Aug 26 13:10:09.646711: FIPS Product: YES Aug 26 13:10:09.646811: FIPS Kernel: NO Aug 26 13:10:09.646827: FIPS Mode: NO Aug 26 13:10:09.646829: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:10:09.646972: Initializing NSS Aug 26 13:10:09.646977: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:10:09.675792: NSS initialized Aug 26 13:10:09.675813: NSS crypto library initialized Aug 26 13:10:09.675817: FIPS HMAC integrity support [enabled] Aug 26 13:10:09.675819: FIPS mode disabled for pluto daemon Aug 26 13:10:09.719275: FIPS HMAC integrity verification self-test FAILED Aug 26 13:10:09.719420: libcap-ng support [enabled] Aug 26 13:10:09.719428: Linux audit support [enabled] Aug 26 13:10:09.719457: Linux audit activated Aug 26 13:10:09.719465: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19862 Aug 26 13:10:09.719467: core dump dir: /tmp Aug 26 13:10:09.719468: secrets file: /etc/ipsec.secrets Aug 26 13:10:09.719470: leak-detective enabled Aug 26 13:10:09.719471: NSS crypto [enabled] Aug 26 13:10:09.719472: XAUTH PAM support [enabled] Aug 26 13:10:09.719527: | libevent is using pluto's memory allocator Aug 26 13:10:09.719532: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:10:09.719547: | libevent_malloc: new ptr-libevent@0x55b013cfc748 size 40 Aug 26 13:10:09.719550: | libevent_malloc: new ptr-libevent@0x55b013cf7cd8 size 40 Aug 26 13:10:09.719553: | libevent_malloc: new ptr-libevent@0x55b013cf7dd8 size 40 Aug 26 13:10:09.719554: | creating event base Aug 26 13:10:09.719556: | libevent_malloc: new ptr-libevent@0x55b013d7c5c8 size 56 Aug 26 13:10:09.719561: | libevent_malloc: new ptr-libevent@0x55b013d20d88 size 664 Aug 26 13:10:09.719569: | libevent_malloc: new ptr-libevent@0x55b013d7c638 size 24 Aug 26 13:10:09.719571: | libevent_malloc: new ptr-libevent@0x55b013d7c688 size 384 Aug 26 13:10:09.719578: | libevent_malloc: new ptr-libevent@0x55b013d7c588 size 16 Aug 26 13:10:09.719580: | libevent_malloc: new ptr-libevent@0x55b013cf7908 size 40 Aug 26 13:10:09.719582: | libevent_malloc: new ptr-libevent@0x55b013cf7d38 size 48 Aug 26 13:10:09.719585: | libevent_realloc: new ptr-libevent@0x55b013d23ba8 size 256 Aug 26 13:10:09.719589: | libevent_malloc: new ptr-libevent@0x55b013d7c838 size 16 Aug 26 13:10:09.719594: | libevent_free: release ptr-libevent@0x55b013d7c5c8 Aug 26 13:10:09.719596: | libevent initialized Aug 26 13:10:09.719599: | libevent_realloc: new ptr-libevent@0x55b013d7c5c8 size 64 Aug 26 13:10:09.719603: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:10:09.719614: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:10:09.719616: NAT-Traversal support [enabled] Aug 26 13:10:09.719618: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:10:09.719623: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:10:09.719625: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:10:09.719650: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:10:09.719653: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:10:09.719655: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:10:09.719687: Encryption algorithms: Aug 26 13:10:09.719693: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:10:09.719696: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:10:09.719699: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:10:09.719701: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:10:09.719703: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:10:09.719710: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:10:09.719712: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:10:09.719715: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:10:09.719717: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:10:09.719719: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:10:09.719721: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:10:09.719724: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:10:09.719726: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:10:09.719728: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:10:09.719730: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:10:09.719732: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:10:09.719734: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:10:09.719739: Hash algorithms: Aug 26 13:10:09.719741: MD5 IKEv1: IKE IKEv2: Aug 26 13:10:09.719743: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:10:09.719745: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:10:09.719747: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:10:09.719749: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:10:09.719758: PRF algorithms: Aug 26 13:10:09.719760: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:10:09.719762: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:10:09.719764: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:10:09.719766: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:10:09.719768: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:10:09.719770: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:10:09.719786: Integrity algorithms: Aug 26 13:10:09.719788: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:10:09.719790: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:10:09.719793: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:10:09.719795: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:10:09.719798: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:10:09.719800: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:10:09.719802: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:10:09.719804: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:10:09.719806: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:10:09.719814: DH algorithms: Aug 26 13:10:09.719816: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:10:09.719818: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:10:09.719820: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:10:09.719823: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:10:09.719825: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:10:09.719827: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:10:09.719829: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:10:09.719831: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:10:09.719833: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:10:09.719835: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:10:09.719837: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:10:09.719838: testing CAMELLIA_CBC: Aug 26 13:10:09.719840: Camellia: 16 bytes with 128-bit key Aug 26 13:10:09.719929: Camellia: 16 bytes with 128-bit key Aug 26 13:10:09.719973: Camellia: 16 bytes with 256-bit key Aug 26 13:10:09.720005: Camellia: 16 bytes with 256-bit key Aug 26 13:10:09.720034: testing AES_GCM_16: Aug 26 13:10:09.720038: empty string Aug 26 13:10:09.720070: one block Aug 26 13:10:09.720097: two blocks Aug 26 13:10:09.720123: two blocks with associated data Aug 26 13:10:09.720152: testing AES_CTR: Aug 26 13:10:09.720155: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:10:09.720182: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:10:09.720210: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:10:09.720252: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:10:09.720273: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:10:09.720296: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:10:09.720317: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:10:09.720333: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:10:09.720352: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:10:09.720369: testing AES_CBC: Aug 26 13:10:09.720372: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:10:09.720388: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:10:09.720406: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:10:09.720424: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:10:09.720445: testing AES_XCBC: Aug 26 13:10:09.720447: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:10:09.720522: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:10:09.720603: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:10:09.720679: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:10:09.720755: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:10:09.720834: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:10:09.720916: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:10:09.721088: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:10:09.721166: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:10:09.721250: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:10:09.721446: testing HMAC_MD5: Aug 26 13:10:09.721451: RFC 2104: MD5_HMAC test 1 Aug 26 13:10:09.721601: RFC 2104: MD5_HMAC test 2 Aug 26 13:10:09.721743: RFC 2104: MD5_HMAC test 3 Aug 26 13:10:09.721911: 8 CPU cores online Aug 26 13:10:09.721916: starting up 7 crypto helpers Aug 26 13:10:09.721942: started thread for crypto helper 0 Aug 26 13:10:09.721947: | starting up helper thread 0 Aug 26 13:10:09.721958: started thread for crypto helper 1 Aug 26 13:10:09.721961: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:10:09.721962: | starting up helper thread 1 Aug 26 13:10:09.721964: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:09.721984: started thread for crypto helper 2 Aug 26 13:10:09.721978: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:10:09.721992: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:09.721994: | starting up helper thread 2 Aug 26 13:10:09.722002: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:10:09.722002: started thread for crypto helper 3 Aug 26 13:10:09.722004: | starting up helper thread 3 Aug 26 13:10:09.722004: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:09.722013: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:10:09.722021: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:09.722025: started thread for crypto helper 4 Aug 26 13:10:09.722027: | starting up helper thread 4 Aug 26 13:10:09.722033: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:10:09.722035: | crypto helper 4 waiting (nothing to do) Aug 26 13:10:09.722042: started thread for crypto helper 5 Aug 26 13:10:09.722057: started thread for crypto helper 6 Aug 26 13:10:09.722059: | starting up helper thread 6 Aug 26 13:10:09.722065: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:10:09.722065: | checking IKEv1 state table Aug 26 13:10:09.722070: | starting up helper thread 5 Aug 26 13:10:09.722071: | crypto helper 6 waiting (nothing to do) Aug 26 13:10:09.722079: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:10:09.722084: | crypto helper 5 waiting (nothing to do) Aug 26 13:10:09.722079: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722090: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:10:09.722092: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722093: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:10:09.722095: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:10:09.722097: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:10:09.722098: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:09.722100: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:09.722102: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:10:09.722103: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:10:09.722105: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:09.722106: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:09.722108: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:10:09.722109: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:09.722111: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:09.722112: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:09.722114: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:10:09.722116: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:09.722117: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:09.722119: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:09.722120: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:10:09.722122: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722124: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:10:09.722125: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722127: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722128: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:10:09.722130: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722132: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:09.722133: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:09.722135: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:10:09.722136: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:09.722138: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:09.722140: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:10:09.722141: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722143: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:10:09.722144: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722146: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:10:09.722148: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:10:09.722151: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:10:09.722153: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:10:09.722155: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:10:09.722156: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:10:09.722158: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:10:09.722159: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722161: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:10:09.722163: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722164: | INFO: category: informational flags: 0: Aug 26 13:10:09.722166: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722168: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:10:09.722169: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722171: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:10:09.722172: | -> XAUTH_R1 EVENT_NULL Aug 26 13:10:09.722174: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:10:09.722176: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:09.722177: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:10:09.722179: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:10:09.722181: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:10:09.722182: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:10:09.722184: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:10:09.722186: | -> UNDEFINED EVENT_NULL Aug 26 13:10:09.722187: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:10:09.722189: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:09.722191: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:10:09.722192: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:10:09.722194: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:10:09.722195: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:10:09.722200: | checking IKEv2 state table Aug 26 13:10:09.722205: | PARENT_I0: category: ignore flags: 0: Aug 26 13:10:09.722207: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:10:09.722209: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722210: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:10:09.722212: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:10:09.722214: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:10:09.722216: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:10:09.722218: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:10:09.722220: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:10:09.722222: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:10:09.722223: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:10:09.722225: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:10:09.722227: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:10:09.722229: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:10:09.722230: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:10:09.722232: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:10:09.722234: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722235: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:10:09.722237: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:10:09.722239: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:10:09.722241: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:10:09.722243: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:10:09.722244: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:10:09.722247: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:10:09.722249: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:10:09.722251: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:10:09.722253: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:10:09.722254: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:10:09.722256: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:10:09.722258: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:10:09.722260: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:10:09.722262: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:09.722264: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:10:09.722266: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:10:09.722267: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:10:09.722269: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:10:09.722271: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:10:09.722273: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:10:09.722275: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:10:09.722277: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:10:09.722278: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:09.722280: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:10:09.722282: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:10:09.722284: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:10:09.722286: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:10:09.722292: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:10:09.722298: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:10:09.722327: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:10:09.722798: | Hard-wiring algorithms Aug 26 13:10:09.722801: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:10:09.722805: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:10:09.722807: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:10:09.722808: | adding 3DES_CBC to kernel algorithm db Aug 26 13:10:09.722810: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:10:09.722812: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:10:09.722814: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:10:09.722815: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:10:09.722817: | adding AES_CTR to kernel algorithm db Aug 26 13:10:09.722819: | adding AES_CBC to kernel algorithm db Aug 26 13:10:09.722821: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:10:09.722823: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:10:09.722824: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:10:09.722826: | adding NULL to kernel algorithm db Aug 26 13:10:09.722828: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:10:09.722830: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:10:09.722831: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:10:09.722833: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:10:09.722835: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:10:09.722837: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:10:09.722838: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:10:09.722840: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:10:09.722841: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:10:09.722843: | adding NONE to kernel algorithm db Aug 26 13:10:09.722862: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:10:09.722867: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:10:09.722869: | setup kernel fd callback Aug 26 13:10:09.722872: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55b013d81298 Aug 26 13:10:09.722875: | libevent_malloc: new ptr-libevent@0x55b013d65668 size 128 Aug 26 13:10:09.722878: | libevent_malloc: new ptr-libevent@0x55b013d813a8 size 16 Aug 26 13:10:09.722882: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55b013d81dd8 Aug 26 13:10:09.722884: | libevent_malloc: new ptr-libevent@0x55b013d23978 size 128 Aug 26 13:10:09.722886: | libevent_malloc: new ptr-libevent@0x55b013d81d98 size 16 Aug 26 13:10:09.723030: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:10:09.723036: selinux support is enabled. Aug 26 13:10:09.723493: | unbound context created - setting debug level to 5 Aug 26 13:10:09.723528: | /etc/hosts lookups activated Aug 26 13:10:09.723539: | /etc/resolv.conf usage activated Aug 26 13:10:09.723575: | outgoing-port-avoid set 0-65535 Aug 26 13:10:09.723592: | outgoing-port-permit set 32768-60999 Aug 26 13:10:09.723594: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:10:09.723596: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:10:09.723598: | Setting up events, loop start Aug 26 13:10:09.723601: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55b013d81e48 Aug 26 13:10:09.723603: | libevent_malloc: new ptr-libevent@0x55b013d8e058 size 128 Aug 26 13:10:09.723605: | libevent_malloc: new ptr-libevent@0x55b013d99328 size 16 Aug 26 13:10:09.723610: | libevent_realloc: new ptr-libevent@0x55b013d20a18 size 256 Aug 26 13:10:09.723612: | libevent_malloc: new ptr-libevent@0x55b013d99368 size 8 Aug 26 13:10:09.723614: | libevent_realloc: new ptr-libevent@0x55b013d993a8 size 144 Aug 26 13:10:09.723616: | libevent_malloc: new ptr-libevent@0x55b013d218e8 size 152 Aug 26 13:10:09.723618: | libevent_malloc: new ptr-libevent@0x55b013d99468 size 16 Aug 26 13:10:09.723621: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:10:09.723623: | libevent_malloc: new ptr-libevent@0x55b013d994a8 size 8 Aug 26 13:10:09.723625: | libevent_malloc: new ptr-libevent@0x55b013d2c958 size 152 Aug 26 13:10:09.723627: | signal event handler PLUTO_SIGTERM installed Aug 26 13:10:09.723628: | libevent_malloc: new ptr-libevent@0x55b013d994e8 size 8 Aug 26 13:10:09.723630: | libevent_malloc: new ptr-libevent@0x55b013d24758 size 152 Aug 26 13:10:09.723632: | signal event handler PLUTO_SIGHUP installed Aug 26 13:10:09.723634: | libevent_malloc: new ptr-libevent@0x55b013d99528 size 8 Aug 26 13:10:09.723636: | libevent_realloc: release ptr-libevent@0x55b013d993a8 Aug 26 13:10:09.723637: | libevent_realloc: new ptr-libevent@0x55b013d99568 size 256 Aug 26 13:10:09.723639: | libevent_malloc: new ptr-libevent@0x55b013d99698 size 152 Aug 26 13:10:09.723641: | signal event handler PLUTO_SIGSYS installed Aug 26 13:10:09.723903: | created addconn helper (pid:20024) using fork+execve Aug 26 13:10:09.723916: | forked child 20024 Aug 26 13:10:09.723952: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.724165: listening for IKE messages Aug 26 13:10:09.724250: | Inspecting interface lo Aug 26 13:10:09.724258: | found lo with address 127.0.0.1 Aug 26 13:10:09.724262: | Inspecting interface eth0 Aug 26 13:10:09.724267: | found eth0 with address 192.0.2.254 Aug 26 13:10:09.724271: | Inspecting interface eth1 Aug 26 13:10:09.724275: | found eth1 with address 192.1.2.23 Aug 26 13:10:09.724384: Kernel supports NIC esp-hw-offload Aug 26 13:10:09.724402: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:10:09.724459: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:09.724466: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:09.724471: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:10:09.724505: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:10:09.724529: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:09.724535: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:09.724539: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:10:09.724565: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:10:09.724587: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:09.724592: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:09.724597: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:10:09.724678: | no interfaces to sort Aug 26 13:10:09.724684: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:09.724694: | add_fd_read_event_handler: new ethX-pe@0x55b013d99a98 Aug 26 13:10:09.724698: | libevent_malloc: new ptr-libevent@0x55b013d8dfa8 size 128 Aug 26 13:10:09.724702: | libevent_malloc: new ptr-libevent@0x55b013d99b08 size 16 Aug 26 13:10:09.724710: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:09.724713: | add_fd_read_event_handler: new ethX-pe@0x55b013d99b48 Aug 26 13:10:09.724718: | libevent_malloc: new ptr-libevent@0x55b013d243f8 size 128 Aug 26 13:10:09.724721: | libevent_malloc: new ptr-libevent@0x55b013d99bb8 size 16 Aug 26 13:10:09.724726: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:09.724729: | add_fd_read_event_handler: new ethX-pe@0x55b013d99bf8 Aug 26 13:10:09.724732: | libevent_malloc: new ptr-libevent@0x55b013d24688 size 128 Aug 26 13:10:09.724735: | libevent_malloc: new ptr-libevent@0x55b013d99c68 size 16 Aug 26 13:10:09.724740: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:10:09.724743: | add_fd_read_event_handler: new ethX-pe@0x55b013d99ca8 Aug 26 13:10:09.724746: | libevent_malloc: new ptr-libevent@0x55b013d19b78 size 128 Aug 26 13:10:09.724748: | libevent_malloc: new ptr-libevent@0x55b013d99d18 size 16 Aug 26 13:10:09.724753: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:10:09.724756: | add_fd_read_event_handler: new ethX-pe@0x55b013d99d58 Aug 26 13:10:09.724760: | libevent_malloc: new ptr-libevent@0x55b013cf84e8 size 128 Aug 26 13:10:09.724763: | libevent_malloc: new ptr-libevent@0x55b013d99dc8 size 16 Aug 26 13:10:09.724768: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:10:09.724771: | add_fd_read_event_handler: new ethX-pe@0x55b013d99e08 Aug 26 13:10:09.724774: | libevent_malloc: new ptr-libevent@0x55b013cf81d8 size 128 Aug 26 13:10:09.724777: | libevent_malloc: new ptr-libevent@0x55b013d99e78 size 16 Aug 26 13:10:09.724782: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:10:09.724787: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:09.724790: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:09.724810: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:09.724831: | saving Modulus Aug 26 13:10:09.724836: | saving PublicExponent Aug 26 13:10:09.724841: | ignoring PrivateExponent Aug 26 13:10:09.724844: | ignoring Prime1 Aug 26 13:10:09.724847: | ignoring Prime2 Aug 26 13:10:09.724851: | ignoring Exponent1 Aug 26 13:10:09.724854: | ignoring Exponent2 Aug 26 13:10:09.724857: | ignoring Coefficient Aug 26 13:10:09.724861: | ignoring CKAIDNSS Aug 26 13:10:09.724894: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:09.724897: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:09.724902: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:10:09.724909: | certs and keys locked by 'process_secret' Aug 26 13:10:09.724914: | certs and keys unlocked by 'process_secret' Aug 26 13:10:09.724925: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.724933: | spent 0.984 milliseconds in whack Aug 26 13:10:09.748652: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.748675: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:09.748682: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:09.748684: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:09.748686: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:09.748689: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:09.748694: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:09.748697: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:10:09.748735: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:10:09.748737: | from whack: got --esp= Aug 26 13:10:09.748777: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:10:09.748781: | counting wild cards for @north is 0 Aug 26 13:10:09.748783: | counting wild cards for @east is 0 Aug 26 13:10:09.748789: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 13:10:09.748791: | new hp@0x55b013d9c4a8 Aug 26 13:10:09.748795: added connection description "north-east" Aug 26 13:10:09.748803: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:09.748811: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.254/32 Aug 26 13:10:09.748818: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.748823: | spent 0.178 milliseconds in whack Aug 26 13:10:09.748896: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.748908: add keyid @north Aug 26 13:10:09.748911: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:10:09.748913: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:10:09.748915: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:10:09.748916: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:10:09.748918: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:10:09.748919: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:10:09.748921: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:10:09.748923: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:10:09.748924: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:10:09.748926: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:10:09.748927: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:10:09.748929: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:10:09.748930: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:10:09.748932: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:10:09.748933: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:10:09.748935: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:10:09.748936: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:10:09.748938: | add pubkey c7 5e a5 99 Aug 26 13:10:09.748955: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:09.748957: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:09.748966: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.748970: | spent 0.0795 milliseconds in whack Aug 26 13:10:09.749024: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.749032: add keyid @east Aug 26 13:10:09.749034: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:10:09.749036: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:10:09.749037: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:10:09.749039: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:10:09.749040: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:10:09.749042: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:10:09.749043: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:10:09.749045: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:10:09.749046: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:10:09.749048: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:10:09.749049: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:10:09.749051: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:10:09.749052: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:10:09.749054: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:10:09.749055: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:10:09.749057: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:10:09.749058: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:10:09.749060: | add pubkey 51 51 48 ef Aug 26 13:10:09.749065: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:09.749067: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:09.749073: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.749089: | spent 0.0558 milliseconds in whack Aug 26 13:10:09.749106: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.749125: listening for IKE messages Aug 26 13:10:09.749153: | Inspecting interface lo Aug 26 13:10:09.749158: | found lo with address 127.0.0.1 Aug 26 13:10:09.749160: | Inspecting interface eth0 Aug 26 13:10:09.749162: | found eth0 with address 192.0.2.254 Aug 26 13:10:09.749164: | Inspecting interface eth1 Aug 26 13:10:09.749166: | found eth1 with address 192.1.2.23 Aug 26 13:10:09.749213: | no interfaces to sort Aug 26 13:10:09.749219: | libevent_free: release ptr-libevent@0x55b013d8dfa8 Aug 26 13:10:09.749221: | free_event_entry: release EVENT_NULL-pe@0x55b013d99a98 Aug 26 13:10:09.749223: | add_fd_read_event_handler: new ethX-pe@0x55b013d99a98 Aug 26 13:10:09.749225: | libevent_malloc: new ptr-libevent@0x55b013d8dfa8 size 128 Aug 26 13:10:09.749230: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:09.749233: | libevent_free: release ptr-libevent@0x55b013d243f8 Aug 26 13:10:09.749234: | free_event_entry: release EVENT_NULL-pe@0x55b013d99b48 Aug 26 13:10:09.749236: | add_fd_read_event_handler: new ethX-pe@0x55b013d99b48 Aug 26 13:10:09.749238: | libevent_malloc: new ptr-libevent@0x55b013d243f8 size 128 Aug 26 13:10:09.749241: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:09.749243: | libevent_free: release ptr-libevent@0x55b013d24688 Aug 26 13:10:09.749245: | free_event_entry: release EVENT_NULL-pe@0x55b013d99bf8 Aug 26 13:10:09.749246: | add_fd_read_event_handler: new ethX-pe@0x55b013d99bf8 Aug 26 13:10:09.749248: | libevent_malloc: new ptr-libevent@0x55b013d24688 size 128 Aug 26 13:10:09.749251: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:10:09.749253: | libevent_free: release ptr-libevent@0x55b013d19b78 Aug 26 13:10:09.749255: | free_event_entry: release EVENT_NULL-pe@0x55b013d99ca8 Aug 26 13:10:09.749257: | add_fd_read_event_handler: new ethX-pe@0x55b013d99ca8 Aug 26 13:10:09.749258: | libevent_malloc: new ptr-libevent@0x55b013d19b78 size 128 Aug 26 13:10:09.749263: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:10:09.749266: | libevent_free: release ptr-libevent@0x55b013cf84e8 Aug 26 13:10:09.749268: | free_event_entry: release EVENT_NULL-pe@0x55b013d99d58 Aug 26 13:10:09.749269: | add_fd_read_event_handler: new ethX-pe@0x55b013d99d58 Aug 26 13:10:09.749271: | libevent_malloc: new ptr-libevent@0x55b013cf84e8 size 128 Aug 26 13:10:09.749274: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:10:09.749276: | libevent_free: release ptr-libevent@0x55b013cf81d8 Aug 26 13:10:09.749278: | free_event_entry: release EVENT_NULL-pe@0x55b013d99e08 Aug 26 13:10:09.749280: | add_fd_read_event_handler: new ethX-pe@0x55b013d99e08 Aug 26 13:10:09.749281: | libevent_malloc: new ptr-libevent@0x55b013cf81d8 size 128 Aug 26 13:10:09.749284: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:10:09.749286: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:09.749291: forgetting secrets Aug 26 13:10:09.749314: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:09.749324: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:09.749347: | saving Modulus Aug 26 13:10:09.749350: | saving PublicExponent Aug 26 13:10:09.749352: | ignoring PrivateExponent Aug 26 13:10:09.749354: | ignoring Prime1 Aug 26 13:10:09.749356: | ignoring Prime2 Aug 26 13:10:09.749358: | ignoring Exponent1 Aug 26 13:10:09.749360: | ignoring Exponent2 Aug 26 13:10:09.749362: | ignoring Coefficient Aug 26 13:10:09.749364: | ignoring CKAIDNSS Aug 26 13:10:09.749372: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:09.749374: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:09.749377: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:10:09.749381: | certs and keys locked by 'process_secret' Aug 26 13:10:09.749382: | certs and keys unlocked by 'process_secret' Aug 26 13:10:09.749389: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.749393: | spent 0.287 milliseconds in whack Aug 26 13:10:09.749450: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:09.749463: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:09.749466: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Aug 26 13:10:09.749468: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 13:10:09.749470: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:09.749472: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:09.749474: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:09.749477: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 13:10:09.749479: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:09.749481: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:09.749482: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:09.749484: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:09.749486: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 13:10:09.749488: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Aug 26 13:10:09.749491: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:09.749493: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:09.749495: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:09.749502: | IPsec Sa SPD priority set to 1042399 Aug 26 13:10:09.749549: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:09.749552: | route_and_eroute: firewall_notified: true Aug 26 13:10:09.749554: | running updown command "ipsec _updown" for verb prepare Aug 26 13:10:09.749555: | command executing prepare-client Aug 26 13:10:09.749601: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 13:10:09.749611: | popen cmd is 1028 chars long Aug 26 13:10:09.749615: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 13:10:09.749619: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_: Aug 26 13:10:09.749622: | cmd( 160):ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_: Aug 26 13:10:09.749626: | cmd( 240):MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_: Aug 26 13:10:09.749629: | cmd( 320):REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north: Aug 26 13:10:09.749631: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_P: Aug 26 13:10:09.749634: | cmd( 480):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:10:09.749635: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 13:10:09.749637: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 13:10:09.749638: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:10:09.749640: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:10:09.749642: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:10:09.749643: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:09.760107: | running updown command "ipsec _updown" for verb route Aug 26 13:10:09.760121: | command executing route-client Aug 26 13:10:09.760146: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Aug 26 13:10:09.760149: | popen cmd is 1026 chars long Aug 26 13:10:09.760151: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Aug 26 13:10:09.760153: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID: Aug 26 13:10:09.760155: | cmd( 160):='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY: Aug 26 13:10:09.760161: | cmd( 240):_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_RE: Aug 26 13:10:09.760162: | cmd( 320):QID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' : Aug 26 13:10:09.760164: | cmd( 400):PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEE: Aug 26 13:10:09.760166: | cmd( 480):R_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:10:09.760167: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 13:10:09.760169: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Aug 26 13:10:09.760171: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Aug 26 13:10:09.760172: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 13:10:09.760174: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 13:10:09.760176: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:09.773632: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Aug 26 13:10:09.773655: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:09.773664: | spent 1.03 milliseconds in whack Aug 26 13:10:09.773679: | processing signal PLUTO_SIGCHLD Aug 26 13:10:09.773683: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:10:09.773687: | spent 0.00469 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:09.773689: | processing signal PLUTO_SIGCHLD Aug 26 13:10:09.773691: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:10:09.773693: | spent 0.00246 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:09.774153: | processing signal PLUTO_SIGCHLD Aug 26 13:10:09.774165: | waitpid returned pid 20024 (exited with status 0) Aug 26 13:10:09.774168: | reaped addconn helper child (status 0) Aug 26 13:10:09.774176: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:09.774179: | spent 0.0182 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:10.848695: | spent 0.00489 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:10.848755: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:10:10.848766: | bf c4 e0 9e f3 c2 f5 83 00 00 00 00 00 00 00 00 Aug 26 13:10:10.848772: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:10:10.848778: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:10:10.848781: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:10:10.848784: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:10:10.848787: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:10:10.848790: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:10:10.848793: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:10:10.848796: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:10:10.848800: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:10:10.848803: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:10:10.848806: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:10:10.848809: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:10:10.848812: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:10:10.848815: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:10:10.848818: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:10:10.848821: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:10.848824: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:10:10.848827: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:10:10.848830: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:10:10.848833: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:10:10.848842: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:10:10.848845: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:10:10.848848: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:10:10.848851: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:10:10.848854: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:10:10.848858: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:10:10.848861: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:10:10.848864: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:10:10.848867: | 28 00 01 08 00 0e 00 00 8c d0 11 ee 26 0f 17 1c Aug 26 13:10:10.848870: | 54 79 81 91 89 fd a0 65 1a 4b 9a d8 d3 96 f7 1a Aug 26 13:10:10.848873: | 34 05 bd d2 c1 74 30 9e 7e 6b 56 7d 67 e4 74 39 Aug 26 13:10:10.848876: | e1 5a 33 80 cd 68 98 f1 8b a3 11 2f 08 23 e7 4d Aug 26 13:10:10.848879: | 74 12 0c 0d 60 d4 6f b1 0b 76 a6 5c 00 22 99 f2 Aug 26 13:10:10.848882: | 1c 32 4c 53 95 d7 54 85 4b a9 34 1c 9e b1 86 6a Aug 26 13:10:10.848885: | 5d 4d fc 6e fb ef 10 b9 c0 c8 4d ce f5 41 7b cc Aug 26 13:10:10.848889: | d9 83 3f 29 1a 4a 8a 1a d8 6e 84 56 63 85 f8 45 Aug 26 13:10:10.848892: | aa e0 63 4a cb 47 eb 41 89 13 9f 31 3e 15 61 e5 Aug 26 13:10:10.848895: | 13 2c 9b 5c 5f dd 01 e4 ab 90 a2 2e 6e d5 9f 78 Aug 26 13:10:10.848898: | 91 42 f9 14 c1 87 d1 0f ea 39 15 1e ea 5a 56 fa Aug 26 13:10:10.848901: | a4 82 01 b6 71 ed 9a 5c da 89 87 8e 1d 9d 45 8c Aug 26 13:10:10.848904: | 04 4f 08 76 0a 3e 47 2f b1 a3 83 5f 7a 92 26 14 Aug 26 13:10:10.848907: | 79 cf 10 ac a0 9b f1 db 33 3a 9b 54 2b a7 c6 df Aug 26 13:10:10.848910: | e1 72 ea 41 e4 b8 2c ff 61 32 84 51 61 24 ad 7f Aug 26 13:10:10.848913: | e0 a8 64 5a f2 3c 14 cc b4 76 6f a6 8a f9 ab c1 Aug 26 13:10:10.848916: | e4 de 79 66 02 93 dc 48 29 00 00 24 46 1c 3d 0f Aug 26 13:10:10.848919: | 4f f9 c9 32 16 b1 a3 7f 43 a1 04 e9 9c c5 21 09 Aug 26 13:10:10.848923: | 7a f0 1d 5b f5 13 03 1d e8 22 5d 26 29 00 00 08 Aug 26 13:10:10.848926: | 00 00 40 2e 29 00 00 1c 00 00 40 04 78 e9 69 69 Aug 26 13:10:10.848929: | 0d e3 d5 87 52 56 6a 72 39 2b 30 a4 3e 3f cd 20 Aug 26 13:10:10.848932: | 00 00 00 1c 00 00 40 05 a4 6b 09 09 ae 45 dd 5a Aug 26 13:10:10.848935: | 3d 1f fd ba 12 2e fe 69 2b b0 3d fb Aug 26 13:10:10.848944: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:10:10.848949: | **parse ISAKMP Message: Aug 26 13:10:10.848953: | initiator cookie: Aug 26 13:10:10.848956: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.848959: | responder cookie: Aug 26 13:10:10.848962: | 00 00 00 00 00 00 00 00 Aug 26 13:10:10.848966: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:10.848970: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.848974: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:10.848979: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:10.848983: | Message ID: 0 (0x0) Aug 26 13:10:10.848986: | length: 828 (0x33c) Aug 26 13:10:10.848990: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:10:10.848995: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:10:10.849000: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:10:10.849004: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:10.849008: | ***parse IKEv2 Security Association Payload: Aug 26 13:10:10.849012: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:10.849015: | flags: none (0x0) Aug 26 13:10:10.849018: | length: 436 (0x1b4) Aug 26 13:10:10.849022: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:10:10.849025: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:10.849029: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:10:10.849032: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:10.849039: | flags: none (0x0) Aug 26 13:10:10.849042: | length: 264 (0x108) Aug 26 13:10:10.849045: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.849049: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:10:10.849052: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:10.849056: | ***parse IKEv2 Nonce Payload: Aug 26 13:10:10.849059: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.849062: | flags: none (0x0) Aug 26 13:10:10.849065: | length: 36 (0x24) Aug 26 13:10:10.849069: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:10.849072: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.849075: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.849079: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.849082: | flags: none (0x0) Aug 26 13:10:10.849085: | length: 8 (0x8) Aug 26 13:10:10.849088: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.849092: | SPI size: 0 (0x0) Aug 26 13:10:10.849095: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:10.849099: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:10:10.849102: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.849105: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.849109: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.849112: | flags: none (0x0) Aug 26 13:10:10.849115: | length: 28 (0x1c) Aug 26 13:10:10.849118: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.849121: | SPI size: 0 (0x0) Aug 26 13:10:10.849125: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:10.849128: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:10.849131: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:10.849135: | ***parse IKEv2 Notify Payload: Aug 26 13:10:10.849138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.849141: | flags: none (0x0) Aug 26 13:10:10.849144: | length: 28 (0x1c) Aug 26 13:10:10.849148: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.849151: | SPI size: 0 (0x0) Aug 26 13:10:10.849154: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:10.849157: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:10.849161: | DDOS disabled and no cookie sent, continuing Aug 26 13:10:10.849168: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:10:10.849175: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:10:10.849180: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:10:10.849184: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east) Aug 26 13:10:10.849188: | find_next_host_connection returns empty Aug 26 13:10:10.849194: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:10:10.849198: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:10:10.849201: | find_next_host_connection returns empty Aug 26 13:10:10.849206: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:10:10.849212: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:10:10.849218: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:10:10.849221: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:10:10.849226: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east) Aug 26 13:10:10.849229: | find_next_host_connection returns north-east Aug 26 13:10:10.849233: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:10:10.849236: | find_next_host_connection returns empty Aug 26 13:10:10.849240: | found connection: north-east with policy RSASIG+IKEV2_ALLOW Aug 26 13:10:10.849274: | creating state object #1 at 0x55b013d9f108 Aug 26 13:10:10.849282: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:10:10.849300: | pstats #1 ikev2.ike started Aug 26 13:10:10.849308: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:10.849312: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:10:10.849320: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:10.849332: | start processing: state #1 connection "north-east" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:10.849340: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:10.849346: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:10.849350: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:10:10.849356: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:10:10.849362: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:10:10.849366: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:10:10.849370: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:10:10.849373: | Now let's proceed with state specific processing Aug 26 13:10:10.849377: | calling processor Respond to IKE_SA_INIT Aug 26 13:10:10.849391: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:10:10.849395: | constructing local IKE proposals for north-east (IKE SA responder matching remote proposals) Aug 26 13:10:10.849410: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.849420: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.849425: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.849432: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.849437: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.849444: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.849449: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:10:10.849456: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.849468: "north-east": constructed local IKE proposals for north-east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:10.849478: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:10:10.849484: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:10.849487: | local proposal 1 type PRF has 2 transforms Aug 26 13:10:10.849491: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:10.849494: | local proposal 1 type DH has 8 transforms Aug 26 13:10:10.849498: | local proposal 1 type ESN has 0 transforms Aug 26 13:10:10.849503: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:10.849506: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:10.849510: | local proposal 2 type PRF has 2 transforms Aug 26 13:10:10.849513: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:10.849516: | local proposal 2 type DH has 8 transforms Aug 26 13:10:10.849520: | local proposal 2 type ESN has 0 transforms Aug 26 13:10:10.849524: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:10.849527: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:10.849531: | local proposal 3 type PRF has 2 transforms Aug 26 13:10:10.849534: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:10.849537: | local proposal 3 type DH has 8 transforms Aug 26 13:10:10.849541: | local proposal 3 type ESN has 0 transforms Aug 26 13:10:10.849545: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:10.849548: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:10.849551: | local proposal 4 type PRF has 2 transforms Aug 26 13:10:10.849555: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:10.849558: | local proposal 4 type DH has 8 transforms Aug 26 13:10:10.849562: | local proposal 4 type ESN has 0 transforms Aug 26 13:10:10.849565: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:10.849570: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.849574: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.849577: | length: 100 (0x64) Aug 26 13:10:10.849580: | prop #: 1 (0x1) Aug 26 13:10:10.849584: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.849587: | spi size: 0 (0x0) Aug 26 13:10:10.849590: | # transforms: 11 (0xb) Aug 26 13:10:10.849595: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:10:10.849599: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849606: | length: 12 (0xc) Aug 26 13:10:10.849610: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.849613: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.849617: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.849620: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.849624: | length/value: 256 (0x100) Aug 26 13:10:10.849630: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:10.849634: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849640: | length: 8 (0x8) Aug 26 13:10:10.849644: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.849647: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.849652: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:10:10.849656: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:10:10.849660: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:10:10.849664: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:10:10.849668: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849674: | length: 8 (0x8) Aug 26 13:10:10.849679: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.849683: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.849687: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849693: | length: 8 (0x8) Aug 26 13:10:10.849696: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849700: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.849704: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:10.849709: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:10:10.849713: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:10:10.849717: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:10:10.849720: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849727: | length: 8 (0x8) Aug 26 13:10:10.849730: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849733: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.849737: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849743: | length: 8 (0x8) Aug 26 13:10:10.849747: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849750: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.849754: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849760: | length: 8 (0x8) Aug 26 13:10:10.849763: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849767: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.849770: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849777: | length: 8 (0x8) Aug 26 13:10:10.849780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849783: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.849787: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849793: | length: 8 (0x8) Aug 26 13:10:10.849797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849800: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.849804: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849810: | length: 8 (0x8) Aug 26 13:10:10.849813: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849817: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.849820: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849823: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.849827: | length: 8 (0x8) Aug 26 13:10:10.849830: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849833: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.849838: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:10:10.849845: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:10:10.849848: | remote proposal 1 matches local proposal 1 Aug 26 13:10:10.849852: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.849856: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.849859: | length: 100 (0x64) Aug 26 13:10:10.849862: | prop #: 2 (0x2) Aug 26 13:10:10.849865: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.849869: | spi size: 0 (0x0) Aug 26 13:10:10.849872: | # transforms: 11 (0xb) Aug 26 13:10:10.849878: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.849882: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849888: | length: 12 (0xc) Aug 26 13:10:10.849891: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.849895: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.849898: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.849901: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.849905: | length/value: 128 (0x80) Aug 26 13:10:10.849909: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849915: | length: 8 (0x8) Aug 26 13:10:10.849918: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.849922: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.849925: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849932: | length: 8 (0x8) Aug 26 13:10:10.849935: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.849938: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.849942: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849948: | length: 8 (0x8) Aug 26 13:10:10.849951: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849955: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.849958: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849964: | length: 8 (0x8) Aug 26 13:10:10.849968: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849971: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.849975: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849981: | length: 8 (0x8) Aug 26 13:10:10.849984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.849988: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.849991: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.849994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.849997: | length: 8 (0x8) Aug 26 13:10:10.850001: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850004: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.850008: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850014: | length: 8 (0x8) Aug 26 13:10:10.850017: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850021: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.850024: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850030: | length: 8 (0x8) Aug 26 13:10:10.850034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850037: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.850041: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850047: | length: 8 (0x8) Aug 26 13:10:10.850050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850053: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.850057: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850060: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.850063: | length: 8 (0x8) Aug 26 13:10:10.850067: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850070: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.850075: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:10:10.850081: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:10:10.850084: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.850088: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.850091: | length: 116 (0x74) Aug 26 13:10:10.850094: | prop #: 3 (0x3) Aug 26 13:10:10.850097: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.850100: | spi size: 0 (0x0) Aug 26 13:10:10.850103: | # transforms: 13 (0xd) Aug 26 13:10:10.850108: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.850111: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850118: | length: 12 (0xc) Aug 26 13:10:10.850121: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.850124: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.850128: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.850131: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.850134: | length/value: 256 (0x100) Aug 26 13:10:10.850138: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850144: | length: 8 (0x8) Aug 26 13:10:10.850148: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.850151: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.850155: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850161: | length: 8 (0x8) Aug 26 13:10:10.850164: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.850168: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.850171: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850177: | length: 8 (0x8) Aug 26 13:10:10.850181: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.850184: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.850188: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850194: | length: 8 (0x8) Aug 26 13:10:10.850197: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.850201: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.850204: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850211: | length: 8 (0x8) Aug 26 13:10:10.850214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850217: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.850221: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850227: | length: 8 (0x8) Aug 26 13:10:10.850230: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850234: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.850237: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850244: | length: 8 (0x8) Aug 26 13:10:10.850247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850250: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.850254: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850260: | length: 8 (0x8) Aug 26 13:10:10.850263: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850267: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.850270: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850273: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850279: | length: 8 (0x8) Aug 26 13:10:10.850282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850285: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.850296: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850304: | length: 8 (0x8) Aug 26 13:10:10.850307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850310: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.850314: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850320: | length: 8 (0x8) Aug 26 13:10:10.850324: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850327: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.850333: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850337: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.850340: | length: 8 (0x8) Aug 26 13:10:10.850343: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850346: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.850351: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:10:10.850356: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:10:10.850359: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.850362: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.850366: | length: 116 (0x74) Aug 26 13:10:10.850369: | prop #: 4 (0x4) Aug 26 13:10:10.850372: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.850375: | spi size: 0 (0x0) Aug 26 13:10:10.850378: | # transforms: 13 (0xd) Aug 26 13:10:10.850382: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.850386: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850392: | length: 12 (0xc) Aug 26 13:10:10.850395: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.850399: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.850402: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.850406: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.850409: | length/value: 128 (0x80) Aug 26 13:10:10.850413: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850419: | length: 8 (0x8) Aug 26 13:10:10.850422: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.850426: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.850429: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850432: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850436: | length: 8 (0x8) Aug 26 13:10:10.850439: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.850442: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:10.850446: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850452: | length: 8 (0x8) Aug 26 13:10:10.850455: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.850458: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.850462: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850468: | length: 8 (0x8) Aug 26 13:10:10.850472: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.850475: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.850479: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850485: | length: 8 (0x8) Aug 26 13:10:10.850490: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850494: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.850497: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850504: | length: 8 (0x8) Aug 26 13:10:10.850507: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850510: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:10.850514: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850520: | length: 8 (0x8) Aug 26 13:10:10.850523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850527: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:10.850530: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850537: | length: 8 (0x8) Aug 26 13:10:10.850540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850543: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:10.850547: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850553: | length: 8 (0x8) Aug 26 13:10:10.850556: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850560: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:10.850563: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850570: | length: 8 (0x8) Aug 26 13:10:10.850573: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850576: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:10.850580: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.850586: | length: 8 (0x8) Aug 26 13:10:10.850589: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850593: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:10.850596: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.850599: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.850603: | length: 8 (0x8) Aug 26 13:10:10.850606: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.850609: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:10.850614: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:10:10.850618: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:10:10.850624: "north-east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:10:10.850630: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:10:10.850634: | converting proposal to internal trans attrs Aug 26 13:10:10.850639: | natd_hash: rcookie is zero Aug 26 13:10:10.850655: | natd_hash: hasher=0x55b0124e9800(20) Aug 26 13:10:10.850659: | natd_hash: icookie= bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.850662: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:10.850670: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:10.850673: | natd_hash: port=500 Aug 26 13:10:10.850677: | natd_hash: hash= a4 6b 09 09 ae 45 dd 5a 3d 1f fd ba 12 2e fe 69 Aug 26 13:10:10.850680: | natd_hash: hash= 2b b0 3d fb Aug 26 13:10:10.850683: | natd_hash: rcookie is zero Aug 26 13:10:10.850690: | natd_hash: hasher=0x55b0124e9800(20) Aug 26 13:10:10.850694: | natd_hash: icookie= bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.850697: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:10.850700: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:10.850703: | natd_hash: port=500 Aug 26 13:10:10.850707: | natd_hash: hash= 78 e9 69 69 0d e3 d5 87 52 56 6a 72 39 2b 30 a4 Aug 26 13:10:10.850710: | natd_hash: hash= 3e 3f cd 20 Aug 26 13:10:10.850713: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:10:10.850717: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:10:10.850720: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:10:10.850724: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:10:10.850732: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:10:10.850736: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b013d9c588 Aug 26 13:10:10.850742: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:10.850746: | libevent_malloc: new ptr-libevent@0x55b013d9db78 size 128 Aug 26 13:10:10.850762: | #1 spent 1.37 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:10:10.850771: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.850776: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:10:10.850780: | suspending state #1 and saving MD Aug 26 13:10:10.850783: | #1 is busy; has a suspended MD Aug 26 13:10:10.850789: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:10.850794: | "north-east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:10.850800: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:10.850806: | #1 spent 2.08 milliseconds in ikev2_process_packet() Aug 26 13:10:10.850818: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:10:10.850801: | crypto helper 0 resuming Aug 26 13:10:10.850846: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:10:10.850825: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:10.850855: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:10:10.850860: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:10.850867: | spent 2.12 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:10.852024: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001168 seconds Aug 26 13:10:10.852042: | (#1) spent 1.18 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:10:10.852047: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:10:10.852052: | scheduling resume sending helper answer for #1 Aug 26 13:10:10.852057: | libevent_malloc: new ptr-libevent@0x7fbe9c002888 size 128 Aug 26 13:10:10.852068: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:10.852110: | processing resume sending helper answer for #1 Aug 26 13:10:10.852130: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:10:10.852137: | crypto helper 0 replies to request ID 1 Aug 26 13:10:10.852141: | calling continuation function 0x55b012414b50 Aug 26 13:10:10.852145: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:10:10.852197: | **emit ISAKMP Message: Aug 26 13:10:10.852202: | initiator cookie: Aug 26 13:10:10.852209: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.852212: | responder cookie: Aug 26 13:10:10.852215: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.852219: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:10.852223: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.852226: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:10.852230: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:10.852234: | Message ID: 0 (0x0) Aug 26 13:10:10.852238: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:10.852242: | Emitting ikev2_proposal ... Aug 26 13:10:10.852245: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:10.852249: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.852252: | flags: none (0x0) Aug 26 13:10:10.852256: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:10.852261: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852265: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.852268: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.852271: | prop #: 1 (0x1) Aug 26 13:10:10.852275: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:10.852278: | spi size: 0 (0x0) Aug 26 13:10:10.852282: | # transforms: 3 (0x3) Aug 26 13:10:10.852286: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.852297: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.852302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.852306: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.852309: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.852313: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.852317: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.852321: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.852324: | length/value: 256 (0x100) Aug 26 13:10:10.852333: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.852336: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.852340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.852343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:10.852346: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:10.852351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.852355: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.852358: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.852362: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.852365: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.852368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:10.852372: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.852376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.852380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.852383: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.852386: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:10:10.852390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.852394: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:10:10.852400: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:10.852405: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:10.852408: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.852412: | flags: none (0x0) Aug 26 13:10:10.852415: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:10.852420: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:10.852423: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852428: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:10.852432: | ikev2 g^x 18 52 03 a4 95 63 3a 9b 73 b9 69 20 91 99 15 36 Aug 26 13:10:10.852435: | ikev2 g^x ee 6f 68 63 55 53 fa c1 c6 3e 10 e0 88 2a a0 f2 Aug 26 13:10:10.852438: | ikev2 g^x 47 cb 02 d9 70 32 8f 8e a1 4a 54 e1 60 09 76 e2 Aug 26 13:10:10.852441: | ikev2 g^x 2a 0b 11 41 9e d7 6b ae 00 63 8e a6 e9 d2 db a7 Aug 26 13:10:10.852445: | ikev2 g^x 0c f3 e7 c8 99 f3 11 49 5f 18 31 5a b0 01 99 63 Aug 26 13:10:10.852448: | ikev2 g^x b8 4d bf 7c 80 33 60 42 30 31 8e 20 64 35 0e 8c Aug 26 13:10:10.852451: | ikev2 g^x 33 3a 28 d5 d6 9b 27 f0 66 eb 4f 50 ef 4d c8 7f Aug 26 13:10:10.852454: | ikev2 g^x 67 98 4d 00 94 f3 eb 91 33 e2 d8 c6 08 f0 87 b9 Aug 26 13:10:10.852457: | ikev2 g^x 1d ec 7d 73 0f fa a1 30 5b 7a 2c ca 72 2d f2 5a Aug 26 13:10:10.852460: | ikev2 g^x 6d 1b e4 88 91 97 8e 31 c3 cc 03 e8 34 a0 d8 9e Aug 26 13:10:10.852463: | ikev2 g^x 13 c4 04 56 f9 e0 fe 59 bf 3d d0 9b 96 44 6b d9 Aug 26 13:10:10.852467: | ikev2 g^x 9a 61 73 65 36 14 03 95 2e 8b eb d8 7c 5d 80 40 Aug 26 13:10:10.852470: | ikev2 g^x 56 43 71 e8 11 48 1d a3 47 4e fc 07 51 6b 95 bc Aug 26 13:10:10.852473: | ikev2 g^x 4f 23 53 fc 66 6a de b6 51 14 2c 2b d8 3c ee 0a Aug 26 13:10:10.852476: | ikev2 g^x eb 3c 0a 4e cf cd 0d cb f4 e3 d6 32 64 52 e6 fc Aug 26 13:10:10.852479: | ikev2 g^x 97 60 32 71 ed 83 db e9 7c 4d cd f6 f9 a5 4c 60 Aug 26 13:10:10.852482: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:10.852486: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:10.852490: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:10.852493: | flags: none (0x0) Aug 26 13:10:10.852497: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:10.852501: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:10.852505: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852509: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:10.852513: | IKEv2 nonce b7 aa f4 04 b5 71 c5 89 9b 42 ac 2d be 02 a3 9c Aug 26 13:10:10.852516: | IKEv2 nonce 3a 36 c9 31 a5 d2 36 c3 2d 4c 01 e8 d0 8c bc a7 Aug 26 13:10:10.852519: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:10.852524: | Adding a v2N Payload Aug 26 13:10:10.852527: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.852531: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.852534: | flags: none (0x0) Aug 26 13:10:10.852537: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.852541: | SPI size: 0 (0x0) Aug 26 13:10:10.852544: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:10.852549: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.852553: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852556: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:10.852560: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:10.852578: | natd_hash: hasher=0x55b0124e9800(20) Aug 26 13:10:10.852583: | natd_hash: icookie= bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.852586: | natd_hash: rcookie= c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.852589: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:10.852592: | natd_hash: port=500 Aug 26 13:10:10.852596: | natd_hash: hash= 2a 91 0b 18 b6 a8 e7 e8 6b 90 74 44 f4 f1 d4 3d Aug 26 13:10:10.852599: | natd_hash: hash= 4d d6 95 04 Aug 26 13:10:10.852602: | Adding a v2N Payload Aug 26 13:10:10.852606: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.852609: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.852612: | flags: none (0x0) Aug 26 13:10:10.852616: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.852619: | SPI size: 0 (0x0) Aug 26 13:10:10.852623: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:10.852627: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.852630: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852635: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:10.852638: | Notify data 2a 91 0b 18 b6 a8 e7 e8 6b 90 74 44 f4 f1 d4 3d Aug 26 13:10:10.852641: | Notify data 4d d6 95 04 Aug 26 13:10:10.852645: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:10.852653: | natd_hash: hasher=0x55b0124e9800(20) Aug 26 13:10:10.852656: | natd_hash: icookie= bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.852660: | natd_hash: rcookie= c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.852663: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:10.852666: | natd_hash: port=500 Aug 26 13:10:10.852669: | natd_hash: hash= b8 5f 1d dd b4 8a 40 51 67 3c f8 9b 43 44 2b cb Aug 26 13:10:10.852672: | natd_hash: hash= 0c 92 d4 d1 Aug 26 13:10:10.852675: | Adding a v2N Payload Aug 26 13:10:10.852679: | ***emit IKEv2 Notify Payload: Aug 26 13:10:10.852682: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.852685: | flags: none (0x0) Aug 26 13:10:10.852689: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:10.852692: | SPI size: 0 (0x0) Aug 26 13:10:10.852695: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:10.852699: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:10.852703: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.852707: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:10.852710: | Notify data b8 5f 1d dd b4 8a 40 51 67 3c f8 9b 43 44 2b cb Aug 26 13:10:10.852713: | Notify data 0c 92 d4 d1 Aug 26 13:10:10.852717: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:10.852720: | emitting length of ISAKMP Message: 432 Aug 26 13:10:10.852730: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.852735: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:10:10.852738: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:10:10.852743: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:10:10.852747: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:10:10.852753: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:10:10.852759: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:10.852765: "north-east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:10:10.852772: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:10:10.852781: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:10:10.852785: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.852788: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:10:10.852791: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:10:10.852795: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:10:10.852798: | 04 00 00 0e 28 00 01 08 00 0e 00 00 18 52 03 a4 Aug 26 13:10:10.852801: | 95 63 3a 9b 73 b9 69 20 91 99 15 36 ee 6f 68 63 Aug 26 13:10:10.852804: | 55 53 fa c1 c6 3e 10 e0 88 2a a0 f2 47 cb 02 d9 Aug 26 13:10:10.852807: | 70 32 8f 8e a1 4a 54 e1 60 09 76 e2 2a 0b 11 41 Aug 26 13:10:10.852810: | 9e d7 6b ae 00 63 8e a6 e9 d2 db a7 0c f3 e7 c8 Aug 26 13:10:10.852813: | 99 f3 11 49 5f 18 31 5a b0 01 99 63 b8 4d bf 7c Aug 26 13:10:10.852816: | 80 33 60 42 30 31 8e 20 64 35 0e 8c 33 3a 28 d5 Aug 26 13:10:10.852819: | d6 9b 27 f0 66 eb 4f 50 ef 4d c8 7f 67 98 4d 00 Aug 26 13:10:10.852823: | 94 f3 eb 91 33 e2 d8 c6 08 f0 87 b9 1d ec 7d 73 Aug 26 13:10:10.852826: | 0f fa a1 30 5b 7a 2c ca 72 2d f2 5a 6d 1b e4 88 Aug 26 13:10:10.852829: | 91 97 8e 31 c3 cc 03 e8 34 a0 d8 9e 13 c4 04 56 Aug 26 13:10:10.852832: | f9 e0 fe 59 bf 3d d0 9b 96 44 6b d9 9a 61 73 65 Aug 26 13:10:10.852835: | 36 14 03 95 2e 8b eb d8 7c 5d 80 40 56 43 71 e8 Aug 26 13:10:10.852838: | 11 48 1d a3 47 4e fc 07 51 6b 95 bc 4f 23 53 fc Aug 26 13:10:10.852841: | 66 6a de b6 51 14 2c 2b d8 3c ee 0a eb 3c 0a 4e Aug 26 13:10:10.852844: | cf cd 0d cb f4 e3 d6 32 64 52 e6 fc 97 60 32 71 Aug 26 13:10:10.852847: | ed 83 db e9 7c 4d cd f6 f9 a5 4c 60 29 00 00 24 Aug 26 13:10:10.852850: | b7 aa f4 04 b5 71 c5 89 9b 42 ac 2d be 02 a3 9c Aug 26 13:10:10.852853: | 3a 36 c9 31 a5 d2 36 c3 2d 4c 01 e8 d0 8c bc a7 Aug 26 13:10:10.852857: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:10:10.852860: | 2a 91 0b 18 b6 a8 e7 e8 6b 90 74 44 f4 f1 d4 3d Aug 26 13:10:10.852863: | 4d d6 95 04 00 00 00 1c 00 00 40 05 b8 5f 1d dd Aug 26 13:10:10.852866: | b4 8a 40 51 67 3c f8 9b 43 44 2b cb 0c 92 d4 d1 Aug 26 13:10:10.852913: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:10.852923: | libevent_free: release ptr-libevent@0x55b013d9db78 Aug 26 13:10:10.852931: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b013d9c588 Aug 26 13:10:10.852938: | event_schedule: new EVENT_SO_DISCARD-pe@0x55b013d9c588 Aug 26 13:10:10.852946: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:10:10.852952: | libevent_malloc: new ptr-libevent@0x55b013d9d868 size 128 Aug 26 13:10:10.852962: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:10.852974: | #1 spent 0.806 milliseconds in resume sending helper answer Aug 26 13:10:10.852985: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:10:10.852991: | libevent_free: release ptr-libevent@0x7fbe9c002888 Aug 26 13:10:10.866211: | spent 0.00786 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:10.866270: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:10:10.866284: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.866309: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:10:10.866317: | 00 01 00 02 2f 9c 6e 55 60 46 18 0d ca b7 12 27 Aug 26 13:10:10.866326: | 9a b6 e9 48 8c d8 10 ff c3 05 31 c7 e3 b2 02 4e Aug 26 13:10:10.866334: | b5 71 e9 f0 e9 23 a9 c8 61 9d db fb 5e c4 5a 5d Aug 26 13:10:10.866341: | e7 ae c2 e2 a8 74 dd 94 16 f2 9f f5 05 4b 87 54 Aug 26 13:10:10.866349: | f8 2d 6c 9e b3 69 ba 69 e0 9f a1 aa 48 47 bf 5b Aug 26 13:10:10.866357: | 3c de 77 16 16 da 5b 19 00 f7 f0 90 71 07 a5 40 Aug 26 13:10:10.866364: | 48 5b c9 c5 f4 b1 cf 89 c0 22 25 44 db f6 ce 57 Aug 26 13:10:10.866380: | 36 9f 37 1c 92 53 37 5b 70 c1 10 cb 0f a6 1b 3c Aug 26 13:10:10.866388: | c4 52 1e a6 ff 3b 4b 28 2d 04 0c 15 77 73 e8 d4 Aug 26 13:10:10.866397: | 73 68 65 f8 b2 02 a3 3a a7 d7 78 cc 6e 1d 12 40 Aug 26 13:10:10.866404: | 94 5f 55 08 a0 34 1c ed ae a6 cc 83 76 98 43 08 Aug 26 13:10:10.866412: | 68 f2 f3 3e 14 a5 ba 6d 97 28 2a ad 96 1f 39 81 Aug 26 13:10:10.866420: | f1 70 72 98 04 b8 46 dd 65 22 79 67 45 ad 02 f0 Aug 26 13:10:10.866427: | 8f d0 a0 a8 af 03 25 14 73 75 c8 8b a4 b7 e2 0c Aug 26 13:10:10.866435: | 81 53 d1 59 a5 b5 61 70 b6 dc bd b8 5d 65 80 db Aug 26 13:10:10.866442: | 25 5f 02 ad 11 8b 94 65 c1 7b b6 fa 65 73 da d9 Aug 26 13:10:10.866449: | 1e 6d b6 0f 9a 95 73 d1 29 7d c9 df c0 09 e0 d4 Aug 26 13:10:10.866457: | b1 f4 63 19 ff 87 60 f9 3a 55 71 50 f8 02 8e b9 Aug 26 13:10:10.866464: | f7 c5 1a 5d fd 1b 50 56 ec 62 ba 2b 4b f1 9c b1 Aug 26 13:10:10.866472: | 57 ba b4 37 7e f0 d9 fa 14 8e b3 4a ef a2 ce af Aug 26 13:10:10.866476: | d3 30 87 31 78 98 ae 6b e0 4a 96 a0 2c e2 ba 5c Aug 26 13:10:10.866481: | b2 03 32 f4 c8 c1 8c ff 0c aa d0 59 93 25 79 4a Aug 26 13:10:10.866486: | f0 a1 8c a3 6f 64 85 a0 91 ae 93 82 04 15 1c bd Aug 26 13:10:10.866490: | 6d ba c0 5c a3 aa e5 8f 2a 62 17 9b 94 87 fc 97 Aug 26 13:10:10.866495: | d0 96 e3 50 4e ed 69 7c 1c cf 65 27 09 93 11 84 Aug 26 13:10:10.866499: | 5a 3c 49 d7 38 da c2 c5 d7 1e 4c 17 fa 5a 08 b8 Aug 26 13:10:10.866504: | 29 cd 96 1d 79 62 25 1c 00 18 6e ea f6 dc 80 9b Aug 26 13:10:10.866509: | cc ca f4 da b8 90 8f f4 8e 9b 40 9e 75 1a ae bd Aug 26 13:10:10.866513: | 2e 4d 1a c3 71 e3 bf c8 ee 71 38 10 af 5b 74 b1 Aug 26 13:10:10.866518: | 7f 49 1d 6e b4 d6 4a 17 4b 2c d2 12 4a 29 97 b1 Aug 26 13:10:10.866522: | ef 59 33 b2 7e 67 b3 8a f8 50 4c f6 c1 44 ed f4 Aug 26 13:10:10.866527: | fa 62 72 fa 57 98 ed 64 f4 fe 25 Aug 26 13:10:10.866537: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:10:10.866545: | **parse ISAKMP Message: Aug 26 13:10:10.866550: | initiator cookie: Aug 26 13:10:10.866555: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.866560: | responder cookie: Aug 26 13:10:10.866564: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.866570: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:10:10.866576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.866581: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:10.866586: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:10.866591: | Message ID: 1 (0x1) Aug 26 13:10:10.866597: | length: 539 (0x21b) Aug 26 13:10:10.866602: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:10.866609: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:10.866617: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:10.866630: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:10.866636: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:10.866645: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:10.866652: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:10.866660: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:10:10.866665: | unpacking clear payload Aug 26 13:10:10.866670: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:10:10.866676: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:10:10.866682: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:10:10.866687: | flags: none (0x0) Aug 26 13:10:10.866691: | length: 511 (0x1ff) Aug 26 13:10:10.866697: | fragment number: 1 (0x1) Aug 26 13:10:10.866701: | total fragments: 2 (0x2) Aug 26 13:10:10.866711: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:10:10.866720: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:10.866726: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:10:10.866733: | received IKE encrypted fragment number '1', total number '2', next payload '35' Aug 26 13:10:10.866738: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:10:10.866750: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:10.866760: | #1 spent 0.508 milliseconds in ikev2_process_packet() Aug 26 13:10:10.866768: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:10:10.866775: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:10.866781: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:10.866789: | spent 0.539 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:10.866809: | spent 0.00395 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:10.866829: | *received 102 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:10:10.866835: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.866840: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Aug 26 13:10:10.866845: | 00 02 00 02 1f 53 71 32 f7 6f 3f 17 cd 98 cb eb Aug 26 13:10:10.866849: | c2 fb 08 78 23 c0 6f 69 89 49 c6 7c e2 f9 46 79 Aug 26 13:10:10.866854: | 38 ab 91 d0 ca 8d 4c 97 36 c6 67 f1 2e c6 d7 1d Aug 26 13:10:10.866858: | 89 a2 68 29 61 23 9e b2 1c 44 00 d4 ef 05 a8 a3 Aug 26 13:10:10.866863: | cb bd 49 3a 54 a5 Aug 26 13:10:10.866870: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:10:10.866876: | **parse ISAKMP Message: Aug 26 13:10:10.866881: | initiator cookie: Aug 26 13:10:10.866886: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.866891: | responder cookie: Aug 26 13:10:10.866895: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.866900: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:10:10.866905: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.866911: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:10.866916: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:10.866921: | Message ID: 1 (0x1) Aug 26 13:10:10.866925: | length: 102 (0x66) Aug 26 13:10:10.866931: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:10.866937: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:10.866943: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:10.866953: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:10.866961: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:10.866967: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:10.866972: | #1 is idle Aug 26 13:10:10.866977: | #1 idle Aug 26 13:10:10.866986: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:10:10.866991: | unpacking clear payload Aug 26 13:10:10.866995: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:10:10.867001: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:10:10.867006: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.867011: | flags: none (0x0) Aug 26 13:10:10.867016: | length: 74 (0x4a) Aug 26 13:10:10.867020: | fragment number: 2 (0x2) Aug 26 13:10:10.867025: | total fragments: 2 (0x2) Aug 26 13:10:10.867030: | processing payload: ISAKMP_NEXT_v2SKF (len=66) Aug 26 13:10:10.867035: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:10:10.867045: | received IKE encrypted fragment number '2', total number '2', next payload '0' Aug 26 13:10:10.867051: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:10:10.867056: | Now let's proceed with state specific processing Aug 26 13:10:10.867061: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:10:10.867068: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:10:10.867083: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:10:10.867091: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:10:10.867097: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:10:10.867104: | libevent_free: release ptr-libevent@0x55b013d9d868 Aug 26 13:10:10.867110: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55b013d9c588 Aug 26 13:10:10.867116: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b013d9c588 Aug 26 13:10:10.867124: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:10.867130: | libevent_malloc: new ptr-libevent@0x7fbe9c002888 size 128 Aug 26 13:10:10.867153: | #1 spent 0.0811 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:10:10.867164: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.867171: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:10:10.867177: | suspending state #1 and saving MD Aug 26 13:10:10.867177: | crypto helper 1 resuming Aug 26 13:10:10.867183: | #1 is busy; has a suspended MD Aug 26 13:10:10.867225: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:10:10.867231: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:10.867249: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:10:10.867252: | "north-east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:10.867276: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:10.867285: | #1 spent 0.439 milliseconds in ikev2_process_packet() Aug 26 13:10:10.867313: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:10:10.867323: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:10.867333: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:10.867342: | spent 0.486 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:10.869906: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:10:10.871351: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.0041 seconds Aug 26 13:10:10.871389: | (#1) spent 4.05 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:10:10.871401: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:10:10.871412: | scheduling resume sending helper answer for #1 Aug 26 13:10:10.871423: | libevent_malloc: new ptr-libevent@0x7fbe94000f48 size 128 Aug 26 13:10:10.871447: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:10.871474: | processing resume sending helper answer for #1 Aug 26 13:10:10.871508: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:10:10.871525: | crypto helper 1 replies to request ID 2 Aug 26 13:10:10.871536: | calling continuation function 0x55b012414b50 Aug 26 13:10:10.871546: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:10:10.871559: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:10:10.871571: | already have all fragments, skipping fragment collection Aug 26 13:10:10.871587: | already have all fragments, skipping fragment collection Aug 26 13:10:10.871632: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:10:10.871642: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:10:10.871652: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:10:10.871661: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:10:10.871669: | flags: none (0x0) Aug 26 13:10:10.871678: | length: 13 (0xd) Aug 26 13:10:10.871686: | ID type: ID_FQDN (0x2) Aug 26 13:10:10.871695: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Aug 26 13:10:10.871703: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:10:10.871709: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:10:10.871715: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:10.871719: | flags: none (0x0) Aug 26 13:10:10.871724: | length: 12 (0xc) Aug 26 13:10:10.871729: | ID type: ID_FQDN (0x2) Aug 26 13:10:10.871734: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:10:10.871738: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:10:10.871744: | **parse IKEv2 Authentication Payload: Aug 26 13:10:10.871749: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:10.871753: | flags: none (0x0) Aug 26 13:10:10.871758: | length: 282 (0x11a) Aug 26 13:10:10.871763: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:10.871768: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:10:10.871773: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:10.871778: | **parse IKEv2 Security Association Payload: Aug 26 13:10:10.871783: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:10:10.871788: | flags: none (0x0) Aug 26 13:10:10.871792: | length: 164 (0xa4) Aug 26 13:10:10.871797: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:10:10.871802: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:10:10.871807: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:10.871812: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:10:10.871817: | flags: none (0x0) Aug 26 13:10:10.871821: | length: 24 (0x18) Aug 26 13:10:10.871826: | number of TS: 1 (0x1) Aug 26 13:10:10.871831: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:10:10.871836: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:10:10.871841: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:10.871846: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.871850: | flags: none (0x0) Aug 26 13:10:10.871855: | length: 24 (0x18) Aug 26 13:10:10.871860: | number of TS: 1 (0x1) Aug 26 13:10:10.871865: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:10:10.871870: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:10:10.871875: | Now let's proceed with state specific processing Aug 26 13:10:10.871880: | calling processor Responder: process IKE_AUTH request Aug 26 13:10:10.871891: "north-east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:10:10.871904: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:10:10.871910: | received IDr payload - extracting our alleged ID Aug 26 13:10:10.871917: | refine_host_connection for IKEv2: starting with "north-east" Aug 26 13:10:10.871925: | match_id a=@north Aug 26 13:10:10.871930: | b=@north Aug 26 13:10:10.871935: | results matched Aug 26 13:10:10.871943: | refine_host_connection: checking "north-east" against "north-east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:10:10.871947: | Warning: not switching back to template of current instance Aug 26 13:10:10.871953: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 13:10:10.871958: | This connection's local id is @east (ID_FQDN) Aug 26 13:10:10.871965: | refine_host_connection: checked north-east against north-east, now for see if best Aug 26 13:10:10.871976: | started looking for secret for @east->@north of kind PKK_RSA Aug 26 13:10:10.871982: | actually looking for secret for @east->@north of kind PKK_RSA Aug 26 13:10:10.871989: | line 1: key type PKK_RSA(@east) to type PKK_RSA Aug 26 13:10:10.871996: | 1: compared key (none) to @east / @north -> 002 Aug 26 13:10:10.872002: | 2: compared key (none) to @east / @north -> 002 Aug 26 13:10:10.872007: | line 1: match=002 Aug 26 13:10:10.872013: | match 002 beats previous best_match 000 match=0x55b013cf3b58 (line=1) Aug 26 13:10:10.872018: | concluding with best_match=002 best=0x55b013cf3b58 (lineno=1) Aug 26 13:10:10.872023: | returning because exact peer id match Aug 26 13:10:10.872028: | offered CA: '%none' Aug 26 13:10:10.872034: "north-east" #1: IKEv2 mode peer ID is ID_FQDN: '@north' Aug 26 13:10:10.872087: | verifying AUTH payload Aug 26 13:10:10.872116: | required RSA CA is '%any' Aug 26 13:10:10.872124: | checking RSA keyid '@east' for match with '@north' Aug 26 13:10:10.872130: | checking RSA keyid '@north' for match with '@north' Aug 26 13:10:10.872135: | key issuer CA is '%any' Aug 26 13:10:10.872260: | an RSA Sig check passed with *AQPl33O2P [preloaded key] Aug 26 13:10:10.872276: | #1 spent 0.13 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:10:10.872283: "north-east" #1: Authenticated using RSA Aug 26 13:10:10.872304: | #1 spent 0.195 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:10:10.872321: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:10:10.872331: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:10:10.872337: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:10.872344: | libevent_free: release ptr-libevent@0x7fbe9c002888 Aug 26 13:10:10.872350: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b013d9c588 Aug 26 13:10:10.872356: | event_schedule: new EVENT_SA_REKEY-pe@0x55b013d9c588 Aug 26 13:10:10.872363: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:10:10.872369: | libevent_malloc: new ptr-libevent@0x55b013d9cf28 size 128 Aug 26 13:10:10.872586: | pstats #1 ikev2.ike established Aug 26 13:10:10.872606: | **emit ISAKMP Message: Aug 26 13:10:10.872612: | initiator cookie: Aug 26 13:10:10.872617: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:10.872622: | responder cookie: Aug 26 13:10:10.872626: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.872632: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:10.872638: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:10.872643: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:10.872648: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:10.872653: | Message ID: 1 (0x1) Aug 26 13:10:10.872659: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:10.872666: | IKEv2 CERT: send a certificate? Aug 26 13:10:10.872670: | IKEv2 CERT: no certificate to send Aug 26 13:10:10.872675: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:10.872680: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.872685: | flags: none (0x0) Aug 26 13:10:10.872692: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:10.872698: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.872704: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:10.872720: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:10.872751: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:10:10.872758: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.872763: | flags: none (0x0) Aug 26 13:10:10.872768: | ID type: ID_FQDN (0x2) Aug 26 13:10:10.872774: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:10:10.872786: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.872793: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:10:10.872798: | my identity 65 61 73 74 Aug 26 13:10:10.872803: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:10:10.872819: | assembled IDr payload Aug 26 13:10:10.872824: | CHILD SA proposals received Aug 26 13:10:10.872829: | going to assemble AUTH payload Aug 26 13:10:10.872835: | ****emit IKEv2 Authentication Payload: Aug 26 13:10:10.872840: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:10.872845: | flags: none (0x0) Aug 26 13:10:10.872850: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:10.872856: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:10:10.872862: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:10:10.872868: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.872878: | started looking for secret for @east->@north of kind PKK_RSA Aug 26 13:10:10.872883: | actually looking for secret for @east->@north of kind PKK_RSA Aug 26 13:10:10.872889: | line 1: key type PKK_RSA(@east) to type PKK_RSA Aug 26 13:10:10.872896: | 1: compared key (none) to @east / @north -> 002 Aug 26 13:10:10.872901: | 2: compared key (none) to @east / @north -> 002 Aug 26 13:10:10.872906: | line 1: match=002 Aug 26 13:10:10.872912: | match 002 beats previous best_match 000 match=0x55b013cf3b58 (line=1) Aug 26 13:10:10.872917: | concluding with best_match=002 best=0x55b013cf3b58 (lineno=1) Aug 26 13:10:10.882220: | #1 spent 9.2 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:10:10.882247: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:10:10.882255: | rsa signature 13 b1 d4 99 12 f4 3e cb ac 17 3b bb 5a a1 50 dc Aug 26 13:10:10.882260: | rsa signature 5f 5e 9d 93 13 04 1f 28 7c 28 3f 86 b9 06 7e 5c Aug 26 13:10:10.882265: | rsa signature f7 a0 0e dc 0e 7b cf 83 f1 33 6d cf bb 43 12 99 Aug 26 13:10:10.882269: | rsa signature 44 e4 c5 2d 65 c1 eb 62 bd bd 4c 80 75 9b 3c 3a Aug 26 13:10:10.882274: | rsa signature 62 23 cf 92 b1 26 3c 5f 1c a8 20 3a 81 f1 51 84 Aug 26 13:10:10.882279: | rsa signature 9f 9d 7a 45 61 a9 23 38 45 50 cd 39 a1 54 0b 0a Aug 26 13:10:10.882283: | rsa signature 7d eb 56 69 05 6f 27 b9 f6 47 46 85 ac b2 36 00 Aug 26 13:10:10.882311: | rsa signature 3a 7e 5e d1 97 36 2b 8c f1 0a 3e 6d 48 1f c2 51 Aug 26 13:10:10.882317: | rsa signature 47 9c 9f 83 97 37 81 a5 c7 91 de 8f 3b 2d 00 b2 Aug 26 13:10:10.882322: | rsa signature 32 db 7e 44 60 e6 c3 2a 8f 03 9f eb 30 9f 7d e4 Aug 26 13:10:10.882330: | rsa signature 42 57 19 8b 83 ad e5 08 5f c2 a1 25 8d 0a 77 2f Aug 26 13:10:10.882334: | rsa signature 11 be 0a 5c b5 55 dd 74 36 e5 9a 7b dc 7a 75 00 Aug 26 13:10:10.882339: | rsa signature 5c d9 dd 58 22 94 e0 f3 d9 3f 58 8b e8 f3 2e 6e Aug 26 13:10:10.882344: | rsa signature fa ce 16 b1 71 35 ac dd 11 ec b0 8a d6 70 55 9a Aug 26 13:10:10.882348: | rsa signature 44 d3 8d c9 56 81 24 5b 95 ee 5f 47 36 67 c2 37 Aug 26 13:10:10.882353: | rsa signature 4d 48 f9 34 5c b5 76 7d 79 50 3e ad 89 cc 0a 56 Aug 26 13:10:10.882358: | rsa signature fc 6d 85 d9 7d c2 c7 ad cf af 9f 32 77 04 23 8a Aug 26 13:10:10.882362: | rsa signature e7 e0 Aug 26 13:10:10.882372: | #1 spent 9.41 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:10:10.882379: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:10:10.882390: | creating state object #2 at 0x55b013daa1a8 Aug 26 13:10:10.882397: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:10:10.882405: | pstats #2 ikev2.child started Aug 26 13:10:10.882417: | duplicating state object #1 "north-east" as #2 for IPSEC SA Aug 26 13:10:10.882429: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:10.882442: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:10.882452: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:10:10.882461: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:10.882467: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:10:10.882472: | TSi: parsing 1 traffic selectors Aug 26 13:10:10.882479: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:10.882485: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:10.882490: | IP Protocol ID: 0 (0x0) Aug 26 13:10:10.882495: | length: 16 (0x10) Aug 26 13:10:10.882500: | start port: 0 (0x0) Aug 26 13:10:10.882505: | end port: 65535 (0xffff) Aug 26 13:10:10.882511: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:10.882516: | TS low c0 00 03 fe Aug 26 13:10:10.882521: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:10.882526: | TS high c0 00 03 fe Aug 26 13:10:10.882531: | TSi: parsed 1 traffic selectors Aug 26 13:10:10.882536: | TSr: parsing 1 traffic selectors Aug 26 13:10:10.882541: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:10.882546: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:10.882550: | IP Protocol ID: 0 (0x0) Aug 26 13:10:10.882555: | length: 16 (0x10) Aug 26 13:10:10.882559: | start port: 0 (0x0) Aug 26 13:10:10.882564: | end port: 65535 (0xffff) Aug 26 13:10:10.882569: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:10.882574: | TS low c0 00 02 00 Aug 26 13:10:10.882579: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:10.882583: | TS high c0 00 02 ff Aug 26 13:10:10.882588: | TSr: parsed 1 traffic selectors Aug 26 13:10:10.882592: | looking for best SPD in current connection Aug 26 13:10:10.882604: | evaluating our conn="north-east" I=192.0.3.254/32:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:10:10.882614: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:10.882626: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Aug 26 13:10:10.882633: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:10.882638: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:10.882645: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:10.882651: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:10.882659: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:10.882669: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:10:10.882675: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:10.882680: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:10.882686: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:10.882691: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:10.882696: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:10.882702: | found better spd route for TSi[0],TSr[0] Aug 26 13:10:10.882706: | looking for better host pair Aug 26 13:10:10.882716: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:10:10.882724: | checking hostpair 192.0.2.0/24 -> 192.0.3.254/32 is found Aug 26 13:10:10.882729: | investigating connection "north-east" as a better match Aug 26 13:10:10.882736: | match_id a=@north Aug 26 13:10:10.882744: | b=@north Aug 26 13:10:10.882750: | results matched Aug 26 13:10:10.882759: | evaluating our conn="north-east" I=192.0.3.254/32:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:10:10.882767: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:10.882777: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Aug 26 13:10:10.882783: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:10.882788: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:10.882793: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:10.882799: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:10.882807: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:10.882817: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:10:10.882822: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:10.882827: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:10.882832: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:10.882838: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:10.882843: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:10.882848: | did not find a better connection using host pair Aug 26 13:10:10.882853: | printing contents struct traffic_selector Aug 26 13:10:10.882858: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:10.882862: | ipprotoid: 0 Aug 26 13:10:10.882867: | port range: 0-65535 Aug 26 13:10:10.882874: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:10:10.882879: | printing contents struct traffic_selector Aug 26 13:10:10.882883: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:10.882888: | ipprotoid: 0 Aug 26 13:10:10.882892: | port range: 0-65535 Aug 26 13:10:10.882899: | ip range: 192.0.3.254-192.0.3.254 Aug 26 13:10:10.882907: | constructing ESP/AH proposals with all DH removed for north-east (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:10:10.882916: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:10:10.882928: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:10.882934: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:10:10.882942: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:10:10.882948: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:10.882956: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:10.882962: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:10:10.882970: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:10.882985: "north-east": constructed local ESP/AH proposals for north-east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:10:10.882992: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:10:10.883000: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:10.883005: | local proposal 1 type PRF has 0 transforms Aug 26 13:10:10.883010: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:10.883015: | local proposal 1 type DH has 1 transforms Aug 26 13:10:10.883020: | local proposal 1 type ESN has 1 transforms Aug 26 13:10:10.883026: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:10.883032: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:10.883037: | local proposal 2 type PRF has 0 transforms Aug 26 13:10:10.883044: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:10.883050: | local proposal 2 type DH has 1 transforms Aug 26 13:10:10.883054: | local proposal 2 type ESN has 1 transforms Aug 26 13:10:10.883060: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:10:10.883065: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:10.883070: | local proposal 3 type PRF has 0 transforms Aug 26 13:10:10.883075: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:10.883080: | local proposal 3 type DH has 1 transforms Aug 26 13:10:10.883085: | local proposal 3 type ESN has 1 transforms Aug 26 13:10:10.883091: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:10.883096: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:10.883101: | local proposal 4 type PRF has 0 transforms Aug 26 13:10:10.883106: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:10.883111: | local proposal 4 type DH has 1 transforms Aug 26 13:10:10.883116: | local proposal 4 type ESN has 1 transforms Aug 26 13:10:10.883121: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:10.883128: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.883133: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.883138: | length: 32 (0x20) Aug 26 13:10:10.883143: | prop #: 1 (0x1) Aug 26 13:10:10.883148: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:10.883153: | spi size: 4 (0x4) Aug 26 13:10:10.883158: | # transforms: 2 (0x2) Aug 26 13:10:10.883164: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:10.883169: | remote SPI 4e ea 0a 18 Aug 26 13:10:10.883175: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:10:10.883181: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883191: | length: 12 (0xc) Aug 26 13:10:10.883196: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.883201: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.883206: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.883212: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.883217: | length/value: 256 (0x100) Aug 26 13:10:10.883225: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:10.883231: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883236: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.883240: | length: 8 (0x8) Aug 26 13:10:10.883245: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:10.883250: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:10.883257: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:10:10.883263: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:10:10.883269: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:10:10.883276: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:10:10.883282: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:10:10.883302: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:10:10.883309: | remote proposal 1 matches local proposal 1 Aug 26 13:10:10.883315: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.883320: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.883324: | length: 32 (0x20) Aug 26 13:10:10.883329: | prop #: 2 (0x2) Aug 26 13:10:10.883334: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:10.883342: | spi size: 4 (0x4) Aug 26 13:10:10.883347: | # transforms: 2 (0x2) Aug 26 13:10:10.883356: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:10.883361: | remote SPI 4e ea 0a 18 Aug 26 13:10:10.883367: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.883372: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883382: | length: 12 (0xc) Aug 26 13:10:10.883387: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.883392: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.883397: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.883402: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.883406: | length/value: 128 (0x80) Aug 26 13:10:10.883412: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883417: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.883422: | length: 8 (0x8) Aug 26 13:10:10.883426: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:10.883431: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:10.883438: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:10:10.883444: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:10:10.883449: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.883454: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:10.883458: | length: 48 (0x30) Aug 26 13:10:10.883463: | prop #: 3 (0x3) Aug 26 13:10:10.883468: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:10.883472: | spi size: 4 (0x4) Aug 26 13:10:10.883477: | # transforms: 4 (0x4) Aug 26 13:10:10.883483: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:10.883487: | remote SPI 4e ea 0a 18 Aug 26 13:10:10.883493: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.883498: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883507: | length: 12 (0xc) Aug 26 13:10:10.883512: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.883517: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.883522: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.883526: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.883531: | length/value: 256 (0x100) Aug 26 13:10:10.883537: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883546: | length: 8 (0x8) Aug 26 13:10:10.883551: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.883556: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.883561: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883571: | length: 8 (0x8) Aug 26 13:10:10.883575: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.883580: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.883585: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883590: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.883595: | length: 8 (0x8) Aug 26 13:10:10.883600: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:10.883604: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:10.883611: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:10:10.883617: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:10:10.883622: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.883627: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.883631: | length: 48 (0x30) Aug 26 13:10:10.883636: | prop #: 4 (0x4) Aug 26 13:10:10.883641: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:10.883648: | spi size: 4 (0x4) Aug 26 13:10:10.883653: | # transforms: 4 (0x4) Aug 26 13:10:10.883658: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:10.883663: | remote SPI 4e ea 0a 18 Aug 26 13:10:10.883668: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:10:10.883673: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883683: | length: 12 (0xc) Aug 26 13:10:10.883687: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.883692: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:10.883697: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.883702: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.883706: | length/value: 128 (0x80) Aug 26 13:10:10.883712: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883717: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883721: | length: 8 (0x8) Aug 26 13:10:10.883726: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.883731: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:10.883736: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883745: | length: 8 (0x8) Aug 26 13:10:10.883750: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:10.883755: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:10.883760: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883765: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.883769: | length: 8 (0x8) Aug 26 13:10:10.883774: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:10.883779: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:10.883786: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:10:10.883791: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:10:10.883802: "north-east" #1: proposal 1:ESP:SPI=4eea0a18;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:10:10.883811: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=4eea0a18;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:10:10.883816: | converting proposal to internal trans attrs Aug 26 13:10:10.883859: | netlink_get_spi: allocated 0x335f5170 for esp.0@192.1.2.23 Aug 26 13:10:10.883865: | Emitting ikev2_proposal ... Aug 26 13:10:10.883871: | ****emit IKEv2 Security Association Payload: Aug 26 13:10:10.883876: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.883881: | flags: none (0x0) Aug 26 13:10:10.883888: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:10.883894: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.883900: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:10.883906: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:10.883910: | prop #: 1 (0x1) Aug 26 13:10:10.883915: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:10.883920: | spi size: 4 (0x4) Aug 26 13:10:10.883924: | # transforms: 2 (0x2) Aug 26 13:10:10.883930: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:10.883937: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:10.883941: | our spi 33 5f 51 70 Aug 26 13:10:10.883947: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.883955: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.883960: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:10.883965: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:10.883971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.883977: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:10.883982: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:10.883987: | length/value: 256 (0x100) Aug 26 13:10:10.883993: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:10.883998: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:10.884003: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:10.884007: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:10.884012: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:10.884018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:10.884024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:10.884029: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:10.884035: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:10:10.884040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:10.884045: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:10:10.884051: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:10.884057: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:10.884062: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.884066: | flags: none (0x0) Aug 26 13:10:10.884071: | number of TS: 1 (0x1) Aug 26 13:10:10.884078: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:10:10.884083: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.884089: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:10.884094: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:10.884098: | IP Protocol ID: 0 (0x0) Aug 26 13:10:10.884103: | start port: 0 (0x0) Aug 26 13:10:10.884108: | end port: 65535 (0xffff) Aug 26 13:10:10.884114: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:10.884119: | ipv4 start c0 00 03 fe Aug 26 13:10:10.884124: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:10.884128: | ipv4 end c0 00 03 fe Aug 26 13:10:10.884133: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:10.884138: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:10:10.884143: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:10.884148: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:10.884153: | flags: none (0x0) Aug 26 13:10:10.884158: | number of TS: 1 (0x1) Aug 26 13:10:10.884164: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:10:10.884169: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:10.884174: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:10.884179: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:10.884184: | IP Protocol ID: 0 (0x0) Aug 26 13:10:10.884188: | start port: 0 (0x0) Aug 26 13:10:10.884193: | end port: 65535 (0xffff) Aug 26 13:10:10.884198: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:10.884205: | ipv4 start c0 00 02 00 Aug 26 13:10:10.884211: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:10.884215: | ipv4 end c0 00 02 ff Aug 26 13:10:10.884220: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:10.884225: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:10:10.884231: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:10.884237: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:10:10.884569: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:10:10.884592: | #1 spent 2.21 milliseconds Aug 26 13:10:10.884598: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:10:10.884604: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 13:10:10.884609: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:10.884615: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:10.884621: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:10.884629: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 13:10:10.884636: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:10.884643: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:10.884649: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:10.884654: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:10.884662: | setting IPsec SA replay-window to 32 Aug 26 13:10:10.884668: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 13:10:10.884674: | netlink: enabling tunnel mode Aug 26 13:10:10.884680: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:10.884686: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:10.884812: | netlink response for Add SA esp.4eea0a18@192.1.3.33 included non-error error Aug 26 13:10:10.884822: | set up outgoing SA, ref=0/0 Aug 26 13:10:10.884828: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:10:10.884834: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:10:10.884839: | AES_GCM_16 requires 4 salt bytes Aug 26 13:10:10.884844: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:10:10.884851: | setting IPsec SA replay-window to 32 Aug 26 13:10:10.884856: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 13:10:10.884861: | netlink: enabling tunnel mode Aug 26 13:10:10.884867: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:10.884871: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:10.884951: | netlink response for Add SA esp.335f5170@192.1.2.23 included non-error error Aug 26 13:10:10.884962: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:10.884975: | add inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:10:10.884981: | IPsec Sa SPD priority set to 1042399 Aug 26 13:10:10.885028: | raw_eroute result=success Aug 26 13:10:10.885036: | set up incoming SA, ref=0/0 Aug 26 13:10:10.885041: | sr for #2: prospective erouted Aug 26 13:10:10.885047: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:10.885052: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:10.885058: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:10.885063: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:10.885070: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 13:10:10.885077: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Aug 26 13:10:10.885083: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:10.885097: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:10:10.885109: | IPsec Sa SPD priority set to 1042399 Aug 26 13:10:10.885138: | raw_eroute result=success Aug 26 13:10:10.885145: | running updown command "ipsec _updown" for verb up Aug 26 13:10:10.885151: | command executing up-client Aug 26 13:10:10.885201: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4eea0a Aug 26 13:10:10.885208: | popen cmd is 1036 chars long Aug 26 13:10:10.885214: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Aug 26 13:10:10.885219: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@: Aug 26 13:10:10.885224: | cmd( 160):east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CL: Aug 26 13:10:10.885230: | cmd( 240):IENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID: Aug 26 13:10:10.885235: | cmd( 320):='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUT: Aug 26 13:10:10.885240: | cmd( 400):O_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CL: Aug 26 13:10:10.885245: | cmd( 480):IENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Aug 26 13:10:10.885250: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Aug 26 13:10:10.885255: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Aug 26 13:10:10.885260: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Aug 26 13:10:10.885265: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Aug 26 13:10:10.885270: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Aug 26 13:10:10.885275: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x4eea0a18 SPI_OUT=0x335f5170 ipsec _updown 2>&1: Aug 26 13:10:10.906521: | route_and_eroute: firewall_notified: true Aug 26 13:10:10.906561: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55b013d9a898,sr=0x55b013d9a898} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:10:10.906739: | #1 spent 1.58 milliseconds in install_ipsec_sa() Aug 26 13:10:10.906768: | ISAKMP_v2_IKE_AUTH: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:10:10.906781: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:10.906794: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:10.906810: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:10.906820: | emitting length of IKEv2 Encryption Payload: 407 Aug 26 13:10:10.906830: | emitting length of ISAKMP Message: 435 Aug 26 13:10:10.906924: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:10:10.906949: | #1 spent 14.4 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:10:10.906976: | suspend processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.907011: | start processing: state #2 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:10.907022: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:10:10.907029: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:10:10.907036: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:10:10.907045: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:10:10.907057: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:10:10.907066: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:10:10.907072: | pstats #2 ikev2.child established Aug 26 13:10:10.907089: "north-east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.254-192.0.3.254:0-65535 0] Aug 26 13:10:10.907097: | NAT-T: encaps is 'auto' Aug 26 13:10:10.907106: "north-east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x4eea0a18 <0x335f5170 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:10:10.907116: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:10:10.907129: | sending 435 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:10:10.907141: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:10.907146: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 13:10:10.907150: | 1c 72 85 49 96 a2 ed 11 a4 b6 2e ae 30 ce 3b 8b Aug 26 13:10:10.907155: | d7 00 61 40 4a 0f 04 65 6b 39 62 bb 95 25 fc 4d Aug 26 13:10:10.907160: | 61 96 24 4d ab 0b e6 9c 98 fe d3 e7 f2 94 a1 f0 Aug 26 13:10:10.907164: | c6 78 2d 46 e4 a7 74 51 45 e7 5e 29 a1 e1 54 7e Aug 26 13:10:10.907169: | 07 1a 8c 60 1c 58 ea b7 c9 81 c5 86 d0 cd ea 53 Aug 26 13:10:10.907173: | 8a 0c e0 6b fe ca 7a 9d 93 55 8f d9 98 23 7c c2 Aug 26 13:10:10.907178: | 50 c9 94 6a ea 0e 52 96 16 73 f6 e1 aa 9c 8f 9d Aug 26 13:10:10.907182: | 6e 01 f4 ac 9e c4 95 e8 f9 97 61 4a 1f d4 9f b5 Aug 26 13:10:10.907187: | 03 c2 67 0b 3b d0 51 93 98 37 da 9f a7 48 80 16 Aug 26 13:10:10.907192: | f4 76 03 0d e9 e2 d6 2a 1a d7 c3 bf 48 27 27 72 Aug 26 13:10:10.907196: | 80 ad 98 65 96 a9 dd a2 51 50 46 57 b4 fa 64 f5 Aug 26 13:10:10.907201: | 3e 5f fc 68 79 d8 66 07 6a 39 75 c3 f8 c2 a9 73 Aug 26 13:10:10.907205: | 60 d2 7d d7 45 6c 41 62 48 1b a7 51 f5 9d 2a 22 Aug 26 13:10:10.907210: | a7 a4 06 07 8d 63 4c b9 cf 16 d2 57 26 73 9b 23 Aug 26 13:10:10.907214: | 26 14 70 c7 65 c0 04 d9 a3 07 d6 91 b1 53 ae 20 Aug 26 13:10:10.907219: | 7e 9a ee 59 13 96 a6 3d b1 14 31 89 c0 9f 31 02 Aug 26 13:10:10.907223: | a1 5e 62 a8 32 df 04 77 d3 04 d6 56 c5 6d ee 61 Aug 26 13:10:10.907228: | 8d 0c 75 29 35 fe 36 ba 44 51 bc f6 e5 22 3b 70 Aug 26 13:10:10.907233: | c8 e8 3c 94 83 23 58 c5 ff 00 12 5e 92 a1 93 1f Aug 26 13:10:10.907237: | 65 88 28 fd eb 97 c5 2b 2e 90 41 ee c8 d8 25 5a Aug 26 13:10:10.907242: | b3 b7 45 b3 1b 83 ec 09 f8 2f b1 36 97 8a 5e be Aug 26 13:10:10.907246: | cd c6 cf 7e 3d 1d 2e 8b b3 30 32 46 ce 0d 48 93 Aug 26 13:10:10.907251: | d9 c5 a1 e9 1c 85 3f 6f 74 66 8d fb d6 bb 48 3b Aug 26 13:10:10.907255: | b5 4d 18 d2 5d 36 4d bb c4 d3 f9 37 f8 45 4f 58 Aug 26 13:10:10.907260: | 01 3b 09 88 ec 86 d5 54 99 c2 91 19 00 3b 56 65 Aug 26 13:10:10.907264: | 63 5f 87 Aug 26 13:10:10.907369: | releasing whack for #2 (sock=fd@-1) Aug 26 13:10:10.907398: | releasing whack and unpending for parent #1 Aug 26 13:10:10.907410: | unpending state #1 connection "north-east" Aug 26 13:10:10.907422: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:10:10.907441: | event_schedule: new EVENT_SA_REKEY-pe@0x7fbe9c002b78 Aug 26 13:10:10.907455: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:10:10.907472: | libevent_malloc: new ptr-libevent@0x55b013d9d868 size 128 Aug 26 13:10:10.907509: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:10.907531: | #1 spent 15.3 milliseconds in resume sending helper answer Aug 26 13:10:10.907548: | stop processing: state #2 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:10:10.907562: | libevent_free: release ptr-libevent@0x7fbe94000f48 Aug 26 13:10:10.907601: | processing signal PLUTO_SIGCHLD Aug 26 13:10:10.907617: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:10.907631: | spent 0.0152 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:15.346971: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:15.347165: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:15.347171: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:15.347228: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:10:15.347232: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:15.347242: | get_sa_info esp.335f5170@192.1.2.23 Aug 26 13:10:15.347254: | get_sa_info esp.4eea0a18@192.1.3.33 Aug 26 13:10:15.347272: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:15.347278: | spent 0.314 milliseconds in whack Aug 26 13:10:16.893799: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:16.893817: shutting down Aug 26 13:10:16.893825: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:10:16.893830: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:16.893832: forgetting secrets Aug 26 13:10:16.893840: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:16.893843: | unreference key: 0x55b013d9c818 @east cnt 1-- Aug 26 13:10:16.893846: | unreference key: 0x55b013cf3c48 @north cnt 2-- Aug 26 13:10:16.893849: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Aug 26 13:10:16.893851: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:10:16.893853: | pass 0 Aug 26 13:10:16.893854: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:16.893856: | state #2 Aug 26 13:10:16.893859: | suspend processing: connection "north-east" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:16.893863: | start processing: state #2 connection "north-east" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:16.893865: | pstats #2 ikev2.child deleted completed Aug 26 13:10:16.893868: | [RE]START processing: state #2 connection "north-east" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:16.893872: "north-east" #2: deleting state (STATE_V2_IPSEC_R) aged 6.011s and sending notification Aug 26 13:10:16.893874: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:10:16.893877: | get_sa_info esp.4eea0a18@192.1.3.33 Aug 26 13:10:16.893889: | get_sa_info esp.335f5170@192.1.2.23 Aug 26 13:10:16.893895: "north-east" #2: ESP traffic information: in=336B out=336B Aug 26 13:10:16.893897: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:10:16.893900: | Opening output PBS informational exchange delete request Aug 26 13:10:16.893902: | **emit ISAKMP Message: Aug 26 13:10:16.893904: | initiator cookie: Aug 26 13:10:16.893906: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:16.893907: | responder cookie: Aug 26 13:10:16.893909: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:16.893911: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:16.893913: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:16.893917: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:16.893919: | flags: none (0x0) Aug 26 13:10:16.893921: | Message ID: 0 (0x0) Aug 26 13:10:16.893923: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:16.893925: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:16.893927: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:16.893929: | flags: none (0x0) Aug 26 13:10:16.893931: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:16.893933: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:16.893935: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:16.893947: | ****emit IKEv2 Delete Payload: Aug 26 13:10:16.893949: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:16.893950: | flags: none (0x0) Aug 26 13:10:16.893952: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:16.893954: | SPI size: 4 (0x4) Aug 26 13:10:16.893955: | number of SPIs: 1 (0x1) Aug 26 13:10:16.893957: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:16.893959: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:16.893962: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:10:16.893963: | local spis 33 5f 51 70 Aug 26 13:10:16.893965: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:16.893967: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:16.893969: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:16.893971: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:16.893973: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:10:16.893975: | emitting length of ISAKMP Message: 69 Aug 26 13:10:16.893994: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:10:16.893996: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:16.893997: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:10:16.893999: | f5 e0 1d 4a 05 2f 36 32 47 57 8d 78 eb b5 64 e5 Aug 26 13:10:16.894000: | be 31 7d 5f fc cc dd ee 75 7d f8 b8 09 8d 9f c8 Aug 26 13:10:16.894002: | 82 f4 ca 77 c4 Aug 26 13:10:16.894271: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:10:16.894274: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:10:16.894278: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:16.894280: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:16.894284: | libevent_free: release ptr-libevent@0x55b013d9d868 Aug 26 13:10:16.894286: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fbe9c002b78 Aug 26 13:10:16.894605: | running updown command "ipsec _updown" for verb down Aug 26 13:10:16.894614: | command executing down-client Aug 26 13:10:16.894640: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825010' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:10:16.894645: | popen cmd is 1047 chars long Aug 26 13:10:16.894648: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Aug 26 13:10:16.894651: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Aug 26 13:10:16.894654: | cmd( 160):'@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_: Aug 26 13:10:16.894656: | cmd( 240):CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQ: Aug 26 13:10:16.894659: | cmd( 320):ID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PL: Aug 26 13:10:16.894662: | cmd( 400):UTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_: Aug 26 13:10:16.894665: | cmd( 480):CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Aug 26 13:10:16.894668: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825010' PLUTO_CONN_POLICY='RS: Aug 26 13:10:16.894671: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Aug 26 13:10:16.894673: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Aug 26 13:10:16.894677: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Aug 26 13:10:16.894679: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Aug 26 13:10:16.894682: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4eea0a18 SPI_OUT=0x335f5170 ipsec _updo: Aug 26 13:10:16.894685: | cmd(1040):wn 2>&1: Aug 26 13:10:16.902357: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:16.902375: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:16.902380: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:16.902385: | IPsec Sa SPD priority set to 1042399 Aug 26 13:10:16.902432: | delete esp.4eea0a18@192.1.3.33 Aug 26 13:10:16.902455: | netlink response for Del SA esp.4eea0a18@192.1.3.33 included non-error error Aug 26 13:10:16.902460: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:16.902467: | delete inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:10:16.902491: | raw_eroute result=success Aug 26 13:10:16.902497: | delete esp.335f5170@192.1.2.23 Aug 26 13:10:16.902508: | netlink response for Del SA esp.335f5170@192.1.2.23 included non-error error Aug 26 13:10:16.902522: | stop processing: connection "north-east" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:10:16.902527: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:10:16.902530: | in connection_discard for connection north-east Aug 26 13:10:16.902533: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:10:16.902540: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:10:16.902548: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:16.902562: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:16.902566: | state #1 Aug 26 13:10:16.902568: | pass 1 Aug 26 13:10:16.902571: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:16.902574: | state #1 Aug 26 13:10:16.902579: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:16.902586: | pstats #1 ikev2.ike deleted completed Aug 26 13:10:16.902594: | #1 spent 24.3 milliseconds in total Aug 26 13:10:16.902599: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:16.902604: "north-east" #1: deleting state (STATE_PARENT_R2) aged 6.053s and sending notification Aug 26 13:10:16.902607: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:10:16.902659: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:10:16.902665: | Opening output PBS informational exchange delete request Aug 26 13:10:16.902669: | **emit ISAKMP Message: Aug 26 13:10:16.902672: | initiator cookie: Aug 26 13:10:16.902675: | bf c4 e0 9e f3 c2 f5 83 Aug 26 13:10:16.902678: | responder cookie: Aug 26 13:10:16.902680: | c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:16.902683: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:16.902687: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:16.902690: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:16.902694: | flags: none (0x0) Aug 26 13:10:16.902697: | Message ID: 1 (0x1) Aug 26 13:10:16.902700: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:16.902704: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:16.902707: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:16.902710: | flags: none (0x0) Aug 26 13:10:16.902713: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:16.902716: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:16.902720: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:16.902742: | ****emit IKEv2 Delete Payload: Aug 26 13:10:16.902746: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:16.902748: | flags: none (0x0) Aug 26 13:10:16.902751: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:10:16.902754: | SPI size: 0 (0x0) Aug 26 13:10:16.902756: | number of SPIs: 0 (0x0) Aug 26 13:10:16.902760: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:16.902763: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:16.902766: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:10:16.902769: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:10:16.902773: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:16.902776: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:16.902778: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:10:16.902781: | emitting length of ISAKMP Message: 65 Aug 26 13:10:16.902813: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:10:16.902817: | bf c4 e0 9e f3 c2 f5 83 c0 4e d2 c1 d5 88 03 5a Aug 26 13:10:16.902820: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:10:16.902822: | ba 6b ee cd 6f c4 3b 82 08 0a 83 89 63 50 6c 12 Aug 26 13:10:16.902825: | 25 45 80 22 8e 3e fb 6c 24 79 6b 18 2f cd 92 16 Aug 26 13:10:16.902827: | df Aug 26 13:10:16.902853: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:10:16.902857: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:10:16.902863: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Aug 26 13:10:16.902868: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Aug 26 13:10:16.902874: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:16.902884: | libevent_free: release ptr-libevent@0x55b013d9cf28 Aug 26 13:10:16.902887: | free_event_entry: release EVENT_SA_REKEY-pe@0x55b013d9c588 Aug 26 13:10:16.902894: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:16.902897: | in connection_discard for connection north-east Aug 26 13:10:16.902900: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:10:16.902904: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:10:16.902909: | unreference key: 0x55b013cf3c48 @north cnt 1-- Aug 26 13:10:16.902941: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:16.902972: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:16.902978: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:10:16.902982: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:16.902985: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:16.903005: | priority calculation of connection "north-east" is 0xfe7df Aug 26 13:10:16.903016: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:16.903020: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 13:10:16.903024: | conn north-east mark 0/00000000, 0/00000000 Aug 26 13:10:16.903027: | route owner of "north-east" unrouted: NULL Aug 26 13:10:16.903030: | running updown command "ipsec _updown" for verb unroute Aug 26 13:10:16.903033: | command executing unroute-client Aug 26 13:10:16.903060: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 13:10:16.903064: | popen cmd is 1028 chars long Aug 26 13:10:16.903067: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 13:10:16.903070: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_: Aug 26 13:10:16.903073: | cmd( 160):ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_: Aug 26 13:10:16.903075: | cmd( 240):MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_: Aug 26 13:10:16.903078: | cmd( 320):REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north: Aug 26 13:10:16.903081: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_P: Aug 26 13:10:16.903084: | cmd( 480):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:10:16.903087: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 13:10:16.903089: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 13:10:16.903091: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:10:16.903094: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:10:16.903098: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:10:16.903101: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:16.911991: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912007: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912010: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912013: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912014: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912016: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912060: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912063: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912065: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912067: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912079: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912090: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912423: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912432: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912434: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912437: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912450: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912464: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912477: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912487: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912501: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912550: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912557: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912559: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912562: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912569: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912587: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912600: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912614: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912627: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912640: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912655: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912670: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912682: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912692: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.912701: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:16.918275: | free hp@0x55b013d9c4a8 Aug 26 13:10:16.918296: | flush revival: connection 'north-east' wasn't on the list Aug 26 13:10:16.918302: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:10:16.918317: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:10:16.918319: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:10:16.918329: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:10:16.918331: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:10:16.918333: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:10:16.918335: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:10:16.918342: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:10:16.918344: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:10:16.918347: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:10:16.918357: | libevent_free: release ptr-libevent@0x55b013d8dfa8 Aug 26 13:10:16.918360: | free_event_entry: release EVENT_NULL-pe@0x55b013d99a98 Aug 26 13:10:16.918370: | libevent_free: release ptr-libevent@0x55b013d243f8 Aug 26 13:10:16.918372: | free_event_entry: release EVENT_NULL-pe@0x55b013d99b48 Aug 26 13:10:16.918376: | libevent_free: release ptr-libevent@0x55b013d24688 Aug 26 13:10:16.918378: | free_event_entry: release EVENT_NULL-pe@0x55b013d99bf8 Aug 26 13:10:16.918384: | libevent_free: release ptr-libevent@0x55b013d19b78 Aug 26 13:10:16.918385: | free_event_entry: release EVENT_NULL-pe@0x55b013d99ca8 Aug 26 13:10:16.918390: | libevent_free: release ptr-libevent@0x55b013cf84e8 Aug 26 13:10:16.918392: | free_event_entry: release EVENT_NULL-pe@0x55b013d99d58 Aug 26 13:10:16.918396: | libevent_free: release ptr-libevent@0x55b013cf81d8 Aug 26 13:10:16.918398: | free_event_entry: release EVENT_NULL-pe@0x55b013d99e08 Aug 26 13:10:16.918402: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:16.918801: | libevent_free: release ptr-libevent@0x55b013d8e058 Aug 26 13:10:16.918811: | free_event_entry: release EVENT_NULL-pe@0x55b013d81e48 Aug 26 13:10:16.918817: | libevent_free: release ptr-libevent@0x55b013d23978 Aug 26 13:10:16.918820: | free_event_entry: release EVENT_NULL-pe@0x55b013d81dd8 Aug 26 13:10:16.918825: | libevent_free: release ptr-libevent@0x55b013d65668 Aug 26 13:10:16.918828: | free_event_entry: release EVENT_NULL-pe@0x55b013d81298 Aug 26 13:10:16.918833: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:10:16.918836: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:10:16.918839: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:10:16.918842: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:10:16.918845: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:10:16.918847: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:10:16.918850: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:10:16.918853: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:10:16.918856: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:10:16.918862: | libevent_free: release ptr-libevent@0x55b013d218e8 Aug 26 13:10:16.918865: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:10:16.918869: | libevent_free: release ptr-libevent@0x55b013d2c958 Aug 26 13:10:16.918871: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:10:16.918875: | libevent_free: release ptr-libevent@0x55b013d24758 Aug 26 13:10:16.918877: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:10:16.918881: | libevent_free: release ptr-libevent@0x55b013d99698 Aug 26 13:10:16.918883: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:10:16.918886: | releasing event base Aug 26 13:10:16.918900: | libevent_free: release ptr-libevent@0x55b013d99568 Aug 26 13:10:16.918903: | libevent_free: release ptr-libevent@0x55b013d7c688 Aug 26 13:10:16.918907: | libevent_free: release ptr-libevent@0x55b013d7c638 Aug 26 13:10:16.918910: | libevent_free: release ptr-libevent@0x55b013d7c5c8 Aug 26 13:10:16.918913: | libevent_free: release ptr-libevent@0x55b013d7c588 Aug 26 13:10:16.918917: | libevent_free: release ptr-libevent@0x55b013d99328 Aug 26 13:10:16.918919: | libevent_free: release ptr-libevent@0x55b013d99468 Aug 26 13:10:16.918922: | libevent_free: release ptr-libevent@0x55b013d7c838 Aug 26 13:10:16.918925: | libevent_free: release ptr-libevent@0x55b013d813a8 Aug 26 13:10:16.918928: | libevent_free: release ptr-libevent@0x55b013d81d98 Aug 26 13:10:16.918930: | libevent_free: release ptr-libevent@0x55b013d99e78 Aug 26 13:10:16.918933: | libevent_free: release ptr-libevent@0x55b013d99dc8 Aug 26 13:10:16.918936: | libevent_free: release ptr-libevent@0x55b013d99d18 Aug 26 13:10:16.918938: | libevent_free: release ptr-libevent@0x55b013d99c68 Aug 26 13:10:16.918943: | libevent_free: release ptr-libevent@0x55b013d99bb8 Aug 26 13:10:16.918946: | libevent_free: release ptr-libevent@0x55b013d99b08 Aug 26 13:10:16.918949: | libevent_free: release ptr-libevent@0x55b013d23ba8 Aug 26 13:10:16.918952: | libevent_free: release ptr-libevent@0x55b013d994e8 Aug 26 13:10:16.918954: | libevent_free: release ptr-libevent@0x55b013d994a8 Aug 26 13:10:16.918957: | libevent_free: release ptr-libevent@0x55b013d99368 Aug 26 13:10:16.918960: | libevent_free: release ptr-libevent@0x55b013d99528 Aug 26 13:10:16.918963: | libevent_free: release ptr-libevent@0x55b013d20a18 Aug 26 13:10:16.918966: | libevent_free: release ptr-libevent@0x55b013cf7908 Aug 26 13:10:16.918969: | libevent_free: release ptr-libevent@0x55b013cf7d38 Aug 26 13:10:16.918971: | libevent_free: release ptr-libevent@0x55b013d20d88 Aug 26 13:10:16.918974: | releasing global libevent data Aug 26 13:10:16.918977: | libevent_free: release ptr-libevent@0x55b013cfc748 Aug 26 13:10:16.918980: | libevent_free: release ptr-libevent@0x55b013cf7cd8 Aug 26 13:10:16.918983: | libevent_free: release ptr-libevent@0x55b013cf7dd8 Aug 26 13:10:16.919030: leak detective found no leaks