: Aug 26 13:10:04.139938: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x560d9b1a6d68,sr=0x560d9b1a6d68} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:10:04.140008: | #1 spent 1.57 milliseconds in install_ipsec_sa() Aug 26 13:10:04.140015: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:10:04.140018: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:04.140021: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:10:04.140029: | libevent_free: release ptr-libevent@0x560d9b1ae9c8 Aug 26 13:10:04.140034: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8388002b78 Aug 26 13:10:04.140039: | #2 spent 2.36 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:10:04.140050: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:04.140057: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:10:04.140061: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:10:04.140067: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:10:04.140071: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:10:04.140078: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:10:04.140084: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:04.140087: | pstats #2 ikev2.child established Aug 26 13:10:04.140098: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:10:04.140110: | NAT-T: encaps is 'auto' Aug 26 13:10:04.140129: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x909f43c1 <0x935f0ddb xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:10:04.140133: | releasing whack for #2 (sock=fd@25) Aug 26 13:10:04.140136: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:10:04.140138: | releasing whack and unpending for parent #1 Aug 26 13:10:04.140140: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:10:04.140145: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:10:04.140147: | removing pending policy for no connection {0x560d9b18e4a8} Aug 26 13:10:04.140156: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:10:04.140164: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:10:04.140167: | event_schedule: new EVENT_SA_REKEY-pe@0x7f8388002b78 Aug 26 13:10:04.140170: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:10:04.140174: | libevent_malloc: new ptr-libevent@0x560d9b1ad128 size 128 Aug 26 13:10:04.140180: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:04.140186: | #1 spent 2.77 milliseconds in ikev2_process_packet() Aug 26 13:10:04.140192: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:04.140197: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:04.140200: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:04.140204: | spent 2.79 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:04.140218: | processing signal PLUTO_SIGCHLD Aug 26 13:10:04.140224: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:04.140228: | spent 0.00507 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:04.140231: | processing signal PLUTO_SIGCHLD Aug 26 13:10:04.140235: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:04.140239: | spent 0.00394 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:04.140242: | processing signal PLUTO_SIGCHLD Aug 26 13:10:04.140247: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:04.140251: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:05.316222: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:05.316390: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:10:05.316396: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:05.316402: | get_sa_info esp.935f0ddb@192.1.2.45 Aug 26 13:10:05.316420: | get_sa_info esp.909f43c1@192.1.2.23 Aug 26 13:10:05.316440: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:05.316449: | spent 0.233 milliseconds in whack Aug 26 13:10:05.824265: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:05.824297: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:10:05.824304: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:05.824312: | get_sa_info esp.935f0ddb@192.1.2.45 Aug 26 13:10:05.824341: | get_sa_info esp.909f43c1@192.1.2.23 Aug 26 13:10:05.824374: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:05.824381: | spent 0.119 milliseconds in whack Aug 26 13:10:05.934539: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:05.934706: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:05.934711: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:05.934758: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:10:05.934761: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:05.934770: | get_sa_info esp.935f0ddb@192.1.2.45 Aug 26 13:10:05.934785: | get_sa_info esp.909f43c1@192.1.2.23 Aug 26 13:10:05.934801: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:05.934806: | spent 0.275 milliseconds in whack Aug 26 13:10:06.264093: | spent 0.00246 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:06.264130: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:10:06.264133: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.264135: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:10:06.264137: | 01 39 8d 6a d0 60 7a 3c 63 14 98 10 80 f3 65 03 Aug 26 13:10:06.264138: | 02 fe cf 01 71 df cd 27 5c 38 72 aa ad 9d 47 e7 Aug 26 13:10:06.264140: | b7 78 38 ab 28 Aug 26 13:10:06.264143: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:06.264147: | **parse ISAKMP Message: Aug 26 13:10:06.264149: | initiator cookie: Aug 26 13:10:06.264150: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:06.264152: | responder cookie: Aug 26 13:10:06.264153: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.264155: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:06.264157: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:06.264159: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:06.264162: | flags: none (0x0) Aug 26 13:10:06.264163: | Message ID: 0 (0x0) Aug 26 13:10:06.264165: | length: 69 (0x45) Aug 26 13:10:06.264167: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:10:06.264170: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:10:06.264173: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:10:06.264177: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:06.264179: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:06.264182: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:06.264184: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:10:06.264187: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:10:06.264191: | unpacking clear payload Aug 26 13:10:06.264193: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:06.264195: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:06.264197: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:10:06.264198: | flags: none (0x0) Aug 26 13:10:06.264200: | length: 41 (0x29) Aug 26 13:10:06.264202: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:10:06.264205: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:10:06.264207: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:10:06.264229: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:10:06.264232: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:10:06.264235: | **parse IKEv2 Delete Payload: Aug 26 13:10:06.264236: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.264238: | flags: none (0x0) Aug 26 13:10:06.264240: | length: 12 (0xc) Aug 26 13:10:06.264242: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:06.264245: | SPI size: 4 (0x4) Aug 26 13:10:06.264247: | number of SPIs: 1 (0x1) Aug 26 13:10:06.264249: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:10:06.264251: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:10:06.264252: | Now let's proceed with state specific processing Aug 26 13:10:06.264254: | calling processor I3: INFORMATIONAL Request Aug 26 13:10:06.264257: | an informational request should send a response Aug 26 13:10:06.264278: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:10:06.264280: | **emit ISAKMP Message: Aug 26 13:10:06.264282: | initiator cookie: Aug 26 13:10:06.264283: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:06.264285: | responder cookie: Aug 26 13:10:06.264286: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.264298: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:06.264302: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:06.264304: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:06.264306: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:10:06.264308: | Message ID: 0 (0x0) Aug 26 13:10:06.264310: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:06.264312: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:06.264314: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.264315: | flags: none (0x0) Aug 26 13:10:06.264317: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:06.264320: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:06.264322: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:06.264331: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:10:06.264333: | SPI 90 9f 43 c1 Aug 26 13:10:06.264335: | delete PROTO_v2_ESP SA(0x909f43c1) Aug 26 13:10:06.264337: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:10:06.264339: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:10:06.264341: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x909f43c1) Aug 26 13:10:06.264343: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:10:06.264346: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:06.264348: | libevent_free: release ptr-libevent@0x560d9b1ad128 Aug 26 13:10:06.264350: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8388002b78 Aug 26 13:10:06.264353: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f8388002b78 Aug 26 13:10:06.264356: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:10:06.264358: | libevent_malloc: new ptr-libevent@0x560d9b1ae9c8 size 128 Aug 26 13:10:06.264362: | ****emit IKEv2 Delete Payload: Aug 26 13:10:06.264364: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.264366: | flags: none (0x0) Aug 26 13:10:06.264367: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:06.264369: | SPI size: 4 (0x4) Aug 26 13:10:06.264371: | number of SPIs: 1 (0x1) Aug 26 13:10:06.264373: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:06.264375: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:06.264377: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:10:06.264378: | local SPIs 93 5f 0d db Aug 26 13:10:06.264380: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:06.264382: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:06.264384: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:06.264386: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:06.264388: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:10:06.264389: | emitting length of ISAKMP Message: 69 Aug 26 13:10:06.264401: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:06.264406: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.264407: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:10:06.264409: | 74 bd 59 d6 13 e8 29 d8 3b 2e d6 2d 3a 62 f3 d5 Aug 26 13:10:06.264411: | e2 1b 67 78 49 bd dc 97 d5 c9 f1 84 b4 dd 16 f9 Aug 26 13:10:06.264412: | 99 63 ef e1 8b Aug 26 13:10:06.264434: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:10:06.264439: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:10:06.264443: | #1 spent 0.169 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:10:06.264447: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:06.264450: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:10:06.264452: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:10:06.264455: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:10:06.264458: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:06.264460: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:10:06.264463: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:06.264466: | #1 spent 0.329 milliseconds in ikev2_process_packet() Aug 26 13:10:06.264468: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:06.264471: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:06.264473: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:06.264475: | spent 0.339 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:06.264481: | timer_event_cb: processing event@0x7f8388002b78 Aug 26 13:10:06.264485: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:10:06.264489: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:10:06.264494: | picked newest_ipsec_sa #2 for #2 Aug 26 13:10:06.264496: | replacing stale CHILD SA Aug 26 13:10:06.264501: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:10:06.264504: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:10:06.264508: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:10:06.264513: | creating state object #3 at 0x560d9b1b31b8 Aug 26 13:10:06.264516: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:10:06.264537: | pstats #3 ikev2.child started Aug 26 13:10:06.264541: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 13:10:06.264546: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:06.264556: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:06.264562: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:10:06.264566: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:10:06.264570: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:10:06.264574: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:10:06.264578: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 13:10:06.264583: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:10:06.264590: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:10:06.264593: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:10:06.264597: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:10:06.264601: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:06.264605: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:10:06.264608: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:06.264613: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:10:06.264621: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:10:06.264627: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:10:06.264630: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x560d9b1ab1e8 Aug 26 13:10:06.264634: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:10:06.264637: | libevent_malloc: new ptr-libevent@0x560d9b1ad128 size 128 Aug 26 13:10:06.264642: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:10:06.264646: | event_schedule: new EVENT_SA_EXPIRE-pe@0x560d9b1adad8 Aug 26 13:10:06.264649: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:10:06.264653: | libevent_malloc: new ptr-libevent@0x560d9b1aada8 size 128 Aug 26 13:10:06.264657: | libevent_free: release ptr-libevent@0x560d9b1ae9c8 Aug 26 13:10:06.264660: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f8388002b78 Aug 26 13:10:06.264664: | #2 spent 0.183 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:10:06.264671: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:10:06.264676: | timer_event_cb: processing event@0x560d9b1ab1e8 Aug 26 13:10:06.264679: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:10:06.264684: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:10:06.264690: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:10:06.264694: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8388002b78 Aug 26 13:10:06.264697: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:10:06.264700: | libevent_malloc: new ptr-libevent@0x560d9b1ae9c8 size 128 Aug 26 13:10:06.264708: | libevent_free: release ptr-libevent@0x560d9b1ad128 Aug 26 13:10:06.264710: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x560d9b1ab1e8 Aug 26 13:10:06.264715: | #3 spent 0.0373 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:10:06.264717: | crypto helper 3 resuming Aug 26 13:10:06.264719: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:10:06.264733: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:10:06.264737: | timer_event_cb: processing event@0x560d9b1adad8 Aug 26 13:10:06.264740: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:10:06.264740: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:10:06.264751: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:10:06.264754: | picked newest_ipsec_sa #2 for #2 Aug 26 13:10:06.264757: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:10:06.264759: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:10:06.264762: | pstats #2 ikev2.child deleted completed Aug 26 13:10:06.264765: | #2 spent 2.54 milliseconds in total Aug 26 13:10:06.264769: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:06.264773: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 2.189s and NOT sending notification Aug 26 13:10:06.264776: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:10:06.264780: | get_sa_info esp.909f43c1@192.1.2.23 Aug 26 13:10:06.264792: | get_sa_info esp.935f0ddb@192.1.2.45 Aug 26 13:10:06.264799: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Aug 26 13:10:06.264803: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:10:06.264876: | running updown command "ipsec _updown" for verb down Aug 26 13:10:06.264885: | command executing down-client Aug 26 13:10:06.264918: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825004' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 13:10:06.264922: | popen cmd is 1065 chars long Aug 26 13:10:06.264924: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:10:06.264929: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 13:10:06.264931: | cmd( 160):1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_: Aug 26 13:10:06.264933: | cmd( 240):NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Aug 26 13:10:06.264934: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' : Aug 26 13:10:06.264936: | cmd( 400):PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='19: Aug 26 13:10:06.264938: | cmd( 480):2.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_P: Aug 26 13:10:06.264939: | cmd( 560):ROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825004' PLU: Aug 26 13:10:06.264941: | cmd( 640):TO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW: Aug 26 13:10:06.264943: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 13:10:06.264944: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 13:10:06.264946: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 13:10:06.264948: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x909f43c1 SPI_OUT=0x93: Aug 26 13:10:06.264950: | cmd(1040):5f0ddb ipsec _updown 2>&1: Aug 26 13:10:06.265752: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.001012 seconds Aug 26 13:10:06.265767: | (#3) spent 1.02 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:10:06.265770: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:10:06.265772: | scheduling resume sending helper answer for #3 Aug 26 13:10:06.265774: | libevent_malloc: new ptr-libevent@0x7f8384002888 size 128 Aug 26 13:10:06.265797: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:06.275460: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:06.275469: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:06.275472: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:06.275476: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:06.275499: | delete esp.909f43c1@192.1.2.23 Aug 26 13:10:06.275536: | netlink response for Del SA esp.909f43c1@192.1.2.23 included non-error error Aug 26 13:10:06.275542: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:06.275551: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:10:06.275575: | raw_eroute result=success Aug 26 13:10:06.275581: | delete esp.935f0ddb@192.1.2.45 Aug 26 13:10:06.275594: | netlink response for Del SA esp.935f0ddb@192.1.2.45 included non-error error Aug 26 13:10:06.275607: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:10:06.275611: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:10:06.275617: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:10:06.275625: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:06.275639: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:10:06.275641: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:10:06.275644: | libevent_free: release ptr-libevent@0x560d9b1aada8 Aug 26 13:10:06.275646: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x560d9b1adad8 Aug 26 13:10:06.275648: | in statetime_stop() and could not find #2 Aug 26 13:10:06.275650: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:10:06.275668: | spent 0.00215 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:06.275681: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:10:06.275684: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.275686: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:10:06.275687: | a5 00 c8 b8 39 95 a5 07 e5 f0 c9 b9 de 6b cc 64 Aug 26 13:10:06.275689: | b8 3b 29 f6 72 0b 39 bd 64 aa c2 56 8c d9 83 b9 Aug 26 13:10:06.275691: | c1 Aug 26 13:10:06.275694: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:06.275697: | **parse ISAKMP Message: Aug 26 13:10:06.275699: | initiator cookie: Aug 26 13:10:06.275700: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:06.275702: | responder cookie: Aug 26 13:10:06.275703: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.275718: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:06.275720: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:06.275722: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:06.275724: | flags: none (0x0) Aug 26 13:10:06.275726: | Message ID: 1 (0x1) Aug 26 13:10:06.275743: | length: 65 (0x41) Aug 26 13:10:06.275745: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:10:06.275747: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:10:06.275750: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:10:06.275754: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:06.275757: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:06.275759: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:06.275761: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:06.275764: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:10:06.275766: | unpacking clear payload Aug 26 13:10:06.275768: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:06.275770: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:06.275771: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:10:06.275773: | flags: none (0x0) Aug 26 13:10:06.275775: | length: 37 (0x25) Aug 26 13:10:06.275777: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:10:06.275780: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:06.275782: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:10:06.275811: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:10:06.275813: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:10:06.275815: | **parse IKEv2 Delete Payload: Aug 26 13:10:06.275816: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.275818: | flags: none (0x0) Aug 26 13:10:06.275820: | length: 8 (0x8) Aug 26 13:10:06.275821: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:10:06.275823: | SPI size: 0 (0x0) Aug 26 13:10:06.275825: | number of SPIs: 0 (0x0) Aug 26 13:10:06.275826: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:10:06.275828: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:10:06.275830: | Now let's proceed with state specific processing Aug 26 13:10:06.275831: | calling processor I3: INFORMATIONAL Request Aug 26 13:10:06.275834: | an informational request should send a response Aug 26 13:10:06.275853: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:10:06.275856: | **emit ISAKMP Message: Aug 26 13:10:06.275857: | initiator cookie: Aug 26 13:10:06.275859: | 06 2e 9f aa 15 2a 96 f6 Aug 26 13:10:06.275860: | responder cookie: Aug 26 13:10:06.275862: | 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.275865: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:06.275867: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:06.275869: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:06.275871: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:10:06.275873: | Message ID: 1 (0x1) Aug 26 13:10:06.275874: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:06.275876: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:06.275878: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.275880: | flags: none (0x0) Aug 26 13:10:06.275882: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:06.275884: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:06.275886: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:06.275893: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:06.275895: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:06.275897: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:06.275899: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:10:06.275900: | emitting length of ISAKMP Message: 57 Aug 26 13:10:06.275910: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:06.275913: | 06 2e 9f aa 15 2a 96 f6 6b 66 e1 cd 5b 36 a0 51 Aug 26 13:10:06.275915: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:10:06.275916: | b2 02 cd e4 85 80 00 4e 10 02 f7 d3 96 16 42 7e Aug 26 13:10:06.275918: | 26 1e 73 56 f1 df 86 be 48 Aug 26 13:10:06.275939: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:10:06.275944: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:10:06.275947: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:10:06.275949: | pstats #3 ikev2.child deleted other Aug 26 13:10:06.275952: | #3 spent 0.0373 milliseconds in total Aug 26 13:10:06.275955: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:06.275958: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:06.275960: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.011s and NOT sending notification Aug 26 13:10:06.275962: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:10:06.275964: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:06.275967: | libevent_free: release ptr-libevent@0x560d9b1ae9c8 Aug 26 13:10:06.275970: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8388002b78 Aug 26 13:10:06.275972: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:06.275977: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:10:06.275986: | raw_eroute result=success Aug 26 13:10:06.275989: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:10:06.275991: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:10:06.275996: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:10:06.275999: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:06.276001: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:06.276005: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:10:06.276008: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:10:06.276010: | pstats #1 ikev2.ike deleted completed Aug 26 13:10:06.276013: | #1 spent 14.2 milliseconds in total Aug 26 13:10:06.276016: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:06.276018: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 2.214s and NOT sending notification Aug 26 13:10:06.276020: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:10:06.276058: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:06.276065: | libevent_free: release ptr-libevent@0x7f8380000f48 Aug 26 13:10:06.276071: | free_event_entry: release EVENT_SA_REKEY-pe@0x560d9b1ab078 Aug 26 13:10:06.276075: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:06.276079: | picked newest_isakmp_sa #0 for #1 Aug 26 13:10:06.276082: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:10:06.276087: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:10:06.276091: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:10:06.276096: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:10:06.276098: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:10:06.276100: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:10:06.276123: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:06.276142: | in statetime_stop() and could not find #1 Aug 26 13:10:06.276144: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:06.276148: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:10:06.276149: | STF_OK but no state object remains Aug 26 13:10:06.276151: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:06.276153: | in statetime_stop() and could not find #1 Aug 26 13:10:06.276156: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:06.276158: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:06.276160: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:06.276163: | spent 0.481 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:06.276169: | processing resume sending helper answer for #3 Aug 26 13:10:06.276172: | crypto helper 3 replies to request ID 3 Aug 26 13:10:06.276173: | calling continuation function 0x560d992b4b50 Aug 26 13:10:06.276175: | work-order 3 state #3 crypto result suppressed Aug 26 13:10:06.276184: | (#3) spent 0.0117 milliseconds in resume sending helper answer Aug 26 13:10:06.276186: | libevent_free: release ptr-libevent@0x7f8384002888 Aug 26 13:10:06.276188: | processing signal PLUTO_SIGCHLD Aug 26 13:10:06.276192: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:06.276195: | spent 0.00394 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:06.276198: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:10:06.276201: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 13:10:06.276203: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:06.276206: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:10:06.276208: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:10:06.276210: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:10:06.276213: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:10:06.276217: | creating state object #4 at 0x560d9b1adcf8 Aug 26 13:10:06.276219: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:10:06.276223: | pstats #4 ikev2.ike started Aug 26 13:10:06.276226: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:06.276228: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:10:06.276231: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:06.276235: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:06.276238: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:06.276240: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:10:06.276243: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:10:06.276246: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 13:10:06.276256: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:06.276260: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:10:06.276262: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8380001f18 Aug 26 13:10:06.276264: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:10:06.276266: | libevent_malloc: new ptr-libevent@0x560d9b1aada8 size 128 Aug 26 13:10:06.276273: | #4 spent 0.0674 milliseconds in ikev2_parent_outI1() Aug 26 13:10:06.276300: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:06.276304: | crypto helper 4 resuming Aug 26 13:10:06.276306: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:06.276318: | crypto helper 4 starting work-order 4 for state #4 Aug 26 13:10:06.276323: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:10:06.276334: | spent 0.121 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:10:06.276328: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:10:06.276889: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000561 seconds Aug 26 13:10:06.276896: | (#4) spent 0.565 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:10:06.276898: | crypto helper 4 sending results from work-order 4 for state #4 to event queue Aug 26 13:10:06.276901: | scheduling resume sending helper answer for #4 Aug 26 13:10:06.276903: | libevent_malloc: new ptr-libevent@0x7f8378002888 size 128 Aug 26 13:10:06.276909: | crypto helper 4 waiting (nothing to do) Aug 26 13:10:06.276912: | processing resume sending helper answer for #4 Aug 26 13:10:06.276916: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:06.276918: | crypto helper 4 replies to request ID 4 Aug 26 13:10:06.276922: | calling continuation function 0x560d992b4b50 Aug 26 13:10:06.276924: | ikev2_parent_outI1_continue for #4 Aug 26 13:10:06.276927: | **emit ISAKMP Message: Aug 26 13:10:06.276929: | initiator cookie: Aug 26 13:10:06.276931: | b4 e1 4a e8 c7 47 48 33 Aug 26 13:10:06.276933: | responder cookie: Aug 26 13:10:06.276934: | 00 00 00 00 00 00 00 00 Aug 26 13:10:06.276936: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:06.276938: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:06.276940: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:06.276942: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:06.276943: | Message ID: 0 (0x0) Aug 26 13:10:06.276945: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:06.276954: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:06.276956: | Emitting ikev2_proposals ... Aug 26 13:10:06.276958: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:06.276960: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.276961: | flags: none (0x0) Aug 26 13:10:06.276963: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:06.276965: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.276967: | discarding INTEG=NONE Aug 26 13:10:06.276969: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:06.276971: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.276973: | prop #: 1 (0x1) Aug 26 13:10:06.276974: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:06.276976: | spi size: 0 (0x0) Aug 26 13:10:06.276978: | # transforms: 11 (0xb) Aug 26 13:10:06.276980: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:06.276994: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.276996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.276998: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:06.276999: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:06.277001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277003: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:06.277005: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:06.277007: | length/value: 256 (0x100) Aug 26 13:10:06.277009: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:06.277011: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277014: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277015: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:06.277017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277019: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277021: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277024: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277027: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277029: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:06.277031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277034: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277036: | discarding INTEG=NONE Aug 26 13:10:06.277037: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277040: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277042: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:06.277044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277047: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277049: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277052: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277054: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:06.277056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277059: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277061: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277064: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277065: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:06.277067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277071: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277072: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277075: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277077: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:06.277079: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277082: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277084: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277087: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277089: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:06.277090: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277095: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277096: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277101: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:06.277103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277108: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277111: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277113: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:06.277115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277120: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277121: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:06.277123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277124: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:06.277126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277130: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277131: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:06.277133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:06.277135: | discarding INTEG=NONE Aug 26 13:10:06.277136: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:06.277138: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.277140: | prop #: 2 (0x2) Aug 26 13:10:06.277141: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:06.277143: | spi size: 0 (0x0) Aug 26 13:10:06.277144: | # transforms: 11 (0xb) Aug 26 13:10:06.277146: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.277148: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:06.277150: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277153: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:06.277155: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:06.277157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277158: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:06.277160: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:06.277161: | length/value: 128 (0x80) Aug 26 13:10:06.277163: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:06.277166: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277169: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277171: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:06.277173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277176: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277178: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277179: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277181: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277182: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:06.277184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277188: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277189: | discarding INTEG=NONE Aug 26 13:10:06.277191: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277195: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:06.277197: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277201: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277202: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277205: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277207: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:06.277209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277212: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277214: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277215: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277217: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277219: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:06.277220: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277222: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277224: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277225: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277230: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:06.277232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277236: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277238: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277243: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:06.277245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277246: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277248: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277250: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277254: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:06.277256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277260: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277261: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277264: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277266: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:06.277268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277271: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277273: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277274: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:06.277276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277278: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:06.277279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277281: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277283: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277285: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:06.277286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:06.277307: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:06.277311: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.277312: | prop #: 3 (0x3) Aug 26 13:10:06.277314: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:06.277316: | spi size: 0 (0x0) Aug 26 13:10:06.277317: | # transforms: 13 (0xd) Aug 26 13:10:06.277319: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.277321: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:06.277323: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277327: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:06.277329: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:06.277331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277345: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:06.277347: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:06.277349: | length/value: 256 (0x100) Aug 26 13:10:06.277350: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:06.277352: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277353: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277355: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277357: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:06.277359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277362: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277364: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277368: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:06.277370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277374: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277375: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277378: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:06.277380: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:06.277382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277385: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277390: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:06.277392: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:06.277393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277397: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277398: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277402: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277403: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:06.277405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277409: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277411: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277414: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277416: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:06.277418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277423: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277427: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:06.277429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277431: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277433: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277434: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277437: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277439: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:06.277441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277444: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277446: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277450: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:06.277452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277456: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277457: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277460: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277462: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:06.277464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277467: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277469: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277474: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:06.277475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277481: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277483: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277484: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:06.277486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277487: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:06.277489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277493: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277494: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:06.277496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:06.277498: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:06.277499: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:06.277501: | prop #: 4 (0x4) Aug 26 13:10:06.277502: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:06.277504: | spi size: 0 (0x0) Aug 26 13:10:06.277505: | # transforms: 13 (0xd) Aug 26 13:10:06.277507: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:06.277509: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:06.277511: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277514: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:06.277516: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:06.277517: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277519: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:06.277521: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:06.277522: | length/value: 128 (0x80) Aug 26 13:10:06.277524: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:06.277525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277529: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277530: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:06.277532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277536: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277537: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277540: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:06.277542: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:06.277544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277547: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277553: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:06.277554: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:06.277556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277560: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277561: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277564: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:06.277566: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:06.277568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277573: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277578: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:06.277579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277583: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277584: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277588: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277589: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:06.277591: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277594: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277596: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277601: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:06.277603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277606: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277608: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277611: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277612: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:06.277614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277618: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277620: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277623: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277625: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:06.277627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277629: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277630: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277632: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277633: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277635: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277636: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:06.277638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277640: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277642: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277643: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277646: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277648: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:06.277650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:06.277656: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:06.277658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:06.277660: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:06.277661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:06.277663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:06.277665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:06.277667: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:06.277668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:06.277670: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:10:06.277672: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:06.277674: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:06.277675: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.277677: | flags: none (0x0) Aug 26 13:10:06.277678: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:06.277681: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:06.277682: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.277687: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:06.277689: | ikev2 g^x b5 4a 33 b2 df ed 67 c0 8a 98 52 4f d3 69 2d e4 Aug 26 13:10:06.277690: | ikev2 g^x 4b e1 a9 9a 92 ec 01 05 ab 26 42 4c 59 fd 57 68 Aug 26 13:10:06.277692: | ikev2 g^x 58 50 f4 4d eb 46 56 c6 37 4a 37 1d f1 2a af 5a Aug 26 13:10:06.277693: | ikev2 g^x 1e ea 4f 1d 69 83 72 95 bd 34 67 a1 ed d4 98 f0 Aug 26 13:10:06.277695: | ikev2 g^x ee e6 c2 bd 40 c8 d1 21 a8 1f 24 98 8c b6 57 6e Aug 26 13:10:06.277696: | ikev2 g^x d9 eb dd 97 5b 74 68 8d cb 8d 1c 45 c4 b6 c9 65 Aug 26 13:10:06.277698: | ikev2 g^x 42 c5 82 1e 78 af 02 5b 7f 7f 55 d8 f8 5a 97 ab Aug 26 13:10:06.277699: | ikev2 g^x 32 d7 61 bc 2e f9 02 4d 52 a7 44 a1 e8 20 47 0d Aug 26 13:10:06.277701: | ikev2 g^x c7 b9 40 c9 36 0f bc 49 5f 0d e2 12 c2 74 be e7 Aug 26 13:10:06.277703: | ikev2 g^x 50 ea 15 35 81 4a a4 74 dc 6d 67 87 c2 17 ae 50 Aug 26 13:10:06.277704: | ikev2 g^x 52 ca c3 f5 2d be 3d 42 9f 01 ba 4d a6 4f 4b 8f Aug 26 13:10:06.277706: | ikev2 g^x 76 ab 95 ed 75 69 3e f5 d6 2c cb 8a 44 33 a3 97 Aug 26 13:10:06.277707: | ikev2 g^x e8 58 4f 3e f1 60 93 9d 14 e9 ff 56 17 85 2f 5e Aug 26 13:10:06.277709: | ikev2 g^x 3d 8b 8e a4 af 5d f7 58 73 51 82 a3 df b3 da d7 Aug 26 13:10:06.277710: | ikev2 g^x 8e d1 04 8b bc 41 52 ba 65 05 49 cd 2c e4 8e f7 Aug 26 13:10:06.277712: | ikev2 g^x 44 a8 5a 2a be 0e 55 ce ca ca d2 c6 20 f7 c2 8e Aug 26 13:10:06.277713: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:06.277715: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:06.277717: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:06.277718: | flags: none (0x0) Aug 26 13:10:06.277720: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:06.277722: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:06.277724: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.277726: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:06.277728: | IKEv2 nonce 7b 70 e8 40 0d ce da ef 7f 4a 4c 26 ce 74 b4 fd Aug 26 13:10:06.277729: | IKEv2 nonce e3 de 79 2a 07 80 04 9e f4 b8 d3 e0 c6 e9 57 5b Aug 26 13:10:06.277731: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:06.277733: | Adding a v2N Payload Aug 26 13:10:06.277734: | ***emit IKEv2 Notify Payload: Aug 26 13:10:06.277736: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.277737: | flags: none (0x0) Aug 26 13:10:06.277739: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:06.277741: | SPI size: 0 (0x0) Aug 26 13:10:06.277743: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:06.277745: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:06.277746: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.277748: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:06.277750: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:06.277752: | natd_hash: rcookie is zero Aug 26 13:10:06.277760: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:06.277762: | natd_hash: icookie= b4 e1 4a e8 c7 47 48 33 Aug 26 13:10:06.277764: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:06.277765: | natd_hash: ip= c0 01 02 2d Aug 26 13:10:06.277767: | natd_hash: port=500 Aug 26 13:10:06.277768: | natd_hash: hash= 53 34 af a0 ee 7f f6 fb 5d 64 3c 3d 83 1e 85 0b Aug 26 13:10:06.277770: | natd_hash: hash= 53 29 3c 12 Aug 26 13:10:06.277771: | Adding a v2N Payload Aug 26 13:10:06.277773: | ***emit IKEv2 Notify Payload: Aug 26 13:10:06.277775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.277776: | flags: none (0x0) Aug 26 13:10:06.277779: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:06.277781: | SPI size: 0 (0x0) Aug 26 13:10:06.277782: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:06.277784: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:06.277786: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.277788: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:06.277790: | Notify data 53 34 af a0 ee 7f f6 fb 5d 64 3c 3d 83 1e 85 0b Aug 26 13:10:06.277791: | Notify data 53 29 3c 12 Aug 26 13:10:06.277793: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:06.277794: | natd_hash: rcookie is zero Aug 26 13:10:06.277798: | natd_hash: hasher=0x560d99389800(20) Aug 26 13:10:06.277800: | natd_hash: icookie= b4 e1 4a e8 c7 47 48 33 Aug 26 13:10:06.277802: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:06.277803: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:06.277805: | natd_hash: port=500 Aug 26 13:10:06.277806: | natd_hash: hash= 66 05 83 34 46 ae f0 53 7f 82 fb d2 27 8c 29 77 Aug 26 13:10:06.277808: | natd_hash: hash= 05 bc 6f 1e Aug 26 13:10:06.277809: | Adding a v2N Payload Aug 26 13:10:06.277811: | ***emit IKEv2 Notify Payload: Aug 26 13:10:06.277812: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:06.277814: | flags: none (0x0) Aug 26 13:10:06.277815: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:06.277817: | SPI size: 0 (0x0) Aug 26 13:10:06.277818: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:06.277820: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:06.277822: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:06.277824: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:06.277826: | Notify data 66 05 83 34 46 ae f0 53 7f 82 fb d2 27 8c 29 77 Aug 26 13:10:06.277827: | Notify data 05 bc 6f 1e Aug 26 13:10:06.277829: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:06.277830: | emitting length of ISAKMP Message: 828 Aug 26 13:10:06.277834: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:10:06.277838: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:06.277840: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:10:06.277842: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:10:06.277844: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:10:06.277846: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:10:06.277848: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:10:06.277851: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:06.277853: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:06.277856: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:10:06.277860: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 13:10:06.277861: | b4 e1 4a e8 c7 47 48 33 00 00 00 00 00 00 00 00 Aug 26 13:10:06.277863: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:10:06.277865: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:10:06.277866: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:10:06.277868: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:10:06.277869: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:10:06.277872: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:10:06.277873: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:10:06.277875: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:10:06.277876: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:10:06.277878: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:10:06.277879: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:10:06.277881: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:10:06.277882: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:10:06.277884: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:10:06.277885: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:10:06.277887: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:06.277888: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:10:06.277890: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:10:06.277891: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:10:06.277893: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:10:06.277894: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:10:06.277896: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:10:06.277897: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:10:06.277899: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:10:06.277900: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:10:06.277902: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:10:06.277903: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:10:06.277905: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:10:06.277906: | 28 00 01 08 00 0e 00 00 b5 4a 33 b2 df ed 67 c0 Aug 26 13:10:06.277908: | 8a 98 52 4f d3 69 2d e4 4b e1 a9 9a 92 ec 01 05 Aug 26 13:10:06.277909: | ab 26 42 4c 59 fd 57 68 58 50 f4 4d eb 46 56 c6 Aug 26 13:10:06.277911: | 37 4a 37 1d f1 2a af 5a 1e ea 4f 1d 69 83 72 95 Aug 26 13:10:06.277912: | bd 34 67 a1 ed d4 98 f0 ee e6 c2 bd 40 c8 d1 21 Aug 26 13:10:06.277914: | a8 1f 24 98 8c b6 57 6e d9 eb dd 97 5b 74 68 8d Aug 26 13:10:06.277915: | cb 8d 1c 45 c4 b6 c9 65 42 c5 82 1e 78 af 02 5b Aug 26 13:10:06.277917: | 7f 7f 55 d8 f8 5a 97 ab 32 d7 61 bc 2e f9 02 4d Aug 26 13:10:06.277918: | 52 a7 44 a1 e8 20 47 0d c7 b9 40 c9 36 0f bc 49 Aug 26 13:10:06.277920: | 5f 0d e2 12 c2 74 be e7 50 ea 15 35 81 4a a4 74 Aug 26 13:10:06.277921: | dc 6d 67 87 c2 17 ae 50 52 ca c3 f5 2d be 3d 42 Aug 26 13:10:06.277923: | 9f 01 ba 4d a6 4f 4b 8f 76 ab 95 ed 75 69 3e f5 Aug 26 13:10:06.277924: | d6 2c cb 8a 44 33 a3 97 e8 58 4f 3e f1 60 93 9d Aug 26 13:10:06.277926: | 14 e9 ff 56 17 85 2f 5e 3d 8b 8e a4 af 5d f7 58 Aug 26 13:10:06.277927: | 73 51 82 a3 df b3 da d7 8e d1 04 8b bc 41 52 ba Aug 26 13:10:06.277929: | 65 05 49 cd 2c e4 8e f7 44 a8 5a 2a be 0e 55 ce Aug 26 13:10:06.277930: | ca ca d2 c6 20 f7 c2 8e 29 00 00 24 7b 70 e8 40 Aug 26 13:10:06.277932: | 0d ce da ef 7f 4a 4c 26 ce 74 b4 fd e3 de 79 2a Aug 26 13:10:06.277933: | 07 80 04 9e f4 b8 d3 e0 c6 e9 57 5b 29 00 00 08 Aug 26 13:10:06.277935: | 00 00 40 2e 29 00 00 1c 00 00 40 04 53 34 af a0 Aug 26 13:10:06.277936: | ee 7f f6 fb 5d 64 3c 3d 83 1e 85 0b 53 29 3c 12 Aug 26 13:10:06.277938: | 00 00 00 1c 00 00 40 05 66 05 83 34 46 ae f0 53 Aug 26 13:10:06.277939: | 7f 82 fb d2 27 8c 29 77 05 bc 6f 1e Aug 26 13:10:06.277955: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:06.277958: | libevent_free: release ptr-libevent@0x560d9b1aada8 Aug 26 13:10:06.277960: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8380001f18 Aug 26 13:10:06.277962: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:06.277964: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:10:06.277968: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8380001f18 Aug 26 13:10:06.277970: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 13:10:06.277972: | libevent_malloc: new ptr-libevent@0x560d9b1ae9c8 size 128 Aug 26 13:10:06.277975: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10292.020434 Aug 26 13:10:06.277978: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:10:06.277996: | #4 spent 1.05 milliseconds in resume sending helper answer Aug 26 13:10:06.277999: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:06.278001: | libevent_free: release ptr-libevent@0x7f8378002888 Aug 26 13:10:06.996017: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:06.996039: shutting down Aug 26 13:10:06.996047: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:10:06.996050: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:06.996051: forgetting secrets Aug 26 13:10:06.996056: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:06.996061: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:10:06.996064: | removing pending policy for no connection {0x560d9b18e4a8} Aug 26 13:10:06.996067: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:10:06.996069: | pass 0 Aug 26 13:10:06.996072: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:06.996074: | state #4 Aug 26 13:10:06.996078: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:06.996083: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:06.996086: | pstats #4 ikev2.ike deleted other Aug 26 13:10:06.996092: | #4 spent 1.69 milliseconds in total Aug 26 13:10:06.996097: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:06.996102: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.719s and NOT sending notification Aug 26 13:10:06.996105: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:10:06.996109: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:06.996111: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:10:06.996115: | libevent_free: release ptr-libevent@0x560d9b1ae9c8 Aug 26 13:10:06.996117: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8380001f18 Aug 26 13:10:06.996119: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:06.996121: | picked newest_isakmp_sa #0 for #4 Aug 26 13:10:06.996124: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:10:06.996127: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 13:10:06.996130: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:10:06.996134: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:10:06.996136: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:10:06.996138: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:10:06.996140: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:10:06.996143: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:10:06.996159: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:06.996165: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:06.996167: | pass 1 Aug 26 13:10:06.996169: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:06.996172: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:10:06.996174: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:06.996177: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:06.996212: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:10:06.996220: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:06.996223: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:10:06.996225: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:10:06.996227: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:10:06.996229: | running updown command "ipsec _updown" for verb unroute Aug 26 13:10:06.996231: | command executing unroute-client Aug 26 13:10:06.996251: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 13:10:06.996253: | popen cmd is 1046 chars long Aug 26 13:10:06.996255: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:10:06.996257: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:10:06.996259: | cmd( 160):92.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIE: Aug 26 13:10:06.996261: | cmd( 240):NT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_: Aug 26 13:10:06.996262: | cmd( 320):MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.: Aug 26 13:10:06.996264: | cmd( 400):23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET: Aug 26 13:10:06.996266: | cmd( 480):='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Aug 26 13:10:06.996267: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Aug 26 13:10:06.996269: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 13:10:06.996271: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 13:10:06.996273: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 13:10:06.996274: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 13:10:06.996276: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updow: Aug 26 13:10:06.996278: | cmd(1040):n 2>&1: Aug 26 13:10:07.004932: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004952: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004959: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004962: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004964: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004965: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.004969: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005020: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005313: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005319: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005322: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005328: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005378: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005385: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005387: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005388: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005391: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005398: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005448: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005455: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005457: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005459: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005461: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005469: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005483: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005495: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005509: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005522: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005534: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005545: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005557: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.005571: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:07.010086: | free hp@0x560d9b1a8828 Aug 26 13:10:07.010109: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 13:10:07.010116: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:10:07.010134: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:10:07.010138: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:10:07.010149: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:10:07.010153: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:10:07.010156: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:10:07.010159: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:10:07.010163: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:10:07.010166: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:10:07.010171: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:10:07.010185: | libevent_free: release ptr-libevent@0x560d9b19a4b8 Aug 26 13:10:07.010188: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a61a8 Aug 26 13:10:07.010201: | libevent_free: release ptr-libevent@0x560d9b136388 Aug 26 13:10:07.010205: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6258 Aug 26 13:10:07.010214: | libevent_free: release ptr-libevent@0x560d9b138228 Aug 26 13:10:07.010218: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6308 Aug 26 13:10:07.010226: | libevent_free: release ptr-libevent@0x560d9b135378 Aug 26 13:10:07.010230: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a63b8 Aug 26 13:10:07.010243: | libevent_free: release ptr-libevent@0x560d9b10bba8 Aug 26 13:10:07.010247: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6468 Aug 26 13:10:07.010255: | libevent_free: release ptr-libevent@0x560d9b1061d8 Aug 26 13:10:07.010258: | free_event_entry: release EVENT_NULL-pe@0x560d9b1a6518 Aug 26 13:10:07.010265: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:07.010850: | libevent_free: release ptr-libevent@0x560d9b19a568 Aug 26 13:10:07.010861: | free_event_entry: release EVENT_NULL-pe@0x560d9b18e328 Aug 26 13:10:07.010869: | libevent_free: release ptr-libevent@0x560d9b138128 Aug 26 13:10:07.010874: | free_event_entry: release EVENT_NULL-pe@0x560d9b18d7e8 Aug 26 13:10:07.010879: | libevent_free: release ptr-libevent@0x560d9b171be8 Aug 26 13:10:07.010883: | free_event_entry: release EVENT_NULL-pe@0x560d9b18e398 Aug 26 13:10:07.010889: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:10:07.010893: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:10:07.010896: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:10:07.010899: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:10:07.010902: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:10:07.010906: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:10:07.010909: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:10:07.010912: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:10:07.010915: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:10:07.010923: | libevent_free: release ptr-libevent@0x560d9b1358d8 Aug 26 13:10:07.010927: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:10:07.010931: | libevent_free: release ptr-libevent@0x560d9b1a58f8 Aug 26 13:10:07.010934: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:10:07.010938: | libevent_free: release ptr-libevent@0x560d9b1a5a08 Aug 26 13:10:07.010942: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:10:07.010945: | libevent_free: release ptr-libevent@0x560d9b1a5c48 Aug 26 13:10:07.010949: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:10:07.010952: | releasing event base Aug 26 13:10:07.010967: | libevent_free: release ptr-libevent@0x560d9b1a5b18 Aug 26 13:10:07.010971: | libevent_free: release ptr-libevent@0x560d9b188bd8 Aug 26 13:10:07.010976: | libevent_free: release ptr-libevent@0x560d9b188b88 Aug 26 13:10:07.010979: | libevent_free: release ptr-libevent@0x560d9b188b18 Aug 26 13:10:07.010983: | libevent_free: release ptr-libevent@0x560d9b188ad8 Aug 26 13:10:07.010986: | libevent_free: release ptr-libevent@0x560d9b1a57f8 Aug 26 13:10:07.010990: | libevent_free: release ptr-libevent@0x560d9b1a5878 Aug 26 13:10:07.010993: | libevent_free: release ptr-libevent@0x560d9b188d88 Aug 26 13:10:07.010996: | libevent_free: release ptr-libevent@0x560d9b18d8f8 Aug 26 13:10:07.010999: | libevent_free: release ptr-libevent@0x560d9b18e2e8 Aug 26 13:10:07.011002: | libevent_free: release ptr-libevent@0x560d9b1a6588 Aug 26 13:10:07.011006: | libevent_free: release ptr-libevent@0x560d9b1a64d8 Aug 26 13:10:07.011009: | libevent_free: release ptr-libevent@0x560d9b1a6428 Aug 26 13:10:07.011012: | libevent_free: release ptr-libevent@0x560d9b1a6378 Aug 26 13:10:07.011015: | libevent_free: release ptr-libevent@0x560d9b1a62c8 Aug 26 13:10:07.011018: | libevent_free: release ptr-libevent@0x560d9b1a6218 Aug 26 13:10:07.011021: | libevent_free: release ptr-libevent@0x560d9b135a38 Aug 26 13:10:07.011025: | libevent_free: release ptr-libevent@0x560d9b1a59c8 Aug 26 13:10:07.011028: | libevent_free: release ptr-libevent@0x560d9b1a58b8 Aug 26 13:10:07.011031: | libevent_free: release ptr-libevent@0x560d9b1a5838 Aug 26 13:10:07.011034: | libevent_free: release ptr-libevent@0x560d9b1a5ad8 Aug 26 13:10:07.011038: | libevent_free: release ptr-libevent@0x560d9b134bc8 Aug 26 13:10:07.011041: | libevent_free: release ptr-libevent@0x560d9b105908 Aug 26 13:10:07.011044: | libevent_free: release ptr-libevent@0x560d9b105d38 Aug 26 13:10:07.011050: | libevent_free: release ptr-libevent@0x560d9b134f38 Aug 26 13:10:07.011054: | releasing global libevent data Aug 26 13:10:07.011057: | libevent_free: release ptr-libevent@0x560d9b10b188 Aug 26 13:10:07.011061: | libevent_free: release ptr-libevent@0x560d9b105cd8 Aug 26 13:10:07.011065: | libevent_free: release ptr-libevent@0x560d9b105dd8 Aug 26 13:10:07.011107: leak detective found no leaks