Aug 26 13:10:10.642923: FIPS Product: YES Aug 26 13:10:10.642962: FIPS Kernel: NO Aug 26 13:10:10.642966: FIPS Mode: NO Aug 26 13:10:10.642968: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:10:10.643128: Initializing NSS Aug 26 13:10:10.643136: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:10:10.670817: NSS initialized Aug 26 13:10:10.670832: NSS crypto library initialized Aug 26 13:10:10.670835: FIPS HMAC integrity support [enabled] Aug 26 13:10:10.670837: FIPS mode disabled for pluto daemon Aug 26 13:10:10.696697: FIPS HMAC integrity verification self-test FAILED Aug 26 13:10:10.696803: libcap-ng support [enabled] Aug 26 13:10:10.696814: Linux audit support [enabled] Aug 26 13:10:10.696853: Linux audit activated Aug 26 13:10:10.696858: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21257 Aug 26 13:10:10.696860: core dump dir: /tmp Aug 26 13:10:10.696861: secrets file: /etc/ipsec.secrets Aug 26 13:10:10.696863: leak-detective enabled Aug 26 13:10:10.696864: NSS crypto [enabled] Aug 26 13:10:10.696865: XAUTH PAM support [enabled] Aug 26 13:10:10.696937: | libevent is using pluto's memory allocator Aug 26 13:10:10.696946: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:10:10.696966: | libevent_malloc: new ptr-libevent@0x55755c0a90c8 size 40 Aug 26 13:10:10.696971: | libevent_malloc: new ptr-libevent@0x55755c0adcd8 size 40 Aug 26 13:10:10.696975: | libevent_malloc: new ptr-libevent@0x55755c0addd8 size 40 Aug 26 13:10:10.696979: | creating event base Aug 26 13:10:10.696983: | libevent_malloc: new ptr-libevent@0x55755c132518 size 56 Aug 26 13:10:10.696988: | libevent_malloc: new ptr-libevent@0x55755c0d6748 size 664 Aug 26 13:10:10.697000: | libevent_malloc: new ptr-libevent@0x55755c132588 size 24 Aug 26 13:10:10.697003: | libevent_malloc: new ptr-libevent@0x55755c1325d8 size 384 Aug 26 13:10:10.697015: | libevent_malloc: new ptr-libevent@0x55755c1324d8 size 16 Aug 26 13:10:10.697019: | libevent_malloc: new ptr-libevent@0x55755c0ad908 size 40 Aug 26 13:10:10.697022: | libevent_malloc: new ptr-libevent@0x55755c0add38 size 48 Aug 26 13:10:10.697028: | libevent_realloc: new ptr-libevent@0x55755c0d63d8 size 256 Aug 26 13:10:10.697031: | libevent_malloc: new ptr-libevent@0x55755c132788 size 16 Aug 26 13:10:10.697038: | libevent_free: release ptr-libevent@0x55755c132518 Aug 26 13:10:10.697042: | libevent initialized Aug 26 13:10:10.697047: | libevent_realloc: new ptr-libevent@0x55755c132518 size 64 Aug 26 13:10:10.697051: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:10:10.697066: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:10:10.697069: NAT-Traversal support [enabled] Aug 26 13:10:10.697073: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:10:10.697080: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:10:10.697085: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:10:10.697121: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:10:10.697127: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:10:10.697131: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:10:10.697196: Encryption algorithms: Aug 26 13:10:10.697208: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:10:10.697214: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:10:10.697219: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:10:10.697223: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:10:10.697227: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:10:10.697237: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:10:10.697242: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:10:10.697246: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:10:10.697250: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:10:10.697254: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:10:10.697258: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:10:10.697262: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:10:10.697266: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:10:10.697270: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:10:10.697274: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:10:10.697277: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:10:10.697281: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:10:10.697328: Hash algorithms: Aug 26 13:10:10.697337: MD5 IKEv1: IKE IKEv2: Aug 26 13:10:10.697342: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:10:10.697347: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:10:10.697351: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:10:10.697355: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:10:10.697375: PRF algorithms: Aug 26 13:10:10.697380: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:10:10.697384: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:10:10.697389: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:10:10.697393: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:10:10.697397: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:10:10.697402: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:10:10.697446: Integrity algorithms: Aug 26 13:10:10.697452: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:10:10.697457: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:10:10.697463: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:10:10.697469: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:10:10.697474: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:10:10.697478: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:10:10.697483: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:10:10.697487: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:10:10.697491: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:10:10.697509: DH algorithms: Aug 26 13:10:10.697515: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:10:10.697519: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:10:10.697523: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:10:10.697530: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:10:10.697534: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:10:10.697539: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:10:10.697543: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:10:10.697547: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:10:10.697551: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:10:10.697556: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:10:10.697560: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:10:10.697564: testing CAMELLIA_CBC: Aug 26 13:10:10.697567: Camellia: 16 bytes with 128-bit key Aug 26 13:10:10.697708: Camellia: 16 bytes with 128-bit key Aug 26 13:10:10.697746: Camellia: 16 bytes with 256-bit key Aug 26 13:10:10.697783: Camellia: 16 bytes with 256-bit key Aug 26 13:10:10.697820: testing AES_GCM_16: Aug 26 13:10:10.697825: empty string Aug 26 13:10:10.697859: one block Aug 26 13:10:10.697890: two blocks Aug 26 13:10:10.697923: two blocks with associated data Aug 26 13:10:10.697957: testing AES_CTR: Aug 26 13:10:10.697962: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:10:10.697993: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:10:10.698029: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:10:10.698069: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:10:10.698103: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:10:10.698140: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:10:10.698177: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:10:10.698211: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:10:10.698248: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:10:10.698284: testing AES_CBC: Aug 26 13:10:10.698294: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:10:10.698333: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:10:10.698371: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:10:10.698410: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:10:10.698456: testing AES_XCBC: Aug 26 13:10:10.698461: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:10:10.698589: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:10:10.698734: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:10:10.698880: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:10:10.699010: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:10:10.699143: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:10:10.699276: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:10:10.699600: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:10:10.699734: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:10:10.699892: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:10:10.700142: testing HMAC_MD5: Aug 26 13:10:10.700148: RFC 2104: MD5_HMAC test 1 Aug 26 13:10:10.700340: RFC 2104: MD5_HMAC test 2 Aug 26 13:10:10.700515: RFC 2104: MD5_HMAC test 3 Aug 26 13:10:10.700735: 8 CPU cores online Aug 26 13:10:10.700741: starting up 7 crypto helpers Aug 26 13:10:10.700779: started thread for crypto helper 0 Aug 26 13:10:10.700804: started thread for crypto helper 1 Aug 26 13:10:10.700812: | starting up helper thread 1 Aug 26 13:10:10.700826: started thread for crypto helper 2 Aug 26 13:10:10.700827: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:10:10.700837: | starting up helper thread 2 Aug 26 13:10:10.700847: started thread for crypto helper 3 Aug 26 13:10:10.700856: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:10:10.700879: started thread for crypto helper 4 Aug 26 13:10:10.700902: started thread for crypto helper 5 Aug 26 13:10:10.700904: | starting up helper thread 5 Aug 26 13:10:10.700914: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:10:10.700928: started thread for crypto helper 6 Aug 26 13:10:10.700933: | starting up helper thread 6 Aug 26 13:10:10.700937: | starting up helper thread 3 Aug 26 13:10:10.700933: | checking IKEv1 state table Aug 26 13:10:10.700949: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:10:10.700941: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:10:10.700961: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:10.700965: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:10:10.700968: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:10.700971: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:10:10.700974: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:10:10.700977: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:10:10.700980: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:10.700982: | starting up helper thread 4 Aug 26 13:10:10.700982: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:10.701000: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:10:10.701002: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:10:10.701009: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:10:10.701012: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:10.701014: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:10.701017: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:10:10.701020: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:10.701023: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:10.701025: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:10.701028: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:10:10.701031: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:10.701033: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:10.701036: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:10.701039: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:10:10.701042: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701045: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:10:10.701047: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701050: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:10.701053: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:10:10.701055: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:10.701058: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:10.701060: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:10.701063: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:10:10.701065: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:10.701067: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:10.701070: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:10:10.701072: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701075: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:10:10.701077: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701080: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:10:10.701082: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:10:10.701085: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:10:10.701087: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:10:10.701089: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:10:10.701091: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:10:10.701094: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:10:10.701096: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701099: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:10:10.701101: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701104: | INFO: category: informational flags: 0: Aug 26 13:10:10.701110: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701113: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:10:10.701116: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701118: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:10:10.701121: | -> XAUTH_R1 EVENT_NULL Aug 26 13:10:10.701123: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:10:10.701126: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:10.701129: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:10:10.701131: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:10:10.701134: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:10:10.701137: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:10:10.701140: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:10:10.701143: | -> UNDEFINED EVENT_NULL Aug 26 13:10:10.701146: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:10:10.701148: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:10.701151: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:10:10.701154: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:10:10.701157: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:10:10.701160: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:10:10.701166: | checking IKEv2 state table Aug 26 13:10:10.701173: | PARENT_I0: category: ignore flags: 0: Aug 26 13:10:10.701176: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:10:10.701179: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:10.701183: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:10:10.701186: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:10:10.701189: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:10:10.701192: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:10:10.701195: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:10:10.701198: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:10:10.701201: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:10:10.701203: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:10:10.701207: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:10:10.701209: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:10:10.701211: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:10:10.701214: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:10:10.701217: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:10:10.701220: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:10.701223: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:10:10.701226: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:10:10.701228: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:10:10.701231: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:10:10.701234: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:10:10.701236: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:10:10.701239: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:10:10.701242: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:10:10.701245: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:10:10.701248: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:10:10.701252: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:10:10.701256: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:10:10.701263: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:10:10.701267: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:10:10.701270: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:10.701273: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:10:10.701276: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:10:10.701279: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:10:10.701284: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:10:10.701326: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:10:10.701336: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:10:10.701340: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:10:10.701344: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:10:10.701348: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:10.701352: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:10:10.701356: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:10:10.701360: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:10:10.701364: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:10:10.701367: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:10:10.701371: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:10:10.701385: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:10:10.701447: | Hard-wiring algorithms Aug 26 13:10:10.701452: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:10:10.701457: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:10:10.701460: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:10:10.701463: | adding 3DES_CBC to kernel algorithm db Aug 26 13:10:10.701467: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:10:10.701470: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:10:10.701473: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:10:10.701476: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:10:10.701480: | adding AES_CTR to kernel algorithm db Aug 26 13:10:10.701483: | adding AES_CBC to kernel algorithm db Aug 26 13:10:10.701486: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:10:10.701490: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:10:10.701493: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:10:10.701496: | adding NULL to kernel algorithm db Aug 26 13:10:10.701500: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:10:10.701503: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:10:10.701507: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:10:10.701510: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:10:10.701513: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:10:10.701517: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:10:10.701520: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:10:10.701523: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:10:10.701526: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:10:10.701530: | adding NONE to kernel algorithm db Aug 26 13:10:10.701550: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:10:10.701558: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:10:10.701561: | setup kernel fd callback Aug 26 13:10:10.701565: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55755c137158 Aug 26 13:10:10.701572: | libevent_malloc: new ptr-libevent@0x55755c11b618 size 128 Aug 26 13:10:10.701576: | libevent_malloc: new ptr-libevent@0x55755c137268 size 16 Aug 26 13:10:10.701584: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55755c137c98 Aug 26 13:10:10.701589: | libevent_malloc: new ptr-libevent@0x55755c0d8fd8 size 128 Aug 26 13:10:10.701596: | libevent_malloc: new ptr-libevent@0x55755c137c58 size 16 Aug 26 13:10:10.700838: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:10.701759: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:10.701775: | crypto helper 5 waiting (nothing to do) Aug 26 13:10:10.701788: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:10.701796: | crypto helper 6 waiting (nothing to do) Aug 26 13:10:10.701804: | crypto helper 4 waiting (nothing to do) Aug 26 13:10:10.701867: | starting up helper thread 0 Aug 26 13:10:10.701874: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:10:10.701877: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:10:10.701893: selinux support is enabled. Aug 26 13:10:10.701894: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:10.702244: | unbound context created - setting debug level to 5 Aug 26 13:10:10.702275: | /etc/hosts lookups activated Aug 26 13:10:10.702298: | /etc/resolv.conf usage activated Aug 26 13:10:10.702371: | outgoing-port-avoid set 0-65535 Aug 26 13:10:10.702403: | outgoing-port-permit set 32768-60999 Aug 26 13:10:10.702407: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:10:10.702411: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:10:10.702414: | Setting up events, loop start Aug 26 13:10:10.702418: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55755c137d08 Aug 26 13:10:10.702422: | libevent_malloc: new ptr-libevent@0x55755c143f18 size 128 Aug 26 13:10:10.702426: | libevent_malloc: new ptr-libevent@0x55755c14f1e8 size 16 Aug 26 13:10:10.702433: | libevent_realloc: new ptr-libevent@0x55755c14f228 size 256 Aug 26 13:10:10.702437: | libevent_malloc: new ptr-libevent@0x55755c14f358 size 8 Aug 26 13:10:10.702440: | libevent_realloc: new ptr-libevent@0x55755c0d9aa8 size 144 Aug 26 13:10:10.702443: | libevent_malloc: new ptr-libevent@0x55755c0d9578 size 152 Aug 26 13:10:10.702447: | libevent_malloc: new ptr-libevent@0x55755c14f398 size 16 Aug 26 13:10:10.702452: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:10:10.702455: | libevent_malloc: new ptr-libevent@0x55755c14f3d8 size 8 Aug 26 13:10:10.702460: | libevent_malloc: new ptr-libevent@0x55755c0dad18 size 152 Aug 26 13:10:10.702464: | signal event handler PLUTO_SIGTERM installed Aug 26 13:10:10.702467: | libevent_malloc: new ptr-libevent@0x55755c14f418 size 8 Aug 26 13:10:10.702470: | libevent_malloc: new ptr-libevent@0x55755c14f458 size 152 Aug 26 13:10:10.702473: | signal event handler PLUTO_SIGHUP installed Aug 26 13:10:10.702476: | libevent_malloc: new ptr-libevent@0x55755c14f528 size 8 Aug 26 13:10:10.702478: | libevent_realloc: release ptr-libevent@0x55755c0d9aa8 Aug 26 13:10:10.702482: | libevent_realloc: new ptr-libevent@0x55755c14f568 size 256 Aug 26 13:10:10.702485: | libevent_malloc: new ptr-libevent@0x55755c14f698 size 152 Aug 26 13:10:10.702488: | signal event handler PLUTO_SIGSYS installed Aug 26 13:10:10.703151: | created addconn helper (pid:21340) using fork+execve Aug 26 13:10:10.703174: | forked child 21340 Aug 26 13:10:10.703226: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.703240: listening for IKE messages Aug 26 13:10:10.703719: | Inspecting interface lo Aug 26 13:10:10.703734: | found lo with address 127.0.0.1 Aug 26 13:10:10.703739: | Inspecting interface eth0 Aug 26 13:10:10.703743: | found eth0 with address 192.0.3.254 Aug 26 13:10:10.703749: | Inspecting interface eth1 Aug 26 13:10:10.703754: | found eth1 with address 192.1.3.33 Aug 26 13:10:10.703869: Kernel supports NIC esp-hw-offload Aug 26 13:10:10.703897: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:10:10.703970: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:10.703976: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:10.703980: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:10:10.704023: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:10:10.704069: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:10.704074: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:10.704079: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:10:10.704102: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:10:10.704122: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:10.704127: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:10.704131: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:10:10.704216: | no interfaces to sort Aug 26 13:10:10.704222: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:10.704232: | add_fd_read_event_handler: new ethX-pe@0x55755c14fb68 Aug 26 13:10:10.704236: | libevent_malloc: new ptr-libevent@0x55755c143e68 size 128 Aug 26 13:10:10.704241: | libevent_malloc: new ptr-libevent@0x55755c14fbd8 size 16 Aug 26 13:10:10.704249: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:10.704252: | add_fd_read_event_handler: new ethX-pe@0x55755c14fc18 Aug 26 13:10:10.704256: | libevent_malloc: new ptr-libevent@0x55755c0d9088 size 128 Aug 26 13:10:10.704260: | libevent_malloc: new ptr-libevent@0x55755c14fc88 size 16 Aug 26 13:10:10.704265: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:10.704269: | add_fd_read_event_handler: new ethX-pe@0x55755c14fcc8 Aug 26 13:10:10.704275: | libevent_malloc: new ptr-libevent@0x55755c0d8f28 size 128 Aug 26 13:10:10.704279: | libevent_malloc: new ptr-libevent@0x55755c14fd38 size 16 Aug 26 13:10:10.704284: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:10:10.704306: | add_fd_read_event_handler: new ethX-pe@0x55755c14fd78 Aug 26 13:10:10.704315: | libevent_malloc: new ptr-libevent@0x55755c0da888 size 128 Aug 26 13:10:10.704319: | libevent_malloc: new ptr-libevent@0x55755c14fde8 size 16 Aug 26 13:10:10.704325: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:10:10.704329: | add_fd_read_event_handler: new ethX-pe@0x55755c14fe28 Aug 26 13:10:10.704335: | libevent_malloc: new ptr-libevent@0x55755c0ae4e8 size 128 Aug 26 13:10:10.704339: | libevent_malloc: new ptr-libevent@0x55755c14fe98 size 16 Aug 26 13:10:10.704345: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:10:10.704349: | add_fd_read_event_handler: new ethX-pe@0x55755c14fed8 Aug 26 13:10:10.704352: | libevent_malloc: new ptr-libevent@0x55755c0ae1d8 size 128 Aug 26 13:10:10.704356: | libevent_malloc: new ptr-libevent@0x55755c14ff48 size 16 Aug 26 13:10:10.704361: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:10:10.704369: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:10.704372: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:10.704391: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:10.704416: | saving Modulus Aug 26 13:10:10.704422: | saving PublicExponent Aug 26 13:10:10.704427: | ignoring PrivateExponent Aug 26 13:10:10.704432: | ignoring Prime1 Aug 26 13:10:10.704436: | ignoring Prime2 Aug 26 13:10:10.704440: | ignoring Exponent1 Aug 26 13:10:10.704444: | ignoring Exponent2 Aug 26 13:10:10.704449: | ignoring Coefficient Aug 26 13:10:10.704453: | ignoring CKAIDNSS Aug 26 13:10:10.704500: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:10.704505: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:10.704509: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:10:10.704518: | certs and keys locked by 'process_secret' Aug 26 13:10:10.704524: | certs and keys unlocked by 'process_secret' Aug 26 13:10:10.704535: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.704542: | spent 1.3 milliseconds in whack Aug 26 13:10:10.734837: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.734860: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:10.734867: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:10.734869: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:10.734870: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:10.734874: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:10.734880: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:10.734882: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:10:10.734922: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:10:10.734924: | from whack: got --esp= Aug 26 13:10:10.734948: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:10:10.734952: | counting wild cards for @north is 0 Aug 26 13:10:10.734954: | counting wild cards for @east is 0 Aug 26 13:10:10.734961: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:10:10.734963: | new hp@0x55755c152498 Aug 26 13:10:10.734966: added connection description "north-east" Aug 26 13:10:10.734974: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:10.734981: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:10:10.734988: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.734993: | spent 0.163 milliseconds in whack Aug 26 13:10:10.735046: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.735054: add keyid @north Aug 26 13:10:10.735057: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:10:10.735059: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:10:10.735060: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:10:10.735062: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:10:10.735064: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:10:10.735065: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:10:10.735067: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:10:10.735068: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:10:10.735070: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:10:10.735071: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:10:10.735073: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:10:10.735074: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:10:10.735076: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:10:10.735077: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:10:10.735079: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:10:10.735080: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:10:10.735082: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:10:10.735083: | add pubkey c7 5e a5 99 Aug 26 13:10:10.735101: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:10.735103: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:10.735110: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.735114: | spent 0.0713 milliseconds in whack Aug 26 13:10:10.735139: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.735145: add keyid @east Aug 26 13:10:10.735147: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:10:10.735148: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:10:10.735150: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:10:10.735151: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:10:10.735153: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:10:10.735154: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:10:10.735156: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:10:10.735157: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:10:10.735159: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:10:10.735160: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:10:10.735162: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:10:10.735163: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:10:10.735165: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:10:10.735166: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:10:10.735168: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:10:10.735169: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:10:10.735171: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:10:10.735172: | add pubkey 51 51 48 ef Aug 26 13:10:10.735177: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:10.735179: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:10.735184: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.735188: | spent 0.0504 milliseconds in whack Aug 26 13:10:10.735205: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.735211: listening for IKE messages Aug 26 13:10:10.735268: | Inspecting interface lo Aug 26 13:10:10.735272: | found lo with address 127.0.0.1 Aug 26 13:10:10.735274: | Inspecting interface eth0 Aug 26 13:10:10.735277: | found eth0 with address 192.0.3.254 Aug 26 13:10:10.735278: | Inspecting interface eth1 Aug 26 13:10:10.735281: | found eth1 with address 192.1.3.33 Aug 26 13:10:10.735361: | no interfaces to sort Aug 26 13:10:10.735370: | libevent_free: release ptr-libevent@0x55755c143e68 Aug 26 13:10:10.735372: | free_event_entry: release EVENT_NULL-pe@0x55755c14fb68 Aug 26 13:10:10.735374: | add_fd_read_event_handler: new ethX-pe@0x55755c14fb68 Aug 26 13:10:10.735377: | libevent_malloc: new ptr-libevent@0x55755c143e68 size 128 Aug 26 13:10:10.735382: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:10.735384: | libevent_free: release ptr-libevent@0x55755c0d9088 Aug 26 13:10:10.735386: | free_event_entry: release EVENT_NULL-pe@0x55755c14fc18 Aug 26 13:10:10.735388: | add_fd_read_event_handler: new ethX-pe@0x55755c14fc18 Aug 26 13:10:10.735390: | libevent_malloc: new ptr-libevent@0x55755c0d9088 size 128 Aug 26 13:10:10.735393: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:10.735395: | libevent_free: release ptr-libevent@0x55755c0d8f28 Aug 26 13:10:10.735397: | free_event_entry: release EVENT_NULL-pe@0x55755c14fcc8 Aug 26 13:10:10.735399: | add_fd_read_event_handler: new ethX-pe@0x55755c14fcc8 Aug 26 13:10:10.735400: | libevent_malloc: new ptr-libevent@0x55755c0d8f28 size 128 Aug 26 13:10:10.735403: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:10:10.735406: | libevent_free: release ptr-libevent@0x55755c0da888 Aug 26 13:10:10.735408: | free_event_entry: release EVENT_NULL-pe@0x55755c14fd78 Aug 26 13:10:10.735409: | add_fd_read_event_handler: new ethX-pe@0x55755c14fd78 Aug 26 13:10:10.735411: | libevent_malloc: new ptr-libevent@0x55755c0da888 size 128 Aug 26 13:10:10.735417: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:10:10.735420: | libevent_free: release ptr-libevent@0x55755c0ae4e8 Aug 26 13:10:10.735422: | free_event_entry: release EVENT_NULL-pe@0x55755c14fe28 Aug 26 13:10:10.735423: | add_fd_read_event_handler: new ethX-pe@0x55755c14fe28 Aug 26 13:10:10.735425: | libevent_malloc: new ptr-libevent@0x55755c0ae4e8 size 128 Aug 26 13:10:10.735428: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:10:10.735431: | libevent_free: release ptr-libevent@0x55755c0ae1d8 Aug 26 13:10:10.735432: | free_event_entry: release EVENT_NULL-pe@0x55755c14fed8 Aug 26 13:10:10.735434: | add_fd_read_event_handler: new ethX-pe@0x55755c14fed8 Aug 26 13:10:10.735436: | libevent_malloc: new ptr-libevent@0x55755c0ae1d8 size 128 Aug 26 13:10:10.735439: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:10:10.735441: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:10.735442: forgetting secrets Aug 26 13:10:10.735448: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:10.735459: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:10.735469: | saving Modulus Aug 26 13:10:10.735471: | saving PublicExponent Aug 26 13:10:10.735474: | ignoring PrivateExponent Aug 26 13:10:10.735476: | ignoring Prime1 Aug 26 13:10:10.735478: | ignoring Prime2 Aug 26 13:10:10.735480: | ignoring Exponent1 Aug 26 13:10:10.735482: | ignoring Exponent2 Aug 26 13:10:10.735483: | ignoring Coefficient Aug 26 13:10:10.735485: | ignoring CKAIDNSS Aug 26 13:10:10.735494: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:10.735496: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:10.735499: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:10:10.735502: | certs and keys locked by 'process_secret' Aug 26 13:10:10.735504: | certs and keys unlocked by 'process_secret' Aug 26 13:10:10.735511: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.735515: | spent 0.309 milliseconds in whack Aug 26 13:10:10.736177: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:10.736564: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:10.736578: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Aug 26 13:10:10.736583: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 13:10:10.736586: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:10.736590: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:10.736594: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:10.736598: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 13:10:10.736602: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:10.736605: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:10.736608: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:10.736611: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:10.736615: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 13:10:10.736620: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Aug 26 13:10:10.736625: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:10.736629: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:10.736633: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:10.736639: | IPsec Sa SPD priority set to 1040359 Aug 26 13:10:10.736675: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:10.736680: | route_and_eroute: firewall_notified: true Aug 26 13:10:10.736683: | running updown command "ipsec _updown" for verb prepare Aug 26 13:10:10.736687: | command executing prepare-client Aug 26 13:10:10.736719: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 13:10:10.736727: | popen cmd is 1028 chars long Aug 26 13:10:10.736731: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 13:10:10.736735: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Aug 26 13:10:10.736738: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Aug 26 13:10:10.736742: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:10:10.736746: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 13:10:10.736749: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 13:10:10.736752: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:10:10.736756: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 13:10:10.736759: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 13:10:10.736763: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:10:10.736767: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:10:10.736771: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:10:10.736775: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:10.743857: | running updown command "ipsec _updown" for verb route Aug 26 13:10:10.743872: | command executing route-client Aug 26 13:10:10.743893: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Aug 26 13:10:10.743895: | popen cmd is 1026 chars long Aug 26 13:10:10.743897: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Aug 26 13:10:10.743899: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: Aug 26 13:10:10.743901: | cmd( 160):='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLU: Aug 26 13:10:10.743906: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 13:10:10.743908: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Aug 26 13:10:10.743909: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 13:10:10.743911: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:10:10.743912: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 13:10:10.743914: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Aug 26 13:10:10.743916: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Aug 26 13:10:10.743917: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 13:10:10.743919: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 13:10:10.743920: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:10.754740: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Aug 26 13:10:10.754770: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:10.754782: | spent 1.01 milliseconds in whack Aug 26 13:10:10.754802: | processing signal PLUTO_SIGCHLD Aug 26 13:10:10.754808: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:10:10.754812: | spent 0.00511 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:10.754814: | processing signal PLUTO_SIGCHLD Aug 26 13:10:10.754818: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:10:10.754821: | spent 0.00319 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:10.755333: | processing signal PLUTO_SIGCHLD Aug 26 13:10:10.755347: | waitpid returned pid 21340 (exited with status 0) Aug 26 13:10:10.755351: | reaped addconn helper child (status 0) Aug 26 13:10:10.755361: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:10.755366: | spent 0.0223 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:10.971705: | kernel_process_msg_cb process netlink message Aug 26 13:10:10.971751: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:10:10.971767: | xfrm netlink msg len 376 Aug 26 13:10:10.971775: | xfrm acquire rtattribute type 5 Aug 26 13:10:10.971783: | xfrm acquire rtattribute type 16 Aug 26 13:10:10.971817: | add bare shunt 0x55755c151748 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:10:10.971837: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Aug 26 13:10:10.971854: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Aug 26 13:10:10.971865: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:10:10.971884: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32 -> 192.0.2.0/24 [pri: 33603594] Aug 26 13:10:10.971894: | find_connection: first OK "north-east" [pri:33603594]{0x55755c150688} (child none) Aug 26 13:10:10.971904: | find_connection: concluding with "north-east" [pri:33603594]{0x55755c150688} kind=CK_PERMANENT Aug 26 13:10:10.971914: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:10:10.971921: | assign_holdpass() need broad(er) shunt Aug 26 13:10:10.971930: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:10.971949: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:10:10.971964: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:10:10.971978: | raw_eroute result=success Aug 26 13:10:10.971986: | assign_holdpass() eroute_connection() done Aug 26 13:10:10.971993: | fiddle_bare_shunt called Aug 26 13:10:10.972001: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:10:10.972019: | removing specific host-to-host bare shunt Aug 26 13:10:10.972036: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Aug 26 13:10:10.972044: | netlink_raw_eroute: SPI_PASS Aug 26 13:10:10.972083: | raw_eroute result=success Aug 26 13:10:10.972095: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:10:10.972111: | delete bare shunt 0x55755c151748 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:10:10.972122: assign_holdpass() delete_bare_shunt() failed Aug 26 13:10:10.972131: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:10:10.972141: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:10:10.972189: | creating state object #1 at 0x55755c152b58 Aug 26 13:10:10.972200: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:10:10.972223: | pstats #1 ikev2.ike started Aug 26 13:10:10.972237: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:10.972247: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:10:10.972264: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:10.972316: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:10.972335: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:10:10.972349: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" Aug 26 13:10:10.972365: "north-east" #1: initiating v2 parent SA Aug 26 13:10:10.972376: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE) Aug 26 13:10:10.972399: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.972424: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.972436: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.972454: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.972466: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.972483: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.972497: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.972515: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.972547: "north-east": constructed local IKE proposals for north-east (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.972569: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:10:10.972589: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55755c152578 Aug 26 13:10:10.972602: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:10.972613: | libevent_malloc: new ptr-libevent@0x55755c153b68 size 128 Aug 26 13:10:10.972659: | #1 spent 0.798 milliseconds in ikev2_parent_outI1() Aug 26 13:10:10.972674: | RESET processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:10.972675: | crypto helper 1 resuming Aug 26 13:10:10.972686: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Aug 26 13:10:10.972723: | crypto helper 1 starting work-order 1 for state #1 Aug 26 13:10:10.972737: | spent 0.952 milliseconds in kernel message Aug 26 13:10:10.972739: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:10:10.974763: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.002023 seconds Aug 26 13:10:10.974795: | (#1) spent 2 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:10:10.974803: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 13:10:10.974810: | scheduling resume sending helper answer for #1 Aug 26 13:10:10.974817: | libevent_malloc: new ptr-libevent@0x7fd620002888 size 128 Aug 26 13:10:10.974833: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:10.974888: | processing resume sending helper answer for #1 Aug 26 13:10:10.974917: | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:10.974928: | crypto helper 1 replies to request ID 1 Aug 26 13:10:10.974934: | calling continuation function 0x55755b10db50 Aug 26 13:10:10.974939: | ikev2_parent_outI1_continue for #1 Aug 26 13:10:10.975023: | **emit ISAKMP Message: Aug 26 13:10:10.975032: | initiator cookie: Aug 26 13:10:10.975037: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.975042: | responder cookie: Aug 26 13:10:10.975046: | 00 00 00 00 00 00 00 00 Aug 26 13:10:10.975052: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:10.975058: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.975063: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:10.975071: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:10.975077: | Message ID: 0 (0x0) Aug 26 13:10:10.975083: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:10.975113: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.975119: | Emitting ikev2_proposals ... Aug 26 13:10:10.975125: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:10.975131: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.975135: | flags: none (0x0) Aug 26 13:10:10.975142: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:10.975148: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.975153: | discarding INTEG=NONE Aug 26 13:10:10.975159: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.975165: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.975169: | prop #: 1 (0x1) Aug 26 13:10:10.975185: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.975191: | spi size: 0 (0x0) Aug 26 13:10:10.975195: | # transforms: 11 (0xb) Aug 26 13:10:10.975201: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.975207: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975217: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.975222: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.975228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975234: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.975239: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.975244: | length/value: 256 (0x100) Aug 26 13:10:10.975250: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.975255: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975265: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.975270: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.975276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975287: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975317: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975329: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.975334: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.975340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975350: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975355: | discarding INTEG=NONE Aug 26 13:10:10.975360: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975369: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975374: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.975380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975390: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975395: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975409: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.975415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975425: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975430: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975448: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975454: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.975460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975465: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975470: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975475: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975485: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975489: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.975495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975506: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975510: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975525: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.975530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975536: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975541: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975545: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975555: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975560: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.975565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975576: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975581: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975590: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975595: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.975600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975616: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975620: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.975625: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975630: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.975636: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975646: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975654: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:10.975660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.975665: | discarding INTEG=NONE Aug 26 13:10:10.975670: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.975675: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.975680: | prop #: 2 (0x2) Aug 26 13:10:10.975684: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.975689: | spi size: 0 (0x0) Aug 26 13:10:10.975694: | # transforms: 11 (0xb) Aug 26 13:10:10.975700: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.975706: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.975711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975721: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.975726: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.975731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975736: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.975742: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.975746: | length/value: 128 (0x80) Aug 26 13:10:10.975751: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.975756: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975766: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.975771: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.975776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975787: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975792: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975796: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975801: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.975806: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.975812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975817: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975827: | discarding INTEG=NONE Aug 26 13:10:10.975831: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975841: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975846: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.975851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975862: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975867: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975883: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.975889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975900: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975905: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975914: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975919: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.975925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975935: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975949: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975954: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.975960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.975970: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.975975: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.975980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.975984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.975989: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.975995: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976006: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976010: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976025: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.976030: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976041: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976046: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976055: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976060: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.976065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976076: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976083: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976088: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.976093: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976098: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.976103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976114: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976119: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:10.976124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.976130: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.976134: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.976139: | prop #: 3 (0x3) Aug 26 13:10:10.976144: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.976148: | spi size: 0 (0x0) Aug 26 13:10:10.976153: | # transforms: 13 (0xd) Aug 26 13:10:10.976159: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.976164: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.976169: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976179: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.976184: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.976189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976194: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.976199: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.976204: | length/value: 256 (0x100) Aug 26 13:10:10.976209: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.976214: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976223: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.976228: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.976234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976239: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976244: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976249: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976259: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.976263: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.976269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976280: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976284: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976308: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.976313: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.976322: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976333: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976348: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.976352: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.976358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976364: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976373: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976383: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976388: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.976394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976404: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976409: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976418: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976423: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.976429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976439: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976444: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976458: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976466: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.976474: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976485: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976490: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976499: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976504: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.976510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976520: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976538: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976543: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.976548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976554: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976559: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976564: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976573: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976578: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.976584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976594: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976599: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976613: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.976619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976624: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976634: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976639: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.976644: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976648: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.976654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976670: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:10.976675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.976680: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.976685: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.976690: | prop #: 4 (0x4) Aug 26 13:10:10.976694: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.976699: | spi size: 0 (0x0) Aug 26 13:10:10.976704: | # transforms: 13 (0xd) Aug 26 13:10:10.976710: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.976715: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.976720: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976730: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.976735: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.976740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976748: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.976753: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.976758: | length/value: 128 (0x80) Aug 26 13:10:10.976763: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.976767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976777: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.976782: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.976787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976798: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976803: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976812: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.976817: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.976823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976833: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976838: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976847: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.976852: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.976858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976873: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976883: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.976887: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.976893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976904: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976908: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976918: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976923: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.976929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976939: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976944: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976953: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976958: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.976966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.976977: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.976981: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.976986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.976991: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.976995: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.977001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977012: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977016: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.977021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977026: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.977031: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.977036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977047: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977052: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.977056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.977066: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.977071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977082: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977087: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.977091: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.977101: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.977106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977117: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977122: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.977126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977131: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.977136: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.977142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977152: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977157: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.977164: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.977169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.977174: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.977179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.977185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.977190: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.977195: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:10.977200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.977205: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:10:10.977211: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:10.977216: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:10.977221: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.977226: | flags: none (0x0) Aug 26 13:10:10.977231: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.977238: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:10.977243: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.977250: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:10.977256: | ikev2 g^x 2a db 21 73 50 2d f0 ec 50 fd f4 f5 28 e6 1c 4d Aug 26 13:10:10.977261: | ikev2 g^x ea 4b 47 6a 7c 37 5b fc b1 50 3a 9e 5c ed 06 4e Aug 26 13:10:10.977266: | ikev2 g^x e9 07 45 50 f3 38 ef b3 6c 3c 67 ff 16 8b 8e e5 Aug 26 13:10:10.977270: | ikev2 g^x 25 b6 c1 7b 7c 31 f7 0d 77 89 02 9c 6c 60 36 c5 Aug 26 13:10:10.977275: | ikev2 g^x 16 58 e4 1c 9e ab e4 e7 07 35 09 42 0d 5c b8 db Aug 26 13:10:10.977280: | ikev2 g^x 49 4a 38 6b 31 b9 f5 ce eb 37 59 d8 ff 70 01 a8 Aug 26 13:10:10.977284: | ikev2 g^x f7 9f 0e aa 2d a1 b4 92 02 4f 40 f1 9f 36 35 bc Aug 26 13:10:10.977309: | ikev2 g^x 18 95 c8 e7 a9 65 15 81 ac 47 db 0f 12 e5 6e 7c Aug 26 13:10:10.977319: | ikev2 g^x c1 4a ab cc 56 d9 f6 21 bb 60 07 2d f3 40 3a ac Aug 26 13:10:10.977324: | ikev2 g^x 91 fb f0 45 af 8d 39 cf 6c 87 11 1c 30 c3 29 0b Aug 26 13:10:10.977328: | ikev2 g^x cf bc ee a2 6f 14 a3 88 9e af ee 9e c9 ab 84 d7 Aug 26 13:10:10.977333: | ikev2 g^x 03 e8 b4 d7 bf 99 d3 88 be 37 d1 b2 ea ce fe dc Aug 26 13:10:10.977338: | ikev2 g^x a5 15 6c b2 75 ac 7f 4b 63 cd a0 97 68 1d 33 4b Aug 26 13:10:10.977342: | ikev2 g^x 99 66 b1 88 1a 1c bb 58 bd 32 30 69 49 d2 7b 08 Aug 26 13:10:10.977347: | ikev2 g^x 3a 2b b8 50 5c b3 73 6f b0 1d c3 64 4c ad 58 79 Aug 26 13:10:10.977351: | ikev2 g^x d9 42 b3 e1 47 3c c7 24 59 fa 50 64 07 88 da 45 Aug 26 13:10:10.977357: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:10.977362: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:10.977367: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.977372: | flags: none (0x0) Aug 26 13:10:10.977378: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:10.977384: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:10.977389: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.977395: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:10.977401: | IKEv2 nonce 3a 67 29 8b 27 da ac 6a 1c 59 7f a0 07 68 d7 b0 Aug 26 13:10:10.977405: | IKEv2 nonce 6a 77 b2 b5 61 4b b6 2c 59 38 e3 23 f3 d6 2a fb Aug 26 13:10:10.977413: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:10.977419: | Adding a v2N Payload Aug 26 13:10:10.977423: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.977429: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.977433: | flags: none (0x0) Aug 26 13:10:10.977438: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.977443: | SPI size: 0 (0x0) Aug 26 13:10:10.977448: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:10.977455: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.977460: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.977465: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:10.977472: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:10.977477: | natd_hash: rcookie is zero Aug 26 13:10:10.977504: | natd_hash: hasher=0x55755b1e2800(20) Aug 26 13:10:10.977510: | natd_hash: icookie= 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.977515: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:10.977519: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:10.977524: | natd_hash: port=500 Aug 26 13:10:10.977529: | natd_hash: hash= 21 49 0e 06 c8 45 4a d2 03 33 d9 50 35 a4 4d 5a Aug 26 13:10:10.977534: | natd_hash: hash= 39 09 1a 06 Aug 26 13:10:10.977539: | Adding a v2N Payload Aug 26 13:10:10.977544: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.977549: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.977554: | flags: none (0x0) Aug 26 13:10:10.977559: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.977563: | SPI size: 0 (0x0) Aug 26 13:10:10.977568: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:10.977574: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.977580: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.977586: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:10.977591: | Notify data 21 49 0e 06 c8 45 4a d2 03 33 d9 50 35 a4 4d 5a Aug 26 13:10:10.977595: | Notify data 39 09 1a 06 Aug 26 13:10:10.977600: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:10.977605: | natd_hash: rcookie is zero Aug 26 13:10:10.977616: | natd_hash: hasher=0x55755b1e2800(20) Aug 26 13:10:10.977624: | natd_hash: icookie= 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.977632: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:10.977639: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:10.977647: | natd_hash: port=500 Aug 26 13:10:10.977654: | natd_hash: hash= 0e db d9 10 0a ef 78 98 23 96 d6 97 67 10 35 99 Aug 26 13:10:10.977662: | natd_hash: hash= ba c5 e0 f7 Aug 26 13:10:10.977671: | Adding a v2N Payload Aug 26 13:10:10.977678: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.977686: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.977694: | flags: none (0x0) Aug 26 13:10:10.977702: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.977710: | SPI size: 0 (0x0) Aug 26 13:10:10.977719: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:10.977730: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.977739: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.977749: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:10.977756: | Notify data 0e db d9 10 0a ef 78 98 23 96 d6 97 67 10 35 99 Aug 26 13:10:10.977764: | Notify data ba c5 e0 f7 Aug 26 13:10:10.977772: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:10.977782: | emitting length of ISAKMP Message: 828 Aug 26 13:10:10.977807: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:10:10.977847: | start processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.977860: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:10:10.977869: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:10:10.977879: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:10:10.977889: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:10:10.977897: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:10:10.977917: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:10.977928: "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:10.977942: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:10:10.977973: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:10.977983: | 93 68 0e fb 39 d1 55 67 00 00 00 00 00 00 00 00 Aug 26 13:10:10.977991: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:10:10.977998: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:10:10.978004: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:10:10.978011: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:10:10.978017: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:10:10.978023: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:10:10.978029: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:10:10.978035: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:10:10.978041: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:10:10.978048: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:10:10.978054: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:10:10.978061: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:10:10.978068: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:10:10.978076: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:10:10.978083: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:10:10.978090: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:10.978097: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:10:10.978105: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:10:10.978112: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:10:10.978119: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:10:10.978127: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:10:10.978134: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:10:10.978142: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:10:10.978150: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:10:10.978157: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:10:10.978165: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:10:10.978172: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:10:10.978180: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:10:10.978187: | 28 00 01 08 00 0e 00 00 2a db 21 73 50 2d f0 ec Aug 26 13:10:10.978195: | 50 fd f4 f5 28 e6 1c 4d ea 4b 47 6a 7c 37 5b fc Aug 26 13:10:10.978201: | b1 50 3a 9e 5c ed 06 4e e9 07 45 50 f3 38 ef b3 Aug 26 13:10:10.978208: | 6c 3c 67 ff 16 8b 8e e5 25 b6 c1 7b 7c 31 f7 0d Aug 26 13:10:10.978216: | 77 89 02 9c 6c 60 36 c5 16 58 e4 1c 9e ab e4 e7 Aug 26 13:10:10.978223: | 07 35 09 42 0d 5c b8 db 49 4a 38 6b 31 b9 f5 ce Aug 26 13:10:10.978231: | eb 37 59 d8 ff 70 01 a8 f7 9f 0e aa 2d a1 b4 92 Aug 26 13:10:10.978238: | 02 4f 40 f1 9f 36 35 bc 18 95 c8 e7 a9 65 15 81 Aug 26 13:10:10.978250: | ac 47 db 0f 12 e5 6e 7c c1 4a ab cc 56 d9 f6 21 Aug 26 13:10:10.978258: | bb 60 07 2d f3 40 3a ac 91 fb f0 45 af 8d 39 cf Aug 26 13:10:10.978265: | 6c 87 11 1c 30 c3 29 0b cf bc ee a2 6f 14 a3 88 Aug 26 13:10:10.978273: | 9e af ee 9e c9 ab 84 d7 03 e8 b4 d7 bf 99 d3 88 Aug 26 13:10:10.978280: | be 37 d1 b2 ea ce fe dc a5 15 6c b2 75 ac 7f 4b Aug 26 13:10:10.978299: | 63 cd a0 97 68 1d 33 4b 99 66 b1 88 1a 1c bb 58 Aug 26 13:10:10.978314: | bd 32 30 69 49 d2 7b 08 3a 2b b8 50 5c b3 73 6f Aug 26 13:10:10.978323: | b0 1d c3 64 4c ad 58 79 d9 42 b3 e1 47 3c c7 24 Aug 26 13:10:10.978331: | 59 fa 50 64 07 88 da 45 29 00 00 24 3a 67 29 8b Aug 26 13:10:10.978339: | 27 da ac 6a 1c 59 7f a0 07 68 d7 b0 6a 77 b2 b5 Aug 26 13:10:10.978346: | 61 4b b6 2c 59 38 e3 23 f3 d6 2a fb 29 00 00 08 Aug 26 13:10:10.978354: | 00 00 40 2e 29 00 00 1c 00 00 40 04 21 49 0e 06 Aug 26 13:10:10.978361: | c8 45 4a d2 03 33 d9 50 35 a4 4d 5a 39 09 1a 06 Aug 26 13:10:10.978368: | 00 00 00 1c 00 00 40 05 0e db d9 10 0a ef 78 98 Aug 26 13:10:10.978376: | 23 96 d6 97 67 10 35 99 ba c5 e0 f7 Aug 26 13:10:10.978580: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:10.978603: | libevent_free: release ptr-libevent@0x55755c153b68 Aug 26 13:10:10.978615: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55755c152578 Aug 26 13:10:10.978626: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:10.978638: | event_schedule: new EVENT_RETRANSMIT-pe@0x55755c152578 Aug 26 13:10:10.978652: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:10:10.978662: | libevent_malloc: new ptr-libevent@0x55755c153798 size 128 Aug 26 13:10:10.978679: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10296.721101 Aug 26 13:10:10.978692: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:10:10.978712: | #1 spent 3.59 milliseconds in resume sending helper answer Aug 26 13:10:10.978731: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:10.978741: | libevent_free: release ptr-libevent@0x7fd620002888 Aug 26 13:10:10.987107: | spent 0.00648 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:10.987172: | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:10.987184: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:10.987192: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Aug 26 13:10:10.987200: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:10:10.987207: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:10:10.987214: | 04 00 00 0e 28 00 01 08 00 0e 00 00 58 86 b6 11 Aug 26 13:10:10.987221: | 41 87 cf 19 88 a5 f8 34 30 db 7b 5e 73 cc 93 5f Aug 26 13:10:10.987228: | e6 94 98 71 41 7b 05 86 a5 a4 3b b0 17 0a 7c b0 Aug 26 13:10:10.987235: | c9 aa bb 7f 26 db 34 96 88 86 e0 96 55 a0 d7 c7 Aug 26 13:10:10.987242: | 8e f2 d7 33 19 67 6b 17 26 25 bb 22 85 e4 98 7f Aug 26 13:10:10.987249: | 62 68 66 5b f4 d2 bb 75 35 9d f7 73 dd ec a0 31 Aug 26 13:10:10.987253: | 80 f8 6f db 48 60 37 80 52 c7 bc d3 15 0f 8e ff Aug 26 13:10:10.987258: | 2a c7 9c 13 64 b6 10 ba b7 e3 e0 8a 97 76 da 22 Aug 26 13:10:10.987262: | 31 5b fd 2f 88 56 c7 a7 24 c6 ba e3 28 af 9a b8 Aug 26 13:10:10.987267: | 16 02 2c 34 ce 1c a1 bb 2c b1 18 5a 68 f8 3d 97 Aug 26 13:10:10.987271: | 90 a7 56 f2 8a b8 6d 3b 21 52 b2 7e 99 e6 f6 b3 Aug 26 13:10:10.987276: | c8 7e a7 3b 9f 8a 7e 79 78 ae bc 56 23 b0 69 4f Aug 26 13:10:10.987281: | 69 30 29 43 a0 c3 a0 e0 86 4d 08 41 16 64 3a ef Aug 26 13:10:10.987285: | 64 c1 de b2 81 40 4e 4b 8b 2d a2 91 5f 2f fc c0 Aug 26 13:10:10.987313: | a0 8d 1f 10 cd 21 45 a7 95 c7 e9 d5 21 6f f1 f0 Aug 26 13:10:10.987329: | b6 ca 75 cc 69 97 89 b4 cd c9 68 07 c7 cf cb c2 Aug 26 13:10:10.987334: | 2a 4b 7e 62 dc 1c bf 68 bd be 29 4d 29 00 00 24 Aug 26 13:10:10.987338: | db 5f 3a c7 39 2e 29 e6 d9 f8 d0 9f a6 a4 17 f5 Aug 26 13:10:10.987343: | 0a 5c b0 93 2d af df 81 23 bb c1 32 f0 ad 63 9c Aug 26 13:10:10.987347: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:10:10.987352: | dd ea a0 3a 9e ea f8 04 bd 06 91 79 a3 6e a7 83 Aug 26 13:10:10.987357: | 61 ba 8a f5 26 00 00 1c 00 00 40 05 8a 98 e4 3f Aug 26 13:10:10.987361: | 70 37 8a be 25 a0 b6 e8 c6 b2 99 bd 5a 2a aa 1e Aug 26 13:10:10.987366: | 00 00 00 05 04 Aug 26 13:10:10.987375: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:10.987383: | **parse ISAKMP Message: Aug 26 13:10:10.987388: | initiator cookie: Aug 26 13:10:10.987392: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.987397: | responder cookie: Aug 26 13:10:10.987402: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:10.987407: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:10.987413: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.987418: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:10.987423: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:10.987428: | Message ID: 0 (0x0) Aug 26 13:10:10.987433: | length: 437 (0x1b5) Aug 26 13:10:10.987439: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:10:10.987446: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:10:10.987453: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:10:10.987466: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:10.987475: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:10.987480: | #1 is idle Aug 26 13:10:10.987484: | #1 idle Aug 26 13:10:10.987489: | unpacking clear payload Aug 26 13:10:10.987494: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:10.987500: | ***parse IKEv2 Security Association Payload: Aug 26 13:10:10.987505: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:10.987510: | flags: none (0x0) Aug 26 13:10:10.987514: | length: 40 (0x28) Aug 26 13:10:10.987520: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:10:10.987524: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:10.987530: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:10:10.987535: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:10.987539: | flags: none (0x0) Aug 26 13:10:10.987544: | length: 264 (0x108) Aug 26 13:10:10.987549: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.987554: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:10:10.987558: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:10.987563: | ***parse IKEv2 Nonce Payload: Aug 26 13:10:10.987568: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.987572: | flags: none (0x0) Aug 26 13:10:10.987577: | length: 36 (0x24) Aug 26 13:10:10.987582: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:10.987586: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.987591: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.987596: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.987601: | flags: none (0x0) Aug 26 13:10:10.987605: | length: 8 (0x8) Aug 26 13:10:10.987610: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.987615: | SPI size: 0 (0x0) Aug 26 13:10:10.987620: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:10.987625: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:10:10.987630: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.987635: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.987639: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.987647: | flags: none (0x0) Aug 26 13:10:10.987652: | length: 28 (0x1c) Aug 26 13:10:10.987657: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.987661: | SPI size: 0 (0x0) Aug 26 13:10:10.987666: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:10.987671: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:10.987676: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.987681: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.987685: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:10:10.987690: | flags: none (0x0) Aug 26 13:10:10.987694: | length: 28 (0x1c) Aug 26 13:10:10.987699: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.987703: | SPI size: 0 (0x0) Aug 26 13:10:10.987708: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:10.987713: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:10.987718: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:10:10.987723: | ***parse IKEv2 Certificate Request Payload: Aug 26 13:10:10.987728: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.987732: | flags: none (0x0) Aug 26 13:10:10.987737: | length: 5 (0x5) Aug 26 13:10:10.987742: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:10:10.987747: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Aug 26 13:10:10.987752: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:10:10.987764: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:10.987770: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:10.987775: | Now let's proceed with state specific processing Aug 26 13:10:10.987780: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:10.987788: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:10:10.987819: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.987826: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:10:10.987833: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:10.987839: | local proposal 1 type PRF has 2 transforms Aug 26 13:10:10.987844: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:10.987849: | local proposal 1 type DH has 8 transforms Aug 26 13:10:10.987853: | local proposal 1 type ESN has 0 transforms Aug 26 13:10:10.987860: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:10.987865: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:10.987870: | local proposal 2 type PRF has 2 transforms Aug 26 13:10:10.987875: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:10.987880: | local proposal 2 type DH has 8 transforms Aug 26 13:10:10.987885: | local proposal 2 type ESN has 0 transforms Aug 26 13:10:10.987890: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:10.987895: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:10.987900: | local proposal 3 type PRF has 2 transforms Aug 26 13:10:10.987905: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:10.987909: | local proposal 3 type DH has 8 transforms Aug 26 13:10:10.987914: | local proposal 3 type ESN has 0 transforms Aug 26 13:10:10.987920: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:10.987928: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:10.987933: | local proposal 4 type PRF has 2 transforms Aug 26 13:10:10.987938: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:10.987943: | local proposal 4 type DH has 8 transforms Aug 26 13:10:10.987948: | local proposal 4 type ESN has 0 transforms Aug 26 13:10:10.987953: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:10.987959: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.987965: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.987969: | length: 36 (0x24) Aug 26 13:10:10.987974: | prop #: 1 (0x1) Aug 26 13:10:10.987979: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.987984: | spi size: 0 (0x0) Aug 26 13:10:10.987989: | # transforms: 3 (0x3) Aug 26 13:10:10.987995: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:10:10.988001: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.988006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.988011: | length: 12 (0xc) Aug 26 13:10:10.988016: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.988021: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.988026: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.988031: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.988036: | length/value: 256 (0x100) Aug 26 13:10:10.988044: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:10.988049: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.988054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.988059: | length: 8 (0x8) Aug 26 13:10:10.988063: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.988068: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.988075: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:10:10.988080: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.988085: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.988089: | length: 8 (0x8) Aug 26 13:10:10.988094: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.988099: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.988105: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:10.988113: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:10:10.988121: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:10:10.988126: | remote proposal 1 matches local proposal 1 Aug 26 13:10:10.988133: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:10:10.988138: | converting proposal to internal trans attrs Aug 26 13:10:10.988167: | natd_hash: hasher=0x55755b1e2800(20) Aug 26 13:10:10.988174: | natd_hash: icookie= 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.988178: | natd_hash: rcookie= 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:10.988183: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:10.988188: | natd_hash: port=500 Aug 26 13:10:10.988193: | natd_hash: hash= 8a 98 e4 3f 70 37 8a be 25 a0 b6 e8 c6 b2 99 bd Aug 26 13:10:10.988197: | natd_hash: hash= 5a 2a aa 1e Aug 26 13:10:10.988209: | natd_hash: hasher=0x55755b1e2800(20) Aug 26 13:10:10.988214: | natd_hash: icookie= 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.988219: | natd_hash: rcookie= 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:10.988223: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:10.988228: | natd_hash: port=500 Aug 26 13:10:10.988233: | natd_hash: hash= dd ea a0 3a 9e ea f8 04 bd 06 91 79 a3 6e a7 83 Aug 26 13:10:10.988237: | natd_hash: hash= 61 ba 8a f5 Aug 26 13:10:10.988242: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:10:10.988250: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:10:10.988254: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:10:10.988261: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:10:10.988269: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:10:10.988275: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:10:10.988281: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:10.988287: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:10:10.988315: | libevent_free: release ptr-libevent@0x55755c153798 Aug 26 13:10:10.988322: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55755c152578 Aug 26 13:10:10.988328: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55755c152578 Aug 26 13:10:10.988337: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:10.988343: | libevent_malloc: new ptr-libevent@0x7fd620002888 size 128 Aug 26 13:10:10.988368: | #1 spent 0.561 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:10:10.988377: | crypto helper 2 resuming Aug 26 13:10:10.988386: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.988421: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:10:10.988451: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:10:10.988468: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:10:10.988472: | suspending state #1 and saving MD Aug 26 13:10:10.988490: | #1 is busy; has a suspended MD Aug 26 13:10:10.988504: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:10.988516: | "north-east" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:10.988530: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:10.988545: | #1 spent 1.34 milliseconds in ikev2_process_packet() Aug 26 13:10:10.988559: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:10.988569: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:10.988578: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:10.988589: | spent 1.39 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:10.990642: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:10:10.991597: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.003129 seconds Aug 26 13:10:10.991624: | (#1) spent 3.12 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:10:10.991631: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:10:10.991637: | scheduling resume sending helper answer for #1 Aug 26 13:10:10.991644: | libevent_malloc: new ptr-libevent@0x7fd618000f48 size 128 Aug 26 13:10:10.991662: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:10.991682: | processing resume sending helper answer for #1 Aug 26 13:10:10.991701: | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:10.991710: | crypto helper 2 replies to request ID 2 Aug 26 13:10:10.991716: | calling continuation function 0x55755b10db50 Aug 26 13:10:10.991721: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:10:10.991738: | creating state object #2 at 0x55755c157f08 Aug 26 13:10:10.991744: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:10:10.991751: | pstats #2 ikev2.child started Aug 26 13:10:10.991757: | duplicating state object #1 "north-east" as #2 for IPSEC SA Aug 26 13:10:10.991766: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:10.991786: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:10.991796: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:10:10.991805: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:10.991811: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:10.991817: | libevent_free: release ptr-libevent@0x7fd620002888 Aug 26 13:10:10.991823: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55755c152578 Aug 26 13:10:10.991829: | event_schedule: new EVENT_SA_REPLACE-pe@0x55755c152578 Aug 26 13:10:10.991836: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:10:10.991842: | libevent_malloc: new ptr-libevent@0x7fd620002888 size 128 Aug 26 13:10:10.991849: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:10:10.991863: | **emit ISAKMP Message: Aug 26 13:10:10.991869: | initiator cookie: Aug 26 13:10:10.991874: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:10.991879: | responder cookie: Aug 26 13:10:10.991883: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:10.991888: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:10.991894: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.991899: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:10.991905: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:10.991910: | Message ID: 1 (0x1) Aug 26 13:10:10.991915: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:10.991922: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:10.991927: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.991932: | flags: none (0x0) Aug 26 13:10:10.991938: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:10.991943: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.991950: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:10.991967: | IKEv2 CERT: send a certificate? Aug 26 13:10:10.991972: | IKEv2 CERT: no certificate to send Aug 26 13:10:10.991977: | IDr payload will be sent Aug 26 13:10:10.992006: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:10:10.992013: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.992018: | flags: none (0x0) Aug 26 13:10:10.992023: | ID type: ID_FQDN (0x2) Aug 26 13:10:10.992030: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:10:10.992035: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.992042: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:10:10.992047: | my identity 6e 6f 72 74 68 Aug 26 13:10:10.992052: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Aug 26 13:10:10.992069: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:10:10.992075: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:10.992080: | flags: none (0x0) Aug 26 13:10:10.992084: | ID type: ID_FQDN (0x2) Aug 26 13:10:10.992090: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:10:10.992097: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:10:10.992102: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.992113: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:10:10.992118: | IDr 65 61 73 74 Aug 26 13:10:10.992123: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:10:10.992128: | not sending INITIAL_CONTACT Aug 26 13:10:10.992134: | ****emit IKEv2 Authentication Payload: Aug 26 13:10:10.992139: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.992144: | flags: none (0x0) Aug 26 13:10:10.992149: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:10.992155: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:10:10.992160: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.992171: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:10.992178: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:10.992184: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 13:10:10.992192: | 1: compared key (none) to @north / @east -> 002 Aug 26 13:10:10.992197: | 2: compared key (none) to @north / @east -> 002 Aug 26 13:10:10.992202: | line 1: match=002 Aug 26 13:10:10.992208: | match 002 beats previous best_match 000 match=0x55755c0a9b58 (line=1) Aug 26 13:10:10.992213: | concluding with best_match=002 best=0x55755c0a9b58 (lineno=1) Aug 26 13:10:11.007232: | #1 spent 14.8 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:10:11.007271: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:10:11.007283: | rsa signature 05 27 f6 73 56 b5 ee 92 79 1f 00 92 fb 7b 2e 0c Aug 26 13:10:11.007298: | rsa signature d0 f6 14 6b 81 70 10 97 9f de be 1d 43 4a d4 57 Aug 26 13:10:11.007311: | rsa signature 21 f2 5e 7d f8 1d a6 b8 07 23 af 41 dc c6 82 38 Aug 26 13:10:11.007319: | rsa signature 80 80 af b0 da dc 44 66 39 82 76 6d c1 60 4a 35 Aug 26 13:10:11.007327: | rsa signature 96 37 0f 41 36 5c 25 0e cb ae 11 ae 10 58 ee d9 Aug 26 13:10:11.007334: | rsa signature b4 e8 a8 03 f5 8f cd c0 04 27 60 c3 3e 5c 13 f6 Aug 26 13:10:11.007342: | rsa signature 6b b8 96 ab f0 b8 18 3b 55 ef 53 18 ad 85 53 59 Aug 26 13:10:11.007350: | rsa signature d2 3b 14 92 c2 53 12 76 e4 66 e0 57 45 d7 00 78 Aug 26 13:10:11.007358: | rsa signature e0 92 b6 50 6f 46 14 01 77 3d 19 c7 47 f4 cf 7c Aug 26 13:10:11.007365: | rsa signature fa 3d 69 e2 fb 42 61 b8 7e f6 ee ed 12 03 3c 17 Aug 26 13:10:11.007373: | rsa signature c4 59 46 61 ac e9 48 9a 5f 37 56 d5 a6 03 f6 02 Aug 26 13:10:11.007381: | rsa signature 43 e1 0b 5c 95 fb c0 04 54 0f ff b8 8a 55 ca 03 Aug 26 13:10:11.007388: | rsa signature 3d 34 da 12 4b 3b 29 a6 e5 79 c8 f1 ce 86 c0 c1 Aug 26 13:10:11.007396: | rsa signature 56 b2 95 d3 7b 73 0b 1c 43 f0 15 49 d4 47 49 c9 Aug 26 13:10:11.007404: | rsa signature 02 4b 2d a7 02 72 81 08 15 f5 bc 0d ea 07 5c d2 Aug 26 13:10:11.007412: | rsa signature e8 f4 00 cd 50 70 56 80 5e 8c 8e b1 f5 e7 8b 03 Aug 26 13:10:11.007419: | rsa signature f6 4e 32 6a 7b 4e d5 d1 3a ed b7 4e fb 3b 69 e0 Aug 26 13:10:11.007427: | rsa signature 8c 49 Aug 26 13:10:11.007441: | #1 spent 15.1 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:10:11.007451: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:10:11.007459: | getting first pending from state #1 Aug 26 13:10:11.007503: | netlink_get_spi: allocated 0xbc130a1e for esp.0@192.1.3.33 Aug 26 13:10:11.007516: | constructing ESP/AH proposals with all DH removed for north-east (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:10:11.007532: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:10:11.007550: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:11.007560: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:10:11.007580: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:11.007591: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:11.007604: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:11.007614: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:11.007627: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:11.007652: "north-east": constructed local ESP/AH proposals for north-east (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:11.007662: | Emitting ikev2_proposals ... Aug 26 13:10:11.007671: | ****emit IKEv2 Security Association Payload: Aug 26 13:10:11.007681: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.007689: | flags: none (0x0) Aug 26 13:10:11.007700: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:11.007710: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.007719: | discarding INTEG=NONE Aug 26 13:10:11.007726: | discarding DH=NONE Aug 26 13:10:11.007734: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.007743: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.007751: | prop #: 1 (0x1) Aug 26 13:10:11.007759: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:11.007767: | spi size: 4 (0x4) Aug 26 13:10:11.007774: | # transforms: 2 (0x2) Aug 26 13:10:11.007784: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.007794: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:11.007802: | our spi bc 13 0a 1e Aug 26 13:10:11.007810: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.007818: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.007826: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.007834: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.007844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.007852: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.007861: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.007869: | length/value: 256 (0x100) Aug 26 13:10:11.007878: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.007885: | discarding INTEG=NONE Aug 26 13:10:11.007892: | discarding DH=NONE Aug 26 13:10:11.007900: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.007908: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.007916: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:11.007924: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:11.007934: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.007943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.007952: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.007960: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:10:11.007969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.007981: | discarding INTEG=NONE Aug 26 13:10:11.007988: | discarding DH=NONE Aug 26 13:10:11.007996: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.008004: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.008012: | prop #: 2 (0x2) Aug 26 13:10:11.008020: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:11.008027: | spi size: 4 (0x4) Aug 26 13:10:11.008035: | # transforms: 2 (0x2) Aug 26 13:10:11.008044: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.008054: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.008063: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:11.008071: | our spi bc 13 0a 1e Aug 26 13:10:11.008078: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008094: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.008102: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.008111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008119: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.008127: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.008135: | length/value: 128 (0x80) Aug 26 13:10:11.008144: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.008151: | discarding INTEG=NONE Aug 26 13:10:11.008158: | discarding DH=NONE Aug 26 13:10:11.008165: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008173: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.008181: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:11.008189: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:11.008199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008216: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008224: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:10:11.008233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.008240: | discarding DH=NONE Aug 26 13:10:11.008248: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.008256: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.008263: | prop #: 3 (0x3) Aug 26 13:10:11.008271: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:11.008279: | spi size: 4 (0x4) Aug 26 13:10:11.008286: | # transforms: 4 (0x4) Aug 26 13:10:11.008310: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.008320: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.008329: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:11.008337: | our spi bc 13 0a 1e Aug 26 13:10:11.008344: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008360: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.008368: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:11.008377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008385: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.008394: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.008405: | length/value: 256 (0x100) Aug 26 13:10:11.008414: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.008421: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008429: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008437: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.008445: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:11.008455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008464: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008472: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008480: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008495: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.008503: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:11.008513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008522: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008530: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008537: | discarding DH=NONE Aug 26 13:10:11.008545: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008553: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.008561: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:11.008568: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:11.008578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008595: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008603: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:10:11.008612: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.008619: | discarding DH=NONE Aug 26 13:10:11.008627: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.008635: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:11.008642: | prop #: 4 (0x4) Aug 26 13:10:11.008650: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:11.008658: | spi size: 4 (0x4) Aug 26 13:10:11.008665: | # transforms: 4 (0x4) Aug 26 13:10:11.008675: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.008684: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.008693: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:11.008700: | our spi bc 13 0a 1e Aug 26 13:10:11.008708: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008724: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.008731: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:11.008740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008749: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.008757: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.008764: | length/value: 128 (0x80) Aug 26 13:10:11.008776: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.008784: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008799: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.008807: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:11.008816: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008834: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008841: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008857: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.008865: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:11.008874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008892: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008899: | discarding DH=NONE Aug 26 13:10:11.008907: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.008915: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.008923: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:11.008931: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:11.008940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.008949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.008957: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.008965: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:10:11.008974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.008982: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:10:11.008991: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:11.009001: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:11.009009: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.009017: | flags: none (0x0) Aug 26 13:10:11.009025: | number of TS: 1 (0x1) Aug 26 13:10:11.009035: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:10:11.009044: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.009053: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:11.009061: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:11.009069: | IP Protocol ID: 0 (0x0) Aug 26 13:10:11.009077: | start port: 0 (0x0) Aug 26 13:10:11.009085: | end port: 65535 (0xffff) Aug 26 13:10:11.009094: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:11.009102: | ipv4 start c0 00 03 fe Aug 26 13:10:11.009111: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:11.009118: | ipv4 end c0 00 03 fe Aug 26 13:10:11.009126: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:11.009134: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:10:11.009145: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:11.009154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.009162: | flags: none (0x0) Aug 26 13:10:11.009169: | number of TS: 1 (0x1) Aug 26 13:10:11.009179: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:10:11.009188: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.009197: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:11.009205: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:11.009212: | IP Protocol ID: 0 (0x0) Aug 26 13:10:11.009220: | start port: 0 (0x0) Aug 26 13:10:11.009227: | end port: 65535 (0xffff) Aug 26 13:10:11.009235: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:11.009243: | ipv4 start c0 00 02 00 Aug 26 13:10:11.009251: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:11.009258: | ipv4 end c0 00 02 ff Aug 26 13:10:11.009266: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:11.009274: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:10:11.009282: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:10:11.009298: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:11.009313: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:11.009323: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:11.009333: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:11.009341: | emitting length of IKEv2 Encryption Payload: 548 Aug 26 13:10:11.009349: | emitting length of ISAKMP Message: 576 Aug 26 13:10:11.009361: | **parse ISAKMP Message: Aug 26 13:10:11.009369: | initiator cookie: Aug 26 13:10:11.009377: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:11.009385: | responder cookie: Aug 26 13:10:11.009392: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.009400: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:11.009409: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.009417: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:11.009425: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:11.009432: | Message ID: 1 (0x1) Aug 26 13:10:11.009440: | length: 576 (0x240) Aug 26 13:10:11.009449: | **parse IKEv2 Encryption Payload: Aug 26 13:10:11.009457: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:10:11.009464: | flags: none (0x0) Aug 26 13:10:11.009472: | length: 548 (0x224) Aug 26 13:10:11.009480: | **emit ISAKMP Message: Aug 26 13:10:11.009488: | initiator cookie: Aug 26 13:10:11.009495: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:11.009502: | responder cookie: Aug 26 13:10:11.009509: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.009517: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:11.009525: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.009533: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:11.009541: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:11.009548: | Message ID: 1 (0x1) Aug 26 13:10:11.009557: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:11.009566: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:10:11.009574: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:10:11.009582: | flags: none (0x0) Aug 26 13:10:11.009589: | fragment number: 1 (0x1) Aug 26 13:10:11.009597: | total fragments: 2 (0x2) Aug 26 13:10:11.009606: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:10:11.009616: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:10:11.009630: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:10:11.009640: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:10:11.009659: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:10:11.009667: | cleartext fragment 24 00 00 0d 02 00 00 00 6e 6f 72 74 68 27 00 00 Aug 26 13:10:11.009675: | cleartext fragment 0c 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 Aug 26 13:10:11.009683: | cleartext fragment 00 05 27 f6 73 56 b5 ee 92 79 1f 00 92 fb 7b 2e Aug 26 13:10:11.009691: | cleartext fragment 0c d0 f6 14 6b 81 70 10 97 9f de be 1d 43 4a d4 Aug 26 13:10:11.009699: | cleartext fragment 57 21 f2 5e 7d f8 1d a6 b8 07 23 af 41 dc c6 82 Aug 26 13:10:11.009707: | cleartext fragment 38 80 80 af b0 da dc 44 66 39 82 76 6d c1 60 4a Aug 26 13:10:11.009715: | cleartext fragment 35 96 37 0f 41 36 5c 25 0e cb ae 11 ae 10 58 ee Aug 26 13:10:11.009723: | cleartext fragment d9 b4 e8 a8 03 f5 8f cd c0 04 27 60 c3 3e 5c 13 Aug 26 13:10:11.009730: | cleartext fragment f6 6b b8 96 ab f0 b8 18 3b 55 ef 53 18 ad 85 53 Aug 26 13:10:11.009738: | cleartext fragment 59 d2 3b 14 92 c2 53 12 76 e4 66 e0 57 45 d7 00 Aug 26 13:10:11.009746: | cleartext fragment 78 e0 92 b6 50 6f 46 14 01 77 3d 19 c7 47 f4 cf Aug 26 13:10:11.009754: | cleartext fragment 7c fa 3d 69 e2 fb 42 61 b8 7e f6 ee ed 12 03 3c Aug 26 13:10:11.009762: | cleartext fragment 17 c4 59 46 61 ac e9 48 9a 5f 37 56 d5 a6 03 f6 Aug 26 13:10:11.009769: | cleartext fragment 02 43 e1 0b 5c 95 fb c0 04 54 0f ff b8 8a 55 ca Aug 26 13:10:11.009777: | cleartext fragment 03 3d 34 da 12 4b 3b 29 a6 e5 79 c8 f1 ce 86 c0 Aug 26 13:10:11.009785: | cleartext fragment c1 56 b2 95 d3 7b 73 0b 1c 43 f0 15 49 d4 47 49 Aug 26 13:10:11.009793: | cleartext fragment c9 02 4b 2d a7 02 72 81 08 15 f5 bc 0d ea 07 5c Aug 26 13:10:11.009801: | cleartext fragment d2 e8 f4 00 cd 50 70 56 80 5e 8c 8e b1 f5 e7 8b Aug 26 13:10:11.009808: | cleartext fragment 03 f6 4e 32 6a 7b 4e d5 d1 3a ed b7 4e fb 3b 69 Aug 26 13:10:11.009816: | cleartext fragment e0 8c 49 2c 00 00 a4 02 00 00 20 01 03 04 02 bc Aug 26 13:10:11.009824: | cleartext fragment 13 0a 1e 03 00 00 0c 01 00 00 14 80 0e 01 00 00 Aug 26 13:10:11.009831: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 bc Aug 26 13:10:11.009839: | cleartext fragment 13 0a 1e 03 00 00 0c 01 00 00 14 80 0e 00 80 00 Aug 26 13:10:11.009847: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 bc Aug 26 13:10:11.009855: | cleartext fragment 13 0a 1e 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 Aug 26 13:10:11.009863: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Aug 26 13:10:11.009870: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 bc Aug 26 13:10:11.009878: | cleartext fragment 13 0a 1e 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 Aug 26 13:10:11.009886: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Aug 26 13:10:11.009894: | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Aug 26 13:10:11.009902: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:11.009911: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:10:11.009920: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:10:11.009928: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:10:11.009936: | emitting length of ISAKMP Message: 539 Aug 26 13:10:11.009969: | **emit ISAKMP Message: Aug 26 13:10:11.009978: | initiator cookie: Aug 26 13:10:11.009985: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:11.009993: | responder cookie: Aug 26 13:10:11.010001: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.010009: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:11.010017: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.010029: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:11.010037: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:11.010045: | Message ID: 1 (0x1) Aug 26 13:10:11.010053: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:11.010062: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:10:11.010070: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.010078: | flags: none (0x0) Aug 26 13:10:11.010086: | fragment number: 2 (0x2) Aug 26 13:10:11.010094: | total fragments: 2 (0x2) Aug 26 13:10:11.010103: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:10:11.010113: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:10:11.010121: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:10:11.010131: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:10:11.010150: | emitting 41 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:10:11.010159: | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 00 03 fe c0 00 03 Aug 26 13:10:11.010167: | cleartext fragment fe 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Aug 26 13:10:11.010175: | cleartext fragment ff c0 00 02 00 c0 00 02 ff Aug 26 13:10:11.010183: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:11.010192: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:10:11.010201: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:10:11.010209: | emitting length of IKEv2 Encrypted Fragment: 74 Aug 26 13:10:11.010217: | emitting length of ISAKMP Message: 102 Aug 26 13:10:11.010250: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.010265: | start processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.010278: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:10:11.010298: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:10:11.010314: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:10:11.010324: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:10:11.010342: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:10:11.010358: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:10:11.010371: "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:10:11.010386: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:10:11.010394: | sending fragments ... Aug 26 13:10:11.010412: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:11.010420: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.010428: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:10:11.010436: | 00 01 00 02 fd e5 a2 84 dc a7 bb e1 8a e9 c3 d4 Aug 26 13:10:11.010444: | 86 01 51 94 cb 20 97 49 b6 39 ad 63 38 3e df fc Aug 26 13:10:11.010451: | 01 37 37 f0 2a 5b 47 93 55 c9 52 01 ee 85 f6 74 Aug 26 13:10:11.010459: | 3c 34 8f a5 eb e4 2f e5 42 86 dc 18 a9 5f 29 33 Aug 26 13:10:11.010466: | 9d 48 90 87 95 57 05 2f ca 6b 03 68 a1 47 3a 16 Aug 26 13:10:11.010474: | 95 34 3d af e1 e6 e8 15 15 39 ff 58 43 f0 35 36 Aug 26 13:10:11.010481: | ee f8 ed e7 27 85 74 57 ba 84 62 0d de 96 97 07 Aug 26 13:10:11.010493: | 5c 99 a8 19 eb 57 9a 1f 9d d7 74 ff d4 80 dc b6 Aug 26 13:10:11.010501: | 29 b3 29 ec 51 c6 2e 61 e8 dd 9a 35 c1 51 05 2e Aug 26 13:10:11.010508: | 9a 8f e7 ec b0 26 ef b5 a3 c4 91 01 e6 73 a1 d7 Aug 26 13:10:11.010516: | d4 89 d8 4b 33 1d 1d 80 00 79 a7 52 c2 e4 39 c8 Aug 26 13:10:11.010523: | 21 ae 4d a0 c9 b5 5b dc b3 08 bc 9a 73 a4 e9 6c Aug 26 13:10:11.010531: | 5e 3f 31 49 75 45 3d 1c c3 de d5 94 84 c7 7d 25 Aug 26 13:10:11.010538: | af 4f 85 aa 89 9f 16 6c b2 c8 94 de cf 8e c0 b0 Aug 26 13:10:11.010546: | ac c8 03 fb 80 2e 99 79 16 98 c0 be 42 42 4c 09 Aug 26 13:10:11.010553: | 9a 5f 9a 3a 0f 00 1a e3 be a9 84 d9 5d 9f 69 2f Aug 26 13:10:11.010561: | c4 46 46 91 55 02 f6 f6 21 d6 53 5e cd c1 7c 19 Aug 26 13:10:11.010569: | 8d 90 ec 9c 0e f5 09 f4 40 b1 f7 61 b5 8e 0a b5 Aug 26 13:10:11.010576: | 63 a7 b7 6d a8 9b 19 59 8f 6c 9c 35 2e 57 bb 50 Aug 26 13:10:11.010584: | 77 06 53 4d 51 14 bd 9a a5 c9 2d 41 4b 86 81 23 Aug 26 13:10:11.010591: | f2 71 3e 4d 4f 48 37 80 75 3c b5 dd ec 45 b0 3d Aug 26 13:10:11.010599: | 89 2d 02 31 f9 30 d1 c2 40 bf 78 10 b3 97 ac 5b Aug 26 13:10:11.010606: | 85 38 60 23 01 0c 77 75 76 c9 23 f1 dc 8b 1b a4 Aug 26 13:10:11.010614: | 17 69 fd 21 39 06 9a b8 26 e1 68 35 b1 54 7b e6 Aug 26 13:10:11.010621: | 3f fe ed 08 ba fa 42 77 53 9b 09 38 0f 38 3e 91 Aug 26 13:10:11.010629: | 00 14 9a 3e 5e a0 66 87 f3 6a 20 f7 6a b5 28 ae Aug 26 13:10:11.010636: | 43 c9 2a 51 a0 0f 74 ac fa 7b 34 cf 02 29 d8 e7 Aug 26 13:10:11.010644: | e6 b9 e0 e4 4a 1e 2c e0 67 b8 67 36 e9 07 d0 a3 Aug 26 13:10:11.010651: | 7d 17 1c 00 eb 0c 4b 4f 1f be 77 c6 6c f3 19 67 Aug 26 13:10:11.010659: | 1f ac 88 87 0b 82 b9 85 83 6d 7c 12 dc ef 97 cc Aug 26 13:10:11.010666: | da 8d b2 1a cc 7c e0 b7 43 7c 9a d7 e9 40 ff 18 Aug 26 13:10:11.010674: | 30 d3 23 50 27 aa 7a 66 f9 20 44 Aug 26 13:10:11.010782: | sending 102 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:11.010794: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.010802: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Aug 26 13:10:11.010809: | 00 02 00 02 30 70 11 39 86 d6 8a e8 22 71 54 25 Aug 26 13:10:11.010817: | b7 f4 58 e2 c6 89 46 22 a6 58 7f 42 9a 46 aa 51 Aug 26 13:10:11.010825: | 93 0e 55 ae fd 28 8f e8 de cd 2d c6 71 c1 26 b2 Aug 26 13:10:11.010832: | ce b1 f8 a8 88 3a 72 cc 61 70 f6 e1 77 84 61 88 Aug 26 13:10:11.010839: | 4e 7f 41 01 df 25 Aug 26 13:10:11.010875: | sent 2 fragments Aug 26 13:10:11.010887: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:11.010900: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd620002b78 Aug 26 13:10:11.010912: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:10:11.010923: | libevent_malloc: new ptr-libevent@0x55755c155728 size 128 Aug 26 13:10:11.010940: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10296.753362 Aug 26 13:10:11.010952: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:11.010968: | #1 spent 3.44 milliseconds Aug 26 13:10:11.010980: | #1 spent 19 milliseconds in resume sending helper answer Aug 26 13:10:11.010995: | stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:11.011005: | libevent_free: release ptr-libevent@0x7fd618000f48 Aug 26 13:10:11.056611: | spent 0.00422 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:11.056646: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:11.056653: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.056658: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 13:10:11.056664: | 26 6d b8 c1 52 e1 18 94 9a 5a 9a 1b 54 ea 24 fe Aug 26 13:10:11.056674: | ba cc a2 86 6c b1 7f 7f 18 6b e2 21 c0 e6 bb 3e Aug 26 13:10:11.056680: | 54 24 8c 6a f9 75 24 a8 4a 23 0f 67 56 cb 44 52 Aug 26 13:10:11.056685: | 49 b9 83 ee 6a be b5 0d d5 65 9a 08 dc f7 73 8a Aug 26 13:10:11.056690: | 5e d4 f5 23 b1 14 06 e6 3f 7c de 5e 8e 12 65 31 Aug 26 13:10:11.056695: | ef eb 6d 33 49 4d 6d 57 18 1a aa 77 d0 61 d4 ac Aug 26 13:10:11.056700: | 26 8b 4b d1 01 0f cc ca d0 06 eb 09 27 66 ef 51 Aug 26 13:10:11.056705: | 16 d9 6e 45 5f 35 ed 44 e6 41 ee 2a b8 37 ab 7a Aug 26 13:10:11.056710: | 01 b1 61 cb c2 9b 3a a7 00 91 3e 5d 94 da bf 14 Aug 26 13:10:11.056714: | 36 30 92 bf 3d 5c fd 55 79 72 a6 88 00 9b a0 68 Aug 26 13:10:11.056719: | 2b 18 e9 b5 4b 6a db b3 90 5a 29 31 ca 2d be 8e Aug 26 13:10:11.056724: | ff 26 8c 70 d2 d0 97 29 80 fb ae dd 58 a5 dd 8f Aug 26 13:10:11.056729: | de bd d5 36 42 65 e9 d1 47 74 3e 2e 68 f6 27 69 Aug 26 13:10:11.056734: | ac 16 7f 40 ea da a9 28 0f df a6 45 6e 60 6e 73 Aug 26 13:10:11.056739: | c2 92 b6 c8 f6 67 19 9d d9 02 4b bb 0e f6 26 4d Aug 26 13:10:11.056744: | c3 c7 79 64 a6 f8 6e ac 70 1c 8e de ab e1 49 f9 Aug 26 13:10:11.056749: | 5c af 39 f8 3f 95 d3 e4 1b d4 d0 08 2a ca 87 5a Aug 26 13:10:11.056753: | 4a db b5 b3 a8 f1 35 01 25 02 7a b5 12 4e 3b c9 Aug 26 13:10:11.056758: | fe 7d 86 cc 54 3a 7d c8 41 6f 07 a6 af 66 81 9a Aug 26 13:10:11.056763: | 2e d0 68 ce ee 2b e5 be ce 84 94 33 9c a3 b7 6c Aug 26 13:10:11.056768: | 8c ef 85 ff a7 65 bd 3b 36 6d 0d a7 de 3e ef a5 Aug 26 13:10:11.056773: | ba 20 14 37 f6 14 f9 4e aa 79 88 d0 d6 bf a9 43 Aug 26 13:10:11.056778: | 58 6a 37 f3 17 ba 2a bb 0a b9 5d ab 25 15 a7 72 Aug 26 13:10:11.056783: | 35 b3 e3 36 c7 41 01 09 b2 a2 cc 5f 0a e5 75 ed Aug 26 13:10:11.056788: | 93 34 cb 62 0b 99 c1 49 0c b9 3e b8 eb de be 75 Aug 26 13:10:11.056792: | 2e c4 02 Aug 26 13:10:11.056801: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:11.056808: | **parse ISAKMP Message: Aug 26 13:10:11.056813: | initiator cookie: Aug 26 13:10:11.056818: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:11.056823: | responder cookie: Aug 26 13:10:11.056827: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:11.056833: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:11.056838: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.056844: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:11.056849: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:11.056854: | Message ID: 1 (0x1) Aug 26 13:10:11.056859: | length: 435 (0x1b3) Aug 26 13:10:11.056865: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:11.056871: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:10:11.056879: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:10:11.056891: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:11.056898: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:10:11.056907: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:11.056916: | start processing: state #2 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:11.056921: | #2 is idle Aug 26 13:10:11.056926: | #2 idle Aug 26 13:10:11.056930: | unpacking clear payload Aug 26 13:10:11.056936: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:11.056941: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:11.056947: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:10:11.056951: | flags: none (0x0) Aug 26 13:10:11.056956: | length: 407 (0x197) Aug 26 13:10:11.056961: | processing payload: ISAKMP_NEXT_v2SK (len=403) Aug 26 13:10:11.056967: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:10:11.056989: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:10:11.056999: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:10:11.057005: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:10:11.057010: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:11.057015: | flags: none (0x0) Aug 26 13:10:11.057020: | length: 12 (0xc) Aug 26 13:10:11.057025: | ID type: ID_FQDN (0x2) Aug 26 13:10:11.057030: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:10:11.057035: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:10:11.057040: | **parse IKEv2 Authentication Payload: Aug 26 13:10:11.057045: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:11.057050: | flags: none (0x0) Aug 26 13:10:11.057055: | length: 282 (0x11a) Aug 26 13:10:11.057060: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:11.057065: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:10:11.057070: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:11.057076: | **parse IKEv2 Security Association Payload: Aug 26 13:10:11.057081: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:10:11.057086: | flags: none (0x0) Aug 26 13:10:11.057091: | length: 36 (0x24) Aug 26 13:10:11.057096: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:10:11.057101: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:10:11.057106: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:11.057111: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:10:11.057116: | flags: none (0x0) Aug 26 13:10:11.057121: | length: 24 (0x18) Aug 26 13:10:11.057125: | number of TS: 1 (0x1) Aug 26 13:10:11.057130: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:10:11.057135: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:10:11.057141: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:11.057146: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.057150: | flags: none (0x0) Aug 26 13:10:11.057155: | length: 24 (0x18) Aug 26 13:10:11.057160: | number of TS: 1 (0x1) Aug 26 13:10:11.057165: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:10:11.057171: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:10:11.057176: | Now let's proceed with state specific processing Aug 26 13:10:11.057182: | calling processor Initiator: process IKE_AUTH response Aug 26 13:10:11.057190: | offered CA: '%none' Aug 26 13:10:11.057197: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:10:11.057239: | verifying AUTH payload Aug 26 13:10:11.057263: | required RSA CA is '%any' Aug 26 13:10:11.057270: | checking RSA keyid '@east' for match with '@east' Aug 26 13:10:11.057276: | key issuer CA is '%any' Aug 26 13:10:11.057387: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 13:10:11.057406: | #1 spent 0.108 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:10:11.057413: "north-east" #2: Authenticated using RSA Aug 26 13:10:11.057420: | #1 spent 0.158 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:10:11.057426: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:10:11.057433: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:10:11.057438: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:10:11.057444: | libevent_free: release ptr-libevent@0x7fd620002888 Aug 26 13:10:11.057449: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55755c152578 Aug 26 13:10:11.057454: | event_schedule: new EVENT_SA_REKEY-pe@0x55755c152578 Aug 26 13:10:11.057461: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:10:11.057466: | libevent_malloc: new ptr-libevent@0x7fd618000f48 size 128 Aug 26 13:10:11.057733: | pstats #1 ikev2.ike established Aug 26 13:10:11.057746: | TSi: parsing 1 traffic selectors Aug 26 13:10:11.057752: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:11.057758: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:11.057763: | IP Protocol ID: 0 (0x0) Aug 26 13:10:11.057771: | length: 16 (0x10) Aug 26 13:10:11.057776: | start port: 0 (0x0) Aug 26 13:10:11.057781: | end port: 65535 (0xffff) Aug 26 13:10:11.057787: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:11.057792: | TS low c0 00 03 fe Aug 26 13:10:11.057797: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:11.057802: | TS high c0 00 03 fe Aug 26 13:10:11.057807: | TSi: parsed 1 traffic selectors Aug 26 13:10:11.057812: | TSr: parsing 1 traffic selectors Aug 26 13:10:11.057817: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:11.057823: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:11.057828: | IP Protocol ID: 0 (0x0) Aug 26 13:10:11.057832: | length: 16 (0x10) Aug 26 13:10:11.057837: | start port: 0 (0x0) Aug 26 13:10:11.057842: | end port: 65535 (0xffff) Aug 26 13:10:11.057847: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:11.057852: | TS low c0 00 02 00 Aug 26 13:10:11.057857: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:11.057862: | TS high c0 00 02 ff Aug 26 13:10:11.057867: | TSr: parsed 1 traffic selectors Aug 26 13:10:11.057878: | evaluating our conn="north-east" I=192.0.3.254/32:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:10:11.057888: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:11.057901: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Aug 26 13:10:11.057907: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:11.057912: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:11.057918: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:11.057925: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:11.057934: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:11.057946: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:10:11.057952: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:11.057957: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:11.057962: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:11.057968: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:11.057973: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:11.057978: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:10:11.057983: | printing contents struct traffic_selector Aug 26 13:10:11.057988: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:10:11.057992: | ipprotoid: 0 Aug 26 13:10:11.057997: | port range: 0-65535 Aug 26 13:10:11.058004: | ip range: 192.0.3.254-192.0.3.254 Aug 26 13:10:11.058009: | printing contents struct traffic_selector Aug 26 13:10:11.058014: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:10:11.058019: | ipprotoid: 0 Aug 26 13:10:11.058023: | port range: 0-65535 Aug 26 13:10:11.058031: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:10:11.058059: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:11.058066: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:10:11.058073: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:11.058079: | local proposal 1 type PRF has 0 transforms Aug 26 13:10:11.058084: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:11.058089: | local proposal 1 type DH has 1 transforms Aug 26 13:10:11.058095: | local proposal 1 type ESN has 1 transforms Aug 26 13:10:11.058101: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:11.058109: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:11.058115: | local proposal 2 type PRF has 0 transforms Aug 26 13:10:11.058120: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:11.058126: | local proposal 2 type DH has 1 transforms Aug 26 13:10:11.058131: | local proposal 2 type ESN has 1 transforms Aug 26 13:10:11.058137: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:11.058142: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:11.058147: | local proposal 3 type PRF has 0 transforms Aug 26 13:10:11.058153: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:11.058158: | local proposal 3 type DH has 1 transforms Aug 26 13:10:11.058163: | local proposal 3 type ESN has 1 transforms Aug 26 13:10:11.058169: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:11.058174: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:11.058179: | local proposal 4 type PRF has 0 transforms Aug 26 13:10:11.058184: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:11.058190: | local proposal 4 type DH has 1 transforms Aug 26 13:10:11.058195: | local proposal 4 type ESN has 1 transforms Aug 26 13:10:11.058201: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:11.058207: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.058212: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:11.058217: | length: 32 (0x20) Aug 26 13:10:11.058222: | prop #: 1 (0x1) Aug 26 13:10:11.058228: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:11.058232: | spi size: 4 (0x4) Aug 26 13:10:11.058237: | # transforms: 2 (0x2) Aug 26 13:10:11.058243: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:11.058248: | remote SPI d6 07 a3 d0 Aug 26 13:10:11.058255: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:10:11.058260: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:11.058265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.058270: | length: 12 (0xc) Aug 26 13:10:11.058275: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.058280: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.058286: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.058309: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.058315: | length/value: 256 (0x100) Aug 26 13:10:11.058325: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:11.058331: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:11.058336: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.058340: | length: 8 (0x8) Aug 26 13:10:11.058346: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:11.058351: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:11.058358: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:10:11.058365: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:10:11.058375: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:10:11.058380: | remote proposal 1 matches local proposal 1 Aug 26 13:10:11.058387: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:10:11.058397: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=d607a3d0;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:10:11.058402: | converting proposal to internal trans attrs Aug 26 13:10:11.058411: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:10:11.058673: | #1 spent 1.08 milliseconds Aug 26 13:10:11.058682: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:10:11.058688: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 13:10:11.058696: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:11.058702: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:11.058708: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:11.058716: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 13:10:11.058723: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:11.058729: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:11.058735: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:11.058741: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:11.058748: | setting IPsec SA replay-window to 32 Aug 26 13:10:11.058755: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 13:10:11.058760: | netlink: enabling tunnel mode Aug 26 13:10:11.058766: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:11.058771: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:11.058866: | netlink response for Add SA esp.d607a3d0@192.1.2.23 included non-error error Aug 26 13:10:11.058874: | set up outgoing SA, ref=0/0 Aug 26 13:10:11.058881: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:11.058887: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:11.058892: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:11.058898: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:11.058905: | setting IPsec SA replay-window to 32 Aug 26 13:10:11.058911: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 13:10:11.058916: | netlink: enabling tunnel mode Aug 26 13:10:11.058921: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:11.058926: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:11.058980: | netlink response for Add SA esp.bc130a1e@192.1.3.33 included non-error error Aug 26 13:10:11.058988: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:11.059001: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:10:11.059007: | IPsec Sa SPD priority set to 1040359 Aug 26 13:10:11.059043: | raw_eroute result=success Aug 26 13:10:11.059050: | set up incoming SA, ref=0/0 Aug 26 13:10:11.059055: | sr for #2: prospective erouted Aug 26 13:10:11.059061: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:11.059066: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:11.059072: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:11.059078: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:11.059085: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 13:10:11.059092: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Aug 26 13:10:11.059098: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:11.059114: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:10:11.059119: | IPsec Sa SPD priority set to 1040359 Aug 26 13:10:11.059140: | raw_eroute result=success Aug 26 13:10:11.059147: | running updown command "ipsec _updown" for verb up Aug 26 13:10:11.059152: | command executing up-client Aug 26 13:10:11.059208: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd607a3 Aug 26 13:10:11.059217: | popen cmd is 1036 chars long Aug 26 13:10:11.059224: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Aug 26 13:10:11.059230: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@: Aug 26 13:10:11.059236: | cmd( 160):north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_: Aug 26 13:10:11.059241: | cmd( 240):MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Aug 26 13:10:11.059247: | cmd( 320):A_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east: Aug 26 13:10:11.059253: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_: Aug 26 13:10:11.059259: | cmd( 480):CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Aug 26 13:10:11.059264: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Aug 26 13:10:11.059271: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Aug 26 13:10:11.059277: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Aug 26 13:10:11.059283: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Aug 26 13:10:11.059294: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Aug 26 13:10:11.059304: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0xd607a3d0 SPI_OUT=0xbc130a1e ipsec _updown 2>&1: Aug 26 13:10:11.076136: | route_and_eroute: firewall_notified: true Aug 26 13:10:11.076157: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55755c1507d8,sr=0x55755c1507d8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:10:11.076256: | #1 spent 1.3 milliseconds in install_ipsec_sa() Aug 26 13:10:11.076270: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:10:11.076276: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:11.076282: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:10:11.076305: | libevent_free: release ptr-libevent@0x55755c155728 Aug 26 13:10:11.076318: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd620002b78 Aug 26 13:10:11.076328: | #2 spent 2.66 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:10:11.076340: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.076344: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:10:11.076347: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:10:11.076350: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:10:11.076353: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:10:11.076358: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:10:11.076361: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:11.076364: | pstats #2 ikev2.child established Aug 26 13:10:11.076372: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:10:11.076375: | NAT-T: encaps is 'auto' Aug 26 13:10:11.076379: "north-east" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xd607a3d0 <0xbc130a1e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:10:11.076386: | releasing whack for #2 (sock=fd@-1) Aug 26 13:10:11.076388: | releasing whack and unpending for parent #1 Aug 26 13:10:11.076391: | unpending state #1 connection "north-east" Aug 26 13:10:11.076395: | delete from pending Child SA with 192.1.2.23 "north-east" Aug 26 13:10:11.076397: | removing pending policy for no connection {0x55755c1432f8} Aug 26 13:10:11.076402: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:10:11.076404: | event_schedule: new EVENT_SA_REKEY-pe@0x7fd620002b78 Aug 26 13:10:11.076407: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:10:11.076410: | libevent_malloc: new ptr-libevent@0x55755c15b758 size 128 Aug 26 13:10:11.076415: | stop processing: state #2 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:11.076420: | #1 spent 3.31 milliseconds in ikev2_process_packet() Aug 26 13:10:11.076424: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:11.076428: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:11.076430: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:11.076433: | spent 3.33 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:11.076447: | processing signal PLUTO_SIGCHLD Aug 26 13:10:11.076452: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:11.076455: | spent 0.00446 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:12.033481: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:12.033509: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:10:12.033518: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:12.033527: | get_sa_info esp.bc130a1e@192.1.3.33 Aug 26 13:10:12.033546: | get_sa_info esp.d607a3d0@192.1.2.23 Aug 26 13:10:12.033566: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:12.033575: | spent 0.103 milliseconds in whack Aug 26 13:10:15.306305: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:15.306334: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:10:15.306340: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:15.306349: | get_sa_info esp.bc130a1e@192.1.3.33 Aug 26 13:10:15.306366: | get_sa_info esp.d607a3d0@192.1.2.23 Aug 26 13:10:15.306388: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:15.306398: | spent 0.103 milliseconds in whack Aug 26 13:10:16.524706: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:16.525239: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:16.525247: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:16.525336: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:10:16.525344: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:16.525359: | get_sa_info esp.bc130a1e@192.1.3.33 Aug 26 13:10:16.525379: | get_sa_info esp.d607a3d0@192.1.2.23 Aug 26 13:10:16.525406: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:16.525414: | spent 0.7 milliseconds in whack Aug 26 13:10:17.034865: | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:17.034886: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:17.034890: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.034892: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:10:17.034893: | 5a b7 86 c1 8a f4 33 89 cb 8a 77 79 23 eb f2 24 Aug 26 13:10:17.034895: | be 18 93 ef 06 b8 15 a7 d7 29 f5 09 3c ee 28 18 Aug 26 13:10:17.034896: | 8a 95 fc d8 32 Aug 26 13:10:17.034899: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:17.034904: | **parse ISAKMP Message: Aug 26 13:10:17.034906: | initiator cookie: Aug 26 13:10:17.034908: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:17.034910: | responder cookie: Aug 26 13:10:17.034916: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.034920: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:17.034924: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.034927: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.034931: | flags: none (0x0) Aug 26 13:10:17.034934: | Message ID: 0 (0x0) Aug 26 13:10:17.034936: | length: 69 (0x45) Aug 26 13:10:17.034940: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:10:17.034944: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:10:17.034949: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:10:17.034957: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:17.034961: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:17.034966: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:17.034970: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:10:17.034976: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:10:17.034979: | unpacking clear payload Aug 26 13:10:17.034981: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:17.034984: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:17.034985: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:10:17.034987: | flags: none (0x0) Aug 26 13:10:17.034989: | length: 41 (0x29) Aug 26 13:10:17.034990: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:10:17.034993: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:10:17.034995: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:10:17.035014: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:10:17.035016: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:10:17.035018: | **parse IKEv2 Delete Payload: Aug 26 13:10:17.035020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.035021: | flags: none (0x0) Aug 26 13:10:17.035023: | length: 12 (0xc) Aug 26 13:10:17.035025: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.035026: | SPI size: 4 (0x4) Aug 26 13:10:17.035028: | number of SPIs: 1 (0x1) Aug 26 13:10:17.035030: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:10:17.035031: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:10:17.035033: | Now let's proceed with state specific processing Aug 26 13:10:17.035035: | calling processor I3: INFORMATIONAL Request Aug 26 13:10:17.035037: | an informational request should send a response Aug 26 13:10:17.035057: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:10:17.035059: | **emit ISAKMP Message: Aug 26 13:10:17.035061: | initiator cookie: Aug 26 13:10:17.035063: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:17.035064: | responder cookie: Aug 26 13:10:17.035066: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.035068: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.035069: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.035071: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.035073: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:10:17.035074: | Message ID: 0 (0x0) Aug 26 13:10:17.035076: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.035078: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.035080: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.035083: | flags: none (0x0) Aug 26 13:10:17.035086: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.035088: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:17.035090: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.035100: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:10:17.035102: | SPI d6 07 a3 d0 Aug 26 13:10:17.035104: | delete PROTO_v2_ESP SA(0xd607a3d0) Aug 26 13:10:17.035106: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:10:17.035108: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:10:17.035110: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xd607a3d0) Aug 26 13:10:17.035112: "north-east" #1: received Delete SA payload: delete IPsec State #2 now Aug 26 13:10:17.035114: | pstats #2 ikev2.child deleted completed Aug 26 13:10:17.035116: | #2 spent 2.66 milliseconds in total Aug 26 13:10:17.035120: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:17.035122: | start processing: state #2 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:17.035125: "north-east" #2: deleting other state #2 (STATE_V2_IPSEC_I) aged 6.043s and NOT sending notification Aug 26 13:10:17.035127: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:10:17.035130: | get_sa_info esp.d607a3d0@192.1.2.23 Aug 26 13:10:17.035140: | get_sa_info esp.bc130a1e@192.1.3.33 Aug 26 13:10:17.035145: "north-east" #2: ESP traffic information: in=336B out=336B Aug 26 13:10:17.035148: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:10:17.035150: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.035153: | libevent_free: release ptr-libevent@0x55755c15b758 Aug 26 13:10:17.035155: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fd620002b78 Aug 26 13:10:17.035187: | running updown command "ipsec _updown" for verb down Aug 26 13:10:17.035190: | command executing down-client Aug 26 13:10:17.035207: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825011' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:10:17.035210: | popen cmd is 1047 chars long Aug 26 13:10:17.035213: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Aug 26 13:10:17.035217: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Aug 26 13:10:17.035221: | cmd( 160):'@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUT: Aug 26 13:10:17.035225: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Aug 26 13:10:17.035228: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Aug 26 13:10:17.035232: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Aug 26 13:10:17.035238: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Aug 26 13:10:17.035242: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825011' PLUTO_CONN_POLICY='RS: Aug 26 13:10:17.035246: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Aug 26 13:10:17.035249: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Aug 26 13:10:17.035252: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Aug 26 13:10:17.035254: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Aug 26 13:10:17.035255: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd607a3d0 SPI_OUT=0xbc130a1e ipsec _updo: Aug 26 13:10:17.035257: | cmd(1040):wn 2>&1: Aug 26 13:10:17.045155: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:17.045174: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.045179: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:17.045184: | IPsec Sa SPD priority set to 1040359 Aug 26 13:10:17.045219: | delete esp.d607a3d0@192.1.2.23 Aug 26 13:10:17.045238: | netlink response for Del SA esp.d607a3d0@192.1.2.23 included non-error error Aug 26 13:10:17.045242: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:17.045247: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:10:17.045264: | raw_eroute result=success Aug 26 13:10:17.045267: | delete esp.bc130a1e@192.1.3.33 Aug 26 13:10:17.045275: | netlink response for Del SA esp.bc130a1e@192.1.3.33 included non-error error Aug 26 13:10:17.045284: | in connection_discard for connection north-east Aug 26 13:10:17.045287: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:10:17.045317: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:10:17.045326: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:17.045330: | resume processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:17.045342: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.045345: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.045348: | flags: none (0x0) Aug 26 13:10:17.045350: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.045351: | SPI size: 4 (0x4) Aug 26 13:10:17.045353: | number of SPIs: 1 (0x1) Aug 26 13:10:17.045356: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.045358: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:17.045362: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:10:17.045364: | local SPIs bc 13 0a 1e Aug 26 13:10:17.045366: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:17.045368: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.045370: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.045372: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.045374: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:10:17.045376: | emitting length of ISAKMP Message: 69 Aug 26 13:10:17.045404: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:17.045406: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.045408: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:10:17.045409: | cb ae 2a ef c5 e8 f1 7e 5e 63 a9 cc 2c 90 e4 81 Aug 26 13:10:17.045411: | 64 0b cf 20 68 61 f1 9d 85 63 dc 4a 03 a5 a6 49 Aug 26 13:10:17.045415: | 08 d4 3a 1a ac Aug 26 13:10:17.045452: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:10:17.045456: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:10:17.045463: | #1 spent 0.816 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:10:17.045468: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:17.045471: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:10:17.045474: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:10:17.045478: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:10:17.045482: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:17.045485: "north-east" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:10:17.045490: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:17.045494: | #1 spent 1.01 milliseconds in ikev2_process_packet() Aug 26 13:10:17.045498: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:17.045504: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:17.045507: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:17.045512: | spent 1.03 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:17.045530: | spent 0.00168 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:17.045540: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:17.045542: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.045544: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:10:17.045545: | 7b 09 bd d3 0a 97 1c 7a 90 bf b4 8e 44 d1 70 62 Aug 26 13:10:17.045547: | f8 83 2a 10 30 15 44 09 64 62 27 e6 67 49 dc ce Aug 26 13:10:17.045548: | 0c Aug 26 13:10:17.045551: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:17.045554: | **parse ISAKMP Message: Aug 26 13:10:17.045555: | initiator cookie: Aug 26 13:10:17.045557: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:17.045558: | responder cookie: Aug 26 13:10:17.045560: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.045562: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:17.045564: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.045566: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.045567: | flags: none (0x0) Aug 26 13:10:17.045569: | Message ID: 1 (0x1) Aug 26 13:10:17.045571: | length: 65 (0x41) Aug 26 13:10:17.045573: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:10:17.045575: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:10:17.045577: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:10:17.045581: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:17.045583: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:17.045586: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:17.045588: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:17.045591: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:10:17.045594: | unpacking clear payload Aug 26 13:10:17.045596: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:17.045598: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:17.045599: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:10:17.045602: | flags: none (0x0) Aug 26 13:10:17.045604: | length: 37 (0x25) Aug 26 13:10:17.045607: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:10:17.045610: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:17.045613: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:10:17.045628: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:10:17.045631: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:10:17.045634: | **parse IKEv2 Delete Payload: Aug 26 13:10:17.045636: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.045638: | flags: none (0x0) Aug 26 13:10:17.045641: | length: 8 (0x8) Aug 26 13:10:17.045643: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:10:17.045645: | SPI size: 0 (0x0) Aug 26 13:10:17.045648: | number of SPIs: 0 (0x0) Aug 26 13:10:17.045650: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:10:17.045653: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:10:17.045656: | Now let's proceed with state specific processing Aug 26 13:10:17.045658: | calling processor I3: INFORMATIONAL Request Aug 26 13:10:17.045661: | an informational request should send a response Aug 26 13:10:17.045681: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:10:17.045684: | **emit ISAKMP Message: Aug 26 13:10:17.045686: | initiator cookie: Aug 26 13:10:17.045688: | 93 68 0e fb 39 d1 55 67 Aug 26 13:10:17.045690: | responder cookie: Aug 26 13:10:17.045692: | 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.045694: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.045696: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.045698: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.045701: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:10:17.045703: | Message ID: 1 (0x1) Aug 26 13:10:17.045705: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.045707: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.045709: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.045711: | flags: none (0x0) Aug 26 13:10:17.045714: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.045716: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:10:17.045719: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.045732: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.045734: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.045737: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.045739: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:10:17.045741: | emitting length of ISAKMP Message: 57 Aug 26 13:10:17.045752: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:17.045754: | 93 68 0e fb 39 d1 55 67 0e ef 6f 9a 35 aa bd 66 Aug 26 13:10:17.045756: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:10:17.045758: | 1e ad 6e 09 db ee c1 c2 f4 e3 7c 5b 9f e6 50 ea Aug 26 13:10:17.045760: | 85 57 1c 7e 3f fd fd 62 06 Aug 26 13:10:17.045782: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:10:17.045788: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:10:17.045791: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:10:17.045794: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:10:17.045797: | pstats #1 ikev2.ike deleted completed Aug 26 13:10:17.045800: | #1 spent 34.2 milliseconds in total Aug 26 13:10:17.045805: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:17.045809: "north-east" #1: deleting state (STATE_IKESA_DEL) aged 6.073s and NOT sending notification Aug 26 13:10:17.045812: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:10:17.045874: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.045883: | libevent_free: release ptr-libevent@0x7fd618000f48 Aug 26 13:10:17.045889: | free_event_entry: release EVENT_SA_REKEY-pe@0x55755c152578 Aug 26 13:10:17.045892: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:17.045895: | in connection_discard for connection north-east Aug 26 13:10:17.045898: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:10:17.045901: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:10:17.045905: | unreference key: 0x55755c152808 @east cnt 2-- Aug 26 13:10:17.045935: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:17.045964: | in statetime_stop() and could not find #1 Aug 26 13:10:17.045969: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:17.045974: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:10:17.045977: | STF_OK but no state object remains Aug 26 13:10:17.045980: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:17.045983: | in statetime_stop() and could not find #1 Aug 26 13:10:17.045988: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:17.045991: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:17.045994: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:17.045999: | spent 0.453 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:17.046007: | processing signal PLUTO_SIGCHLD Aug 26 13:10:17.046014: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:17.046018: | spent 0.00608 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:17.573980: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:17.574002: shutting down Aug 26 13:10:17.574022: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:10:17.574025: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:17.574027: forgetting secrets Aug 26 13:10:17.574037: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:17.574041: | unreference key: 0x55755c152808 @east cnt 1-- Aug 26 13:10:17.574045: | unreference key: 0x55755c0a9c48 @north cnt 1-- Aug 26 13:10:17.574050: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Aug 26 13:10:17.574052: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:10:17.574055: | pass 0 Aug 26 13:10:17.574057: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.574059: | pass 1 Aug 26 13:10:17.574061: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.574065: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:10:17.574069: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.574076: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:17.574110: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 13:10:17.574125: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:17.574132: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:17.574135: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:17.574139: | route owner of "north-east" unrouted: NULL Aug 26 13:10:17.574143: | running updown command "ipsec _updown" for verb unroute Aug 26 13:10:17.574146: | command executing unroute-client Aug 26 13:10:17.574177: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 13:10:17.574180: | popen cmd is 1028 chars long Aug 26 13:10:17.574183: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 13:10:17.574185: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Aug 26 13:10:17.574186: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Aug 26 13:10:17.574188: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:10:17.574190: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 13:10:17.574191: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 13:10:17.574193: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:10:17.574195: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 13:10:17.574196: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 13:10:17.574198: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:10:17.574200: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:10:17.574201: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:10:17.574203: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:17.585909: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585935: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585939: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585942: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585946: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585959: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585972: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585984: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.585996: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586007: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586019: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586033: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586047: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586060: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586072: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586377: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586387: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586401: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586415: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586423: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586435: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586449: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586463: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586477: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586491: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586505: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586520: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586533: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586547: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586561: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586575: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586590: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586603: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586616: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586629: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586641: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586656: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586670: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.586684: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.596433: | free hp@0x55755c152498 Aug 26 13:10:17.596457: | flush revival: connection 'north-east' wasn't on the list Aug 26 13:10:17.596463: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Aug 26 13:10:17.596484: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:10:17.596488: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:10:17.596503: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:10:17.596508: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:10:17.596512: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:10:17.596516: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:10:17.596519: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:10:17.596523: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:10:17.596528: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:10:17.596542: | libevent_free: release ptr-libevent@0x55755c143e68 Aug 26 13:10:17.596550: | free_event_entry: release EVENT_NULL-pe@0x55755c14fb68 Aug 26 13:10:17.596563: | libevent_free: release ptr-libevent@0x55755c0d9088 Aug 26 13:10:17.596567: | free_event_entry: release EVENT_NULL-pe@0x55755c14fc18 Aug 26 13:10:17.596576: | libevent_free: release ptr-libevent@0x55755c0d8f28 Aug 26 13:10:17.596580: | free_event_entry: release EVENT_NULL-pe@0x55755c14fcc8 Aug 26 13:10:17.596588: | libevent_free: release ptr-libevent@0x55755c0da888 Aug 26 13:10:17.596591: | free_event_entry: release EVENT_NULL-pe@0x55755c14fd78 Aug 26 13:10:17.596598: | libevent_free: release ptr-libevent@0x55755c0ae4e8 Aug 26 13:10:17.596602: | free_event_entry: release EVENT_NULL-pe@0x55755c14fe28 Aug 26 13:10:17.596608: | libevent_free: release ptr-libevent@0x55755c0ae1d8 Aug 26 13:10:17.596612: | free_event_entry: release EVENT_NULL-pe@0x55755c14fed8 Aug 26 13:10:17.596617: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:17.597039: | libevent_free: release ptr-libevent@0x55755c143f18 Aug 26 13:10:17.597047: | free_event_entry: release EVENT_NULL-pe@0x55755c137d08 Aug 26 13:10:17.597054: | libevent_free: release ptr-libevent@0x55755c0d8fd8 Aug 26 13:10:17.597057: | free_event_entry: release EVENT_NULL-pe@0x55755c137c98 Aug 26 13:10:17.597062: | libevent_free: release ptr-libevent@0x55755c11b618 Aug 26 13:10:17.597066: | free_event_entry: release EVENT_NULL-pe@0x55755c137158 Aug 26 13:10:17.597073: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:10:17.597077: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:10:17.597081: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:10:17.597085: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:10:17.597088: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:10:17.597092: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:10:17.597096: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:10:17.597099: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:10:17.597103: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:10:17.597110: | libevent_free: release ptr-libevent@0x55755c0d9578 Aug 26 13:10:17.597115: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:10:17.597119: | libevent_free: release ptr-libevent@0x55755c0dad18 Aug 26 13:10:17.597123: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:10:17.597127: | libevent_free: release ptr-libevent@0x55755c14f458 Aug 26 13:10:17.597131: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:10:17.597135: | libevent_free: release ptr-libevent@0x55755c14f698 Aug 26 13:10:17.597139: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:10:17.597142: | releasing event base Aug 26 13:10:17.597160: | libevent_free: release ptr-libevent@0x55755c14f568 Aug 26 13:10:17.597165: | libevent_free: release ptr-libevent@0x55755c1325d8 Aug 26 13:10:17.597170: | libevent_free: release ptr-libevent@0x55755c132588 Aug 26 13:10:17.597174: | libevent_free: release ptr-libevent@0x55755c132518 Aug 26 13:10:17.597178: | libevent_free: release ptr-libevent@0x55755c1324d8 Aug 26 13:10:17.597183: | libevent_free: release ptr-libevent@0x55755c14f1e8 Aug 26 13:10:17.597186: | libevent_free: release ptr-libevent@0x55755c14f398 Aug 26 13:10:17.597190: | libevent_free: release ptr-libevent@0x55755c132788 Aug 26 13:10:17.597194: | libevent_free: release ptr-libevent@0x55755c137268 Aug 26 13:10:17.597198: | libevent_free: release ptr-libevent@0x55755c137c58 Aug 26 13:10:17.597201: | libevent_free: release ptr-libevent@0x55755c14ff48 Aug 26 13:10:17.597205: | libevent_free: release ptr-libevent@0x55755c14fe98 Aug 26 13:10:17.597208: | libevent_free: release ptr-libevent@0x55755c14fde8 Aug 26 13:10:17.597212: | libevent_free: release ptr-libevent@0x55755c14fd38 Aug 26 13:10:17.597216: | libevent_free: release ptr-libevent@0x55755c14fc88 Aug 26 13:10:17.597219: | libevent_free: release ptr-libevent@0x55755c14fbd8 Aug 26 13:10:17.597223: | libevent_free: release ptr-libevent@0x55755c0d63d8 Aug 26 13:10:17.597227: | libevent_free: release ptr-libevent@0x55755c14f418 Aug 26 13:10:17.597234: | libevent_free: release ptr-libevent@0x55755c14f3d8 Aug 26 13:10:17.597238: | libevent_free: release ptr-libevent@0x55755c14f358 Aug 26 13:10:17.597242: | libevent_free: release ptr-libevent@0x55755c14f528 Aug 26 13:10:17.597245: | libevent_free: release ptr-libevent@0x55755c14f228 Aug 26 13:10:17.597250: | libevent_free: release ptr-libevent@0x55755c0ad908 Aug 26 13:10:17.597254: | libevent_free: release ptr-libevent@0x55755c0add38 Aug 26 13:10:17.597257: | libevent_free: release ptr-libevent@0x55755c0d6748 Aug 26 13:10:17.597261: | releasing global libevent data Aug 26 13:10:17.597266: | libevent_free: release ptr-libevent@0x55755c0a90c8 Aug 26 13:10:17.597270: | libevent_free: release ptr-libevent@0x55755c0adcd8 Aug 26 13:10:17.597274: | libevent_free: release ptr-libevent@0x55755c0addd8 Aug 26 13:10:17.597360: leak detective found no leaks