Aug 26 13:21:00.751090: FIPS Product: YES Aug 26 13:21:00.751132: FIPS Kernel: NO Aug 26 13:21:00.751136: FIPS Mode: NO Aug 26 13:21:00.751139: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:21:00.751321: Initializing NSS Aug 26 13:21:00.751331: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:21:00.781025: NSS initialized Aug 26 13:21:00.781046: NSS crypto library initialized Aug 26 13:21:00.781050: FIPS HMAC integrity support [enabled] Aug 26 13:21:00.781053: FIPS mode disabled for pluto daemon Aug 26 13:21:00.813819: FIPS HMAC integrity verification self-test FAILED Aug 26 13:21:00.813934: libcap-ng support [enabled] Aug 26 13:21:00.813945: Linux audit support [enabled] Aug 26 13:21:00.813979: Linux audit activated Aug 26 13:21:00.813986: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21793 Aug 26 13:21:00.813989: core dump dir: /tmp Aug 26 13:21:00.813992: secrets file: /etc/ipsec.secrets Aug 26 13:21:00.813994: leak-detective enabled Aug 26 13:21:00.813995: NSS crypto [enabled] Aug 26 13:21:00.813998: XAUTH PAM support [enabled] Aug 26 13:21:00.814085: | libevent is using pluto's memory allocator Aug 26 13:21:00.814093: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:21:00.814110: | libevent_malloc: new ptr-libevent@0x55a876a83138 size 40 Aug 26 13:21:00.814118: | libevent_malloc: new ptr-libevent@0x55a876a7dcd8 size 40 Aug 26 13:21:00.814121: | libevent_malloc: new ptr-libevent@0x55a876a7ddd8 size 40 Aug 26 13:21:00.814124: | creating event base Aug 26 13:21:00.814127: | libevent_malloc: new ptr-libevent@0x55a876b01c08 size 56 Aug 26 13:21:00.814132: | libevent_malloc: new ptr-libevent@0x55a876aae048 size 664 Aug 26 13:21:00.814143: | libevent_malloc: new ptr-libevent@0x55a876b01c78 size 24 Aug 26 13:21:00.814147: | libevent_malloc: new ptr-libevent@0x55a876b01cc8 size 384 Aug 26 13:21:00.814158: | libevent_malloc: new ptr-libevent@0x55a876b01bc8 size 16 Aug 26 13:21:00.814162: | libevent_malloc: new ptr-libevent@0x55a876a7d908 size 40 Aug 26 13:21:00.814165: | libevent_malloc: new ptr-libevent@0x55a876a7dd38 size 48 Aug 26 13:21:00.814170: | libevent_realloc: new ptr-libevent@0x55a876aaeb48 size 256 Aug 26 13:21:00.814176: | libevent_malloc: new ptr-libevent@0x55a876b01e78 size 16 Aug 26 13:21:00.814182: | libevent_free: release ptr-libevent@0x55a876b01c08 Aug 26 13:21:00.814186: | libevent initialized Aug 26 13:21:00.814190: | libevent_realloc: new ptr-libevent@0x55a876b01c08 size 64 Aug 26 13:21:00.814195: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:21:00.814212: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:21:00.814215: NAT-Traversal support [enabled] Aug 26 13:21:00.814219: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:21:00.814225: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:21:00.814229: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:21:00.814265: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:21:00.814270: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:21:00.814274: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:21:00.814332: Encryption algorithms: Aug 26 13:21:00.814345: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:21:00.814350: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:21:00.814355: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:21:00.814358: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:21:00.814362: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:21:00.814369: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:21:00.814374: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:21:00.814378: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:21:00.814382: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:21:00.814387: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:21:00.814391: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:21:00.814395: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:21:00.814399: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:21:00.814403: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:21:00.814407: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:21:00.814410: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:21:00.814414: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:21:00.814422: Hash algorithms: Aug 26 13:21:00.814425: MD5 IKEv1: IKE IKEv2: Aug 26 13:21:00.814428: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:21:00.814432: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:21:00.814435: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:21:00.814438: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:21:00.814452: PRF algorithms: Aug 26 13:21:00.814455: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:21:00.814459: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:21:00.814463: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:21:00.814466: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:21:00.814470: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:21:00.814473: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:21:00.814500: Integrity algorithms: Aug 26 13:21:00.814504: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:21:00.814508: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:21:00.814513: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:21:00.814517: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:21:00.814522: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:21:00.814525: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:21:00.814529: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:21:00.814532: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:21:00.814536: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:21:00.814549: DH algorithms: Aug 26 13:21:00.814552: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:21:00.814555: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:21:00.814559: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:21:00.814566: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:21:00.814570: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:21:00.814573: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:21:00.814577: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:21:00.814580: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:21:00.814584: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:21:00.814587: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:21:00.814590: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:21:00.814593: testing CAMELLIA_CBC: Aug 26 13:21:00.814596: Camellia: 16 bytes with 128-bit key Aug 26 13:21:00.814718: Camellia: 16 bytes with 128-bit key Aug 26 13:21:00.814759: Camellia: 16 bytes with 256-bit key Aug 26 13:21:00.814783: Camellia: 16 bytes with 256-bit key Aug 26 13:21:00.814823: testing AES_GCM_16: Aug 26 13:21:00.814826: empty string Aug 26 13:21:00.814846: one block Aug 26 13:21:00.814862: two blocks Aug 26 13:21:00.814879: two blocks with associated data Aug 26 13:21:00.814895: testing AES_CTR: Aug 26 13:21:00.814898: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:21:00.814915: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:21:00.814932: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:21:00.814951: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:21:00.814968: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:21:00.814985: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:21:00.815002: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:21:00.815018: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:21:00.815035: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:21:00.815053: testing AES_CBC: Aug 26 13:21:00.815055: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:21:00.815071: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:21:00.815089: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:21:00.815106: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:21:00.815127: testing AES_XCBC: Aug 26 13:21:00.815129: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:21:00.815204: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:21:00.815285: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:21:00.815373: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:21:00.815454: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:21:00.815560: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:21:00.815649: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:21:00.815831: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:21:00.815921: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:21:00.816033: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:21:00.816176: testing HMAC_MD5: Aug 26 13:21:00.816179: RFC 2104: MD5_HMAC test 1 Aug 26 13:21:00.816284: RFC 2104: MD5_HMAC test 2 Aug 26 13:21:00.816408: RFC 2104: MD5_HMAC test 3 Aug 26 13:21:00.816531: 8 CPU cores online Aug 26 13:21:00.816535: starting up 7 crypto helpers Aug 26 13:21:00.816575: started thread for crypto helper 0 Aug 26 13:21:00.816581: | starting up helper thread 0 Aug 26 13:21:00.816595: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:21:00.816598: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:00.816605: started thread for crypto helper 1 Aug 26 13:21:00.816610: | starting up helper thread 1 Aug 26 13:21:00.816628: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:21:00.816632: started thread for crypto helper 2 Aug 26 13:21:00.816635: | starting up helper thread 2 Aug 26 13:21:00.816632: | crypto helper 1 waiting (nothing to do) Aug 26 13:21:00.816642: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:21:00.816646: | crypto helper 2 waiting (nothing to do) Aug 26 13:21:00.816655: started thread for crypto helper 3 Aug 26 13:21:00.816658: | starting up helper thread 3 Aug 26 13:21:00.816682: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:21:00.816685: | crypto helper 3 waiting (nothing to do) Aug 26 13:21:00.816692: started thread for crypto helper 4 Aug 26 13:21:00.816695: | starting up helper thread 4 Aug 26 13:21:00.816706: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:21:00.816709: | crypto helper 4 waiting (nothing to do) Aug 26 13:21:00.816715: started thread for crypto helper 5 Aug 26 13:21:00.816747: | starting up helper thread 6 Aug 26 13:21:00.816740: | starting up helper thread 5 Aug 26 13:21:00.816744: started thread for crypto helper 6 Aug 26 13:21:00.816753: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:21:00.816768: | checking IKEv1 state table Aug 26 13:21:00.816770: | crypto helper 6 waiting (nothing to do) Aug 26 13:21:00.816792: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:00.816796: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:21:00.816812: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:00.816761: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:21:00.816815: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:21:00.816821: | crypto helper 5 waiting (nothing to do) Aug 26 13:21:00.816829: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:21:00.816840: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:21:00.816843: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:00.816845: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:00.816848: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:21:00.816851: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:21:00.816853: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:00.816856: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:00.816859: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:21:00.816862: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:00.816864: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:00.816867: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:00.816870: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:21:00.816873: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:00.816875: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:00.816878: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:00.816881: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:21:00.816884: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816887: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:21:00.816890: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816893: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:00.816895: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:21:00.816898: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:00.816901: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:00.816903: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:00.816906: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:21:00.816909: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:00.816911: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:00.816914: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:21:00.816917: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816920: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:21:00.816923: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816926: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:21:00.816928: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:21:00.816935: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:21:00.816937: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:21:00.816940: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:21:00.816944: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:21:00.816947: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:21:00.816950: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816953: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:21:00.816956: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816959: | INFO: category: informational flags: 0: Aug 26 13:21:00.816961: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816964: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:21:00.816967: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816970: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:21:00.816972: | -> XAUTH_R1 EVENT_NULL Aug 26 13:21:00.816975: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:21:00.816978: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:00.816981: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:21:00.816984: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:21:00.816987: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:21:00.816990: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:21:00.816992: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:21:00.816995: | -> UNDEFINED EVENT_NULL Aug 26 13:21:00.816999: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:21:00.817002: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:00.817005: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:21:00.817007: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:21:00.817010: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:21:00.817013: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:21:00.817020: | checking IKEv2 state table Aug 26 13:21:00.817026: | PARENT_I0: category: ignore flags: 0: Aug 26 13:21:00.817029: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:21:00.817033: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:00.817036: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:21:00.817039: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:21:00.817042: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:21:00.817045: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:21:00.817048: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:21:00.817052: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:21:00.817055: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:21:00.817058: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:21:00.817061: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:21:00.817064: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:21:00.817066: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:21:00.817069: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:21:00.817072: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:21:00.817075: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:00.817078: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:21:00.817081: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:21:00.817084: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:21:00.817087: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:21:00.817090: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:21:00.817093: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:21:00.817098: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:21:00.817101: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:21:00.817104: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:21:00.817108: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:21:00.817110: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:21:00.817114: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:21:00.817117: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:21:00.817120: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:21:00.817124: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:00.817127: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:21:00.817129: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:21:00.817132: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:21:00.817134: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:21:00.817136: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:21:00.817138: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:21:00.817140: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:21:00.817142: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:21:00.817144: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:00.817146: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:21:00.817147: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:21:00.817149: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:21:00.817151: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:21:00.817153: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:21:00.817155: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:21:00.817165: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:21:00.817213: | Hard-wiring algorithms Aug 26 13:21:00.817216: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:21:00.817220: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:21:00.817221: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:21:00.817223: | adding 3DES_CBC to kernel algorithm db Aug 26 13:21:00.817225: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:21:00.817227: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:21:00.817228: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:21:00.817230: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:21:00.817232: | adding AES_CTR to kernel algorithm db Aug 26 13:21:00.817233: | adding AES_CBC to kernel algorithm db Aug 26 13:21:00.817235: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:21:00.817237: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:21:00.817239: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:21:00.817240: | adding NULL to kernel algorithm db Aug 26 13:21:00.817242: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:21:00.817244: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:21:00.817246: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:21:00.817248: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:21:00.817249: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:21:00.817251: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:21:00.817253: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:21:00.817254: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:21:00.817256: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:21:00.817257: | adding NONE to kernel algorithm db Aug 26 13:21:00.817274: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:21:00.817280: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:21:00.817281: | setup kernel fd callback Aug 26 13:21:00.817284: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55a876b068d8 Aug 26 13:21:00.817301: | libevent_malloc: new ptr-libevent@0x55a876aeacd8 size 128 Aug 26 13:21:00.817307: | libevent_malloc: new ptr-libevent@0x55a876b069e8 size 16 Aug 26 13:21:00.817311: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55a876b07418 Aug 26 13:21:00.817313: | libevent_malloc: new ptr-libevent@0x55a876ab1238 size 128 Aug 26 13:21:00.817315: | libevent_malloc: new ptr-libevent@0x55a876b073d8 size 16 Aug 26 13:21:00.817470: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:21:00.817477: selinux support is enabled. Aug 26 13:21:00.817919: | unbound context created - setting debug level to 5 Aug 26 13:21:00.817941: | /etc/hosts lookups activated Aug 26 13:21:00.817951: | /etc/resolv.conf usage activated Aug 26 13:21:00.817987: | outgoing-port-avoid set 0-65535 Aug 26 13:21:00.818004: | outgoing-port-permit set 32768-60999 Aug 26 13:21:00.818006: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:21:00.818008: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:21:00.818010: | Setting up events, loop start Aug 26 13:21:00.818013: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55a876b07488 Aug 26 13:21:00.818015: | libevent_malloc: new ptr-libevent@0x55a876b13718 size 128 Aug 26 13:21:00.818017: | libevent_malloc: new ptr-libevent@0x55a876b1e9e8 size 16 Aug 26 13:21:00.818022: | libevent_realloc: new ptr-libevent@0x55a876aadcd8 size 256 Aug 26 13:21:00.818024: | libevent_malloc: new ptr-libevent@0x55a876b1ea28 size 8 Aug 26 13:21:00.818026: | libevent_realloc: new ptr-libevent@0x55a876aae588 size 144 Aug 26 13:21:00.818028: | libevent_malloc: new ptr-libevent@0x55a876aae9e8 size 152 Aug 26 13:21:00.818031: | libevent_malloc: new ptr-libevent@0x55a876b1ea68 size 16 Aug 26 13:21:00.818033: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:21:00.818035: | libevent_malloc: new ptr-libevent@0x55a876b1eaa8 size 8 Aug 26 13:21:00.818037: | libevent_malloc: new ptr-libevent@0x55a876b1eae8 size 152 Aug 26 13:21:00.818039: | signal event handler PLUTO_SIGTERM installed Aug 26 13:21:00.818041: | libevent_malloc: new ptr-libevent@0x55a876b1ebb8 size 8 Aug 26 13:21:00.818042: | libevent_malloc: new ptr-libevent@0x55a876b1ebf8 size 152 Aug 26 13:21:00.818044: | signal event handler PLUTO_SIGHUP installed Aug 26 13:21:00.818046: | libevent_malloc: new ptr-libevent@0x55a876b1ecc8 size 8 Aug 26 13:21:00.818048: | libevent_realloc: release ptr-libevent@0x55a876aae588 Aug 26 13:21:00.818050: | libevent_realloc: new ptr-libevent@0x55a876b1ed08 size 256 Aug 26 13:21:00.818051: | libevent_malloc: new ptr-libevent@0x55a876b1ee38 size 152 Aug 26 13:21:00.818053: | signal event handler PLUTO_SIGSYS installed Aug 26 13:21:00.818353: | created addconn helper (pid:21902) using fork+execve Aug 26 13:21:00.818370: | forked child 21902 Aug 26 13:21:00.818415: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:00.818429: listening for IKE messages Aug 26 13:21:00.818460: | Inspecting interface lo Aug 26 13:21:00.818466: | found lo with address 127.0.0.1 Aug 26 13:21:00.818469: | Inspecting interface eth0 Aug 26 13:21:00.818472: | found eth0 with address 192.0.1.254 Aug 26 13:21:00.818474: | Inspecting interface eth1 Aug 26 13:21:00.818477: | found eth1 with address 192.1.2.45 Aug 26 13:21:00.818530: Kernel supports NIC esp-hw-offload Aug 26 13:21:00.818538: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:21:00.818554: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:00.818558: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:00.818560: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:21:00.818581: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:21:00.818596: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:00.818599: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:00.818601: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:21:00.818619: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:21:00.818634: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:00.818636: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:00.818639: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:21:00.818676: | no interfaces to sort Aug 26 13:21:00.818679: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:21:00.818685: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f308 Aug 26 13:21:00.818687: | libevent_malloc: new ptr-libevent@0x55a876b13668 size 128 Aug 26 13:21:00.818689: | libevent_malloc: new ptr-libevent@0x55a876b1f378 size 16 Aug 26 13:21:00.818693: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:00.818695: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f3b8 Aug 26 13:21:00.818698: | libevent_malloc: new ptr-libevent@0x55a876aaf498 size 128 Aug 26 13:21:00.818699: | libevent_malloc: new ptr-libevent@0x55a876b1f428 size 16 Aug 26 13:21:00.818702: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:00.818704: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f468 Aug 26 13:21:00.818706: | libevent_malloc: new ptr-libevent@0x55a876ab1338 size 128 Aug 26 13:21:00.818708: | libevent_malloc: new ptr-libevent@0x55a876b1f4d8 size 16 Aug 26 13:21:00.818710: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:21:00.818712: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f518 Aug 26 13:21:00.818714: | libevent_malloc: new ptr-libevent@0x55a876aae488 size 128 Aug 26 13:21:00.818716: | libevent_malloc: new ptr-libevent@0x55a876b1f588 size 16 Aug 26 13:21:00.818719: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:21:00.818721: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f5c8 Aug 26 13:21:00.818723: | libevent_malloc: new ptr-libevent@0x55a876a7e4e8 size 128 Aug 26 13:21:00.818725: | libevent_malloc: new ptr-libevent@0x55a876b1f638 size 16 Aug 26 13:21:00.818728: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:21:00.818729: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f678 Aug 26 13:21:00.818732: | libevent_malloc: new ptr-libevent@0x55a876a7e1d8 size 128 Aug 26 13:21:00.818733: | libevent_malloc: new ptr-libevent@0x55a876b1f6e8 size 16 Aug 26 13:21:00.818736: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:21:00.818739: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:00.818741: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:00.818754: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:00.818769: | saving Modulus Aug 26 13:21:00.818772: | saving PublicExponent Aug 26 13:21:00.818774: | ignoring PrivateExponent Aug 26 13:21:00.818776: | ignoring Prime1 Aug 26 13:21:00.818778: | ignoring Prime2 Aug 26 13:21:00.818780: | ignoring Exponent1 Aug 26 13:21:00.818782: | ignoring Exponent2 Aug 26 13:21:00.818784: | ignoring Coefficient Aug 26 13:21:00.818786: | ignoring CKAIDNSS Aug 26 13:21:00.818808: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:21:00.818810: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:21:00.818813: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 13:21:00.818819: | certs and keys locked by 'process_secret' Aug 26 13:21:00.818822: | certs and keys unlocked by 'process_secret' Aug 26 13:21:00.818829: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:00.818834: | spent 0.429 milliseconds in whack Aug 26 13:21:00.837378: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:00.837412: listening for IKE messages Aug 26 13:21:00.837447: | Inspecting interface lo Aug 26 13:21:00.837454: | found lo with address 127.0.0.1 Aug 26 13:21:00.837456: | Inspecting interface eth0 Aug 26 13:21:00.837459: | found eth0 with address 192.0.1.254 Aug 26 13:21:00.837461: | Inspecting interface eth1 Aug 26 13:21:00.837463: | found eth1 with address 192.1.2.45 Aug 26 13:21:00.837510: | no interfaces to sort Aug 26 13:21:00.837517: | libevent_free: release ptr-libevent@0x55a876b13668 Aug 26 13:21:00.837520: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f308 Aug 26 13:21:00.837523: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f308 Aug 26 13:21:00.837525: | libevent_malloc: new ptr-libevent@0x55a876b13668 size 128 Aug 26 13:21:00.837531: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:00.837533: | libevent_free: release ptr-libevent@0x55a876aaf498 Aug 26 13:21:00.837535: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f3b8 Aug 26 13:21:00.837537: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f3b8 Aug 26 13:21:00.837539: | libevent_malloc: new ptr-libevent@0x55a876aaf498 size 128 Aug 26 13:21:00.837542: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:00.837545: | libevent_free: release ptr-libevent@0x55a876ab1338 Aug 26 13:21:00.837547: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f468 Aug 26 13:21:00.837548: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f468 Aug 26 13:21:00.837550: | libevent_malloc: new ptr-libevent@0x55a876ab1338 size 128 Aug 26 13:21:00.837553: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:21:00.837556: | libevent_free: release ptr-libevent@0x55a876aae488 Aug 26 13:21:00.837558: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f518 Aug 26 13:21:00.837559: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f518 Aug 26 13:21:00.837561: | libevent_malloc: new ptr-libevent@0x55a876aae488 size 128 Aug 26 13:21:00.837564: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:21:00.837567: | libevent_free: release ptr-libevent@0x55a876a7e4e8 Aug 26 13:21:00.837569: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f5c8 Aug 26 13:21:00.837570: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f5c8 Aug 26 13:21:00.837572: | libevent_malloc: new ptr-libevent@0x55a876a7e4e8 size 128 Aug 26 13:21:00.837575: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:21:00.837578: | libevent_free: release ptr-libevent@0x55a876a7e1d8 Aug 26 13:21:00.837580: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f678 Aug 26 13:21:00.837581: | add_fd_read_event_handler: new ethX-pe@0x55a876b1f678 Aug 26 13:21:00.837583: | libevent_malloc: new ptr-libevent@0x55a876a7e1d8 size 128 Aug 26 13:21:00.837586: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:21:00.837589: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:00.837590: forgetting secrets Aug 26 13:21:00.837611: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:00.837627: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:00.837640: | saving Modulus Aug 26 13:21:00.837643: | saving PublicExponent Aug 26 13:21:00.837645: | ignoring PrivateExponent Aug 26 13:21:00.837647: | ignoring Prime1 Aug 26 13:21:00.837649: | ignoring Prime2 Aug 26 13:21:00.837651: | ignoring Exponent1 Aug 26 13:21:00.837653: | ignoring Exponent2 Aug 26 13:21:00.837655: | ignoring Coefficient Aug 26 13:21:00.837657: | ignoring CKAIDNSS Aug 26 13:21:00.837677: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:21:00.837679: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:21:00.837682: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 13:21:00.837687: | certs and keys locked by 'process_secret' Aug 26 13:21:00.837690: | certs and keys unlocked by 'process_secret' Aug 26 13:21:00.837699: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:00.837706: | spent 0.348 milliseconds in whack Aug 26 13:21:00.838099: | processing signal PLUTO_SIGCHLD Aug 26 13:21:00.838115: | waitpid returned pid 21902 (exited with status 0) Aug 26 13:21:00.838121: | reaped addconn helper child (status 0) Aug 26 13:21:00.838125: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:00.838129: | spent 0.022 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:01.031265: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.031301: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.031310: | Added new connection testmanual1 with policy ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.031368: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.031373: | from whack: got --esp= Aug 26 13:21:01.031412: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.031418: | counting wild cards for (none) is 15 Aug 26 13:21:01.031421: | counting wild cards for (none) is 15 Aug 26 13:21:01.031428: added connection description "testmanual1" Aug 26 13:21:01.031439: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.031447: | 1.2.3.4[+S?C]...2.3.4.5[+S?C] Aug 26 13:21:01.031454: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.031462: | spent 0.198 milliseconds in whack Aug 26 13:21:01.088694: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.088716: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.088738: | Added new connection testmanual2 with policy ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.088791: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.088794: | from whack: got --esp= Aug 26 13:21:01.088816: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.088819: | counting wild cards for (none) is 15 Aug 26 13:21:01.088821: | counting wild cards for (none) is 15 Aug 26 13:21:01.088825: added connection description "testmanual2" Aug 26 13:21:01.088832: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.088852: | 1.2.3.5[+S?C]...2.3.4.6[+S?C] Aug 26 13:21:01.088858: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.088863: | spent 0.189 milliseconds in whack Aug 26 13:21:01.146015: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.146038: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.146044: | Added new connection testmanual3 with policy PSK+ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.146084: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.146091: | from whack: got --esp= Aug 26 13:21:01.146114: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.146117: | counting wild cards for (none) is 15 Aug 26 13:21:01.146119: | counting wild cards for (none) is 15 Aug 26 13:21:01.146123: added connection description "testmanual3" Aug 26 13:21:01.146132: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+IKEV2_ALLOW Aug 26 13:21:01.146139: | 1.2.3.6[+S?C]...2.3.4.7[+S?C] Aug 26 13:21:01.146148: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.146157: | spent 0.147 milliseconds in whack Aug 26 13:21:01.270373: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.270392: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.270397: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.270400: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.270403: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.270407: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.270414: | Added new connection test-default with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.270417: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:21:01.270455: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.270458: | from whack: got --esp= Aug 26 13:21:01.270481: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.270486: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.270489: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.270493: added connection description "test-default" Aug 26 13:21:01.270501: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.270506: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.270511: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.270517: | spent 0.154 milliseconds in whack Aug 26 13:21:01.350594: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.350614: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.350617: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.350619: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.350621: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.350624: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.350630: | Added new connection test-v1-secret with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.350635: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.350638: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.350642: added connection description "test-v1-secret" Aug 26 13:21:01.350649: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.350654: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.350660: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.350666: | spent 0.0832 milliseconds in whack Aug 26 13:21:01.424575: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.424604: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.424609: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.424612: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.424614: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.424621: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.424628: | Added new connection test-v1-rsasig with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.424635: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.424639: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.424645: added connection description "test-v1-rsasig" Aug 26 13:21:01.424655: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.424663: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.424671: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.424679: | spent 0.111 milliseconds in whack Aug 26 13:21:01.499730: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.499749: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.499752: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.499754: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.499756: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.499759: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.499764: | Added new connection test-passthrough with policy none+PASS+NEVER_NEGOTIATE Aug 26 13:21:01.499766: | No AUTH policy was set for type=passthrough - defaulting to AUTH_NEVER Aug 26 13:21:01.499770: | counting wild cards for 3.3.3.3 is 0 Aug 26 13:21:01.499773: | counting wild cards for 5.5.5.5 is 0 Aug 26 13:21:01.499777: added connection description "test-passthrough" Aug 26 13:21:01.499784: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE Aug 26 13:21:01.499789: | 3.3.3.3<3.3.3.3>...5.5.5.5<5.5.5.5> Aug 26 13:21:01.499795: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.499800: | spent 0.0783 milliseconds in whack Aug 26 13:21:01.577215: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.577239: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.577244: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.577246: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.577247: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.577250: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.577256: | Added new connection test1 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.577312: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.577317: | from whack: got --esp= Aug 26 13:21:01.577353: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.577358: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.577361: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.577365: added connection description "test1" Aug 26 13:21:01.577372: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.577396: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.577402: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.577408: | spent 0.19 milliseconds in whack Aug 26 13:21:01.652535: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.652553: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.652557: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.652559: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.652561: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.652564: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.652569: | Added new connection test2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.652608: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.652611: | from whack: got --esp= Aug 26 13:21:01.652635: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.652640: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.652642: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.652646: added connection description "test2" Aug 26 13:21:01.652654: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.652659: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.652667: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.652673: | spent 0.145 milliseconds in whack Aug 26 13:21:01.728022: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.728045: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.728051: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.728054: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.728057: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.728062: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.728069: | Added new connection test3 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.728128: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.728132: | from whack: got --esp= Aug 26 13:21:01.728174: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.728181: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.728185: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.728191: added connection description "test3" Aug 26 13:21:01.728202: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.728210: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.728217: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.728226: | spent 0.212 milliseconds in whack Aug 26 13:21:01.804671: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.804691: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.804696: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.804699: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.804701: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.804706: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.804712: | Added new connection test5 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.804769: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.804773: | from whack: got --esp= Aug 26 13:21:01.804809: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.804815: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.804820: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.804825: added connection description "test5" Aug 26 13:21:01.804834: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.804842: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.804848: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.804855: | spent 0.191 milliseconds in whack Aug 26 13:21:01.882724: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.882987: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.882995: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.882997: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.882999: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.883005: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.883011: | Added new connection test6 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.883050: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.883052: | from whack: got --esp= Aug 26 13:21:01.883075: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.883080: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.883083: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.883086: added connection description "test6" Aug 26 13:21:01.883096: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.883104: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.883116: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.883125: | spent 0.409 milliseconds in whack Aug 26 13:21:01.963054: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:01.963076: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.963088: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.963092: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.963095: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:01.963102: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:01.963110: | Added new connection test7 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.963165: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:01.963170: | from whack: got --esp= Aug 26 13:21:01.963208: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:01.963216: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:01.963222: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:01.963227: added connection description "test7" Aug 26 13:21:01.963240: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:01.963249: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:01.963258: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:01.963266: | spent 0.219 milliseconds in whack Aug 26 13:21:02.040169: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.040192: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.040198: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.040201: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.040204: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.040212: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.040220: | Added new connection test8 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:02.040284: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:02.040296: | from whack: got --esp= Aug 26 13:21:02.040346: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:02.040354: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:02.040358: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:02.040362: added connection description "test8" Aug 26 13:21:02.040370: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:02.040390: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:02.040395: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.040401: | spent 0.239 milliseconds in whack Aug 26 13:21:02.125022: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.125040: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.125044: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.125046: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.125048: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.125055: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.125062: | Added new connection test9 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:02.125101: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:21:02.125103: | from whack: got --esp= Aug 26 13:21:02.125128: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:21:02.125132: | counting wild cards for 1.2.3.4 is 0 Aug 26 13:21:02.125135: | counting wild cards for 5.6.7.8 is 0 Aug 26 13:21:02.125139: added connection description "test9" Aug 26 13:21:02.125147: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:02.125152: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Aug 26 13:21:02.125158: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.125163: | spent 0.149 milliseconds in whack Aug 26 13:21:02.286246: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.286275: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.286282: Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP Aug 26 13:21:02.286308: | flush revival: connection 'failtestmanual1' wasn't on the list Aug 26 13:21:02.286315: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.286326: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.286334: | spent 0.0886 milliseconds in whack Aug 26 13:21:02.342961: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.342984: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.342990: Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2 Aug 26 13:21:02.342999: | flush revival: connection 'failtestmanual2' wasn't on the list Aug 26 13:21:02.343002: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.343010: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.343015: | spent 0.0632 milliseconds in whack Aug 26 13:21:02.400741: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.400780: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.400790: Failed to add connection "failtestmanual3": leftauth=null is unequal to rightauth=rsasig so authby=PSK must not be set Aug 26 13:21:02.400800: | flush revival: connection 'failtestmanual3' wasn't on the list Aug 26 13:21:02.400816: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.400837: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.400845: | spent 0.124 milliseconds in whack Aug 26 13:21:02.473725: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.473821: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.473851: Failed to add connection "failtestmanual4": leftauth=null is unequal to rightauth=rsasig so authby=RSASIG must not be set Aug 26 13:21:02.473885: | flush revival: connection 'failtestmanual4' wasn't on the list Aug 26 13:21:02.473900: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.473937: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.473988: | spent 0.293 milliseconds in whack Aug 26 13:21:02.699320: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.699377: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.699394: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.699403: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.699412: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.699424: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.699435: Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null) Aug 26 13:21:02.699455: | flush revival: connection 'failtest0' wasn't on the list Aug 26 13:21:02.699466: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.699487: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.699505: | spent 0.2 milliseconds in whack Aug 26 13:21:02.779822: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.779841: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.779845: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.779847: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.779849: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.779852: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.779855: Failed to add connection "failtest1": leftauth= and rightauth= require ikev2 Aug 26 13:21:02.779882: | flush revival: connection 'failtest1' wasn't on the list Aug 26 13:21:02.779884: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.779893: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.779899: | spent 0.0824 milliseconds in whack Aug 26 13:21:02.854261: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.854284: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.854300: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.854306: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.854309: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.854313: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.854320: Failed to add connection "failtest2": leftauth=rsasig is unequal to rightauth=secret so authby=PSK must not be set Aug 26 13:21:02.854343: | flush revival: connection 'failtest2' wasn't on the list Aug 26 13:21:02.854348: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.854370: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.854378: | spent 0.117 milliseconds in whack Aug 26 13:21:02.929073: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:02.929103: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.929120: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.929122: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.929124: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:02.929127: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:02.929131: Failed to add connection "failtest3": leftauth=rsasig is unequal to rightauth=secret so authby=RSASIG must not be set Aug 26 13:21:02.929138: | flush revival: connection 'failtest3' wasn't on the list Aug 26 13:21:02.929140: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:02.929147: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:02.929152: | spent 0.0873 milliseconds in whack Aug 26 13:21:03.005699: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.005720: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.005724: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.005726: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.005728: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.005731: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.005736: Failed to add connection "failtest4": leftauth=rsasig is unequal to rightauth=secret so authby=AUTHNULL must not be set Aug 26 13:21:03.005742: | flush revival: connection 'failtest4' wasn't on the list Aug 26 13:21:03.005745: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.005751: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.005757: | spent 0.0648 milliseconds in whack Aug 26 13:21:03.083063: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.083099: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.083105: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.083109: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.083111: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.083116: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.083120: Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset Aug 26 13:21:03.083130: | flush revival: connection 'failtest5' wasn't on the list Aug 26 13:21:03.083134: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.083144: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.083152: | spent 0.11 milliseconds in whack Aug 26 13:21:03.159681: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.159720: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.159727: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.159731: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.159734: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.159738: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.159743: Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset Aug 26 13:21:03.159766: | flush revival: connection 'failtest6' wasn't on the list Aug 26 13:21:03.159770: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.159793: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.159800: | spent 0.512 milliseconds in whack Aug 26 13:21:03.237516: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.237552: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.237562: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.237565: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.237568: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.237584: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.237588: Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset Aug 26 13:21:03.237612: | flush revival: connection 'failtest7' wasn't on the list Aug 26 13:21:03.237616: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.237624: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.237631: | spent 0.116 milliseconds in whack Aug 26 13:21:03.314772: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.314793: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.314799: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.314803: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.314806: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.314813: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.314818: Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never Aug 26 13:21:03.314827: | flush revival: connection 'failtest8' wasn't on the list Aug 26 13:21:03.314832: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.314841: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.314850: | spent 0.0842 milliseconds in whack Aug 26 13:21:03.391132: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.391462: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.391473: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.391476: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.391478: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:03.391481: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:03.391484: Failed to add connection "failtest9": leftauth= / rightauth= options are invalid for type=passthrough connection Aug 26 13:21:03.391493: | flush revival: connection 'failtest9' wasn't on the list Aug 26 13:21:03.391496: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:21:03.391507: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.391515: | spent 0.381 milliseconds in whack Aug 26 13:21:03.574339: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:03.574604: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:03.574612: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:03.575155: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:21:03.575169: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:03.575177: | spent 0.845 milliseconds in whack Aug 26 13:21:04.061606: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:04.061817: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:04.061825: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:04.062335: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:21:04.062347: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:04.062353: | spent 0.752 milliseconds in whack Aug 26 13:21:05.051018: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:05.051036: shutting down Aug 26 13:21:05.051043: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:21:05.051046: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:05.051047: forgetting secrets Aug 26 13:21:05.051052: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:05.051056: | start processing: connection "test9" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051058: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051060: | pass 0 Aug 26 13:21:05.051062: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051063: | pass 1 Aug 26 13:21:05.051065: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051068: | flush revival: connection 'test9' wasn't on the list Aug 26 13:21:05.051072: | stop processing: connection "test9" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051080: | start processing: connection "test8" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051083: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051085: | pass 0 Aug 26 13:21:05.051087: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051089: | pass 1 Aug 26 13:21:05.051092: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051097: | flush revival: connection 'test8' wasn't on the list Aug 26 13:21:05.051100: | stop processing: connection "test8" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051108: | start processing: connection "test7" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051111: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051113: | pass 0 Aug 26 13:21:05.051115: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051116: | pass 1 Aug 26 13:21:05.051118: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051120: | flush revival: connection 'test7' wasn't on the list Aug 26 13:21:05.051122: | stop processing: connection "test7" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051127: | start processing: connection "test6" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051129: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051130: | pass 0 Aug 26 13:21:05.051132: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051133: | pass 1 Aug 26 13:21:05.051135: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051136: | flush revival: connection 'test6' wasn't on the list Aug 26 13:21:05.051138: | stop processing: connection "test6" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051143: | start processing: connection "test5" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051145: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051147: | pass 0 Aug 26 13:21:05.051148: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051150: | pass 1 Aug 26 13:21:05.051151: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051153: | flush revival: connection 'test5' wasn't on the list Aug 26 13:21:05.051155: | stop processing: connection "test5" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051160: | start processing: connection "test3" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051162: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051163: | pass 0 Aug 26 13:21:05.051165: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051166: | pass 1 Aug 26 13:21:05.051168: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051170: | flush revival: connection 'test3' wasn't on the list Aug 26 13:21:05.051171: | stop processing: connection "test3" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051177: | start processing: connection "test2" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051178: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051180: | pass 0 Aug 26 13:21:05.051181: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051183: | pass 1 Aug 26 13:21:05.051184: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051186: | flush revival: connection 'test2' wasn't on the list Aug 26 13:21:05.051188: | stop processing: connection "test2" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051193: | start processing: connection "test1" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051195: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051196: | pass 0 Aug 26 13:21:05.051198: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051199: | pass 1 Aug 26 13:21:05.051201: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051202: | flush revival: connection 'test1' wasn't on the list Aug 26 13:21:05.051204: | stop processing: connection "test1" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051211: | start processing: connection "test-passthrough" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051213: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051214: | pass 0 Aug 26 13:21:05.051216: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051217: | pass 1 Aug 26 13:21:05.051219: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051221: | flush revival: connection 'test-passthrough' wasn't on the list Aug 26 13:21:05.051223: | stop processing: connection "test-passthrough" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051225: | start processing: connection "test-v1-rsasig" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051227: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051229: | pass 0 Aug 26 13:21:05.051230: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051232: | pass 1 Aug 26 13:21:05.051233: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051235: | flush revival: connection 'test-v1-rsasig' wasn't on the list Aug 26 13:21:05.051237: | stop processing: connection "test-v1-rsasig" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051240: | start processing: connection "test-v1-secret" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051241: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051243: | pass 0 Aug 26 13:21:05.051244: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051246: | pass 1 Aug 26 13:21:05.051247: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051249: | flush revival: connection 'test-v1-secret' wasn't on the list Aug 26 13:21:05.051251: | stop processing: connection "test-v1-secret" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051254: | start processing: connection "test-default" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051255: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051257: | pass 0 Aug 26 13:21:05.051258: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051260: | pass 1 Aug 26 13:21:05.051261: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051263: | flush revival: connection 'test-default' wasn't on the list Aug 26 13:21:05.051265: | stop processing: connection "test-default" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051270: | start processing: connection "testmanual3" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051272: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051273: | pass 0 Aug 26 13:21:05.051275: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051277: | pass 1 Aug 26 13:21:05.051278: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051280: | flush revival: connection 'testmanual3' wasn't on the list Aug 26 13:21:05.051282: | stop processing: connection "testmanual3" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051287: | start processing: connection "testmanual2" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051293: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051295: | pass 0 Aug 26 13:21:05.051296: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051298: | pass 1 Aug 26 13:21:05.051299: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051301: | flush revival: connection 'testmanual2' wasn't on the list Aug 26 13:21:05.051303: | stop processing: connection "testmanual2" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051308: | start processing: connection "testmanual1" (in delete_connection() at connections.c:189) Aug 26 13:21:05.051311: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:21:05.051313: | pass 0 Aug 26 13:21:05.051314: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051316: | pass 1 Aug 26 13:21:05.051317: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:05.051319: | flush revival: connection 'testmanual1' wasn't on the list Aug 26 13:21:05.051321: | stop processing: connection "testmanual1" (in discard_connection() at connections.c:249) Aug 26 13:21:05.051326: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:21:05.051328: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:21:05.051339: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:21:05.051342: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:21:05.051344: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:21:05.051346: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:21:05.051348: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:21:05.051350: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:21:05.051353: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:21:05.051359: | libevent_free: release ptr-libevent@0x55a876b13668 Aug 26 13:21:05.051361: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f308 Aug 26 13:21:05.051370: | libevent_free: release ptr-libevent@0x55a876aaf498 Aug 26 13:21:05.051372: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f3b8 Aug 26 13:21:05.051377: | libevent_free: release ptr-libevent@0x55a876ab1338 Aug 26 13:21:05.051379: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f468 Aug 26 13:21:05.051384: | libevent_free: release ptr-libevent@0x55a876aae488 Aug 26 13:21:05.051386: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f518 Aug 26 13:21:05.051391: | libevent_free: release ptr-libevent@0x55a876a7e4e8 Aug 26 13:21:05.051393: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f5c8 Aug 26 13:21:05.051397: | libevent_free: release ptr-libevent@0x55a876a7e1d8 Aug 26 13:21:05.051399: | free_event_entry: release EVENT_NULL-pe@0x55a876b1f678 Aug 26 13:21:05.051403: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:21:05.051805: | libevent_free: release ptr-libevent@0x55a876b13718 Aug 26 13:21:05.051814: | free_event_entry: release EVENT_NULL-pe@0x55a876b07488 Aug 26 13:21:05.051820: | libevent_free: release ptr-libevent@0x55a876ab1238 Aug 26 13:21:05.051823: | free_event_entry: release EVENT_NULL-pe@0x55a876b07418 Aug 26 13:21:05.051829: | libevent_free: release ptr-libevent@0x55a876aeacd8 Aug 26 13:21:05.051832: | free_event_entry: release EVENT_NULL-pe@0x55a876b068d8 Aug 26 13:21:05.051837: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:21:05.051841: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:21:05.051843: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:21:05.051844: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:21:05.051846: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:21:05.051848: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:21:05.051849: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:21:05.051851: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:21:05.051853: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:21:05.051857: | libevent_free: release ptr-libevent@0x55a876aae9e8 Aug 26 13:21:05.051859: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:21:05.051861: | libevent_free: release ptr-libevent@0x55a876b1eae8 Aug 26 13:21:05.051863: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:21:05.051865: | libevent_free: release ptr-libevent@0x55a876b1ebf8 Aug 26 13:21:05.051867: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:21:05.051869: | libevent_free: release ptr-libevent@0x55a876b1ee38 Aug 26 13:21:05.051870: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:21:05.051872: | releasing event base Aug 26 13:21:05.051882: | libevent_free: release ptr-libevent@0x55a876b1ed08 Aug 26 13:21:05.051886: | libevent_free: release ptr-libevent@0x55a876b01cc8 Aug 26 13:21:05.051889: | libevent_free: release ptr-libevent@0x55a876b01c78 Aug 26 13:21:05.051891: | libevent_free: release ptr-libevent@0x55a876b01c08 Aug 26 13:21:05.051893: | libevent_free: release ptr-libevent@0x55a876b01bc8 Aug 26 13:21:05.051895: | libevent_free: release ptr-libevent@0x55a876b1e9e8 Aug 26 13:21:05.051897: | libevent_free: release ptr-libevent@0x55a876b1ea68 Aug 26 13:21:05.051898: | libevent_free: release ptr-libevent@0x55a876b01e78 Aug 26 13:21:05.051900: | libevent_free: release ptr-libevent@0x55a876b069e8 Aug 26 13:21:05.051902: | libevent_free: release ptr-libevent@0x55a876b073d8 Aug 26 13:21:05.051903: | libevent_free: release ptr-libevent@0x55a876b1f6e8 Aug 26 13:21:05.051905: | libevent_free: release ptr-libevent@0x55a876b1f638 Aug 26 13:21:05.051906: | libevent_free: release ptr-libevent@0x55a876b1f588 Aug 26 13:21:05.051908: | libevent_free: release ptr-libevent@0x55a876b1f4d8 Aug 26 13:21:05.051910: | libevent_free: release ptr-libevent@0x55a876b1f428 Aug 26 13:21:05.051911: | libevent_free: release ptr-libevent@0x55a876b1f378 Aug 26 13:21:05.051913: | libevent_free: release ptr-libevent@0x55a876aaeb48 Aug 26 13:21:05.051915: | libevent_free: release ptr-libevent@0x55a876b1ebb8 Aug 26 13:21:05.051916: | libevent_free: release ptr-libevent@0x55a876b1eaa8 Aug 26 13:21:05.051918: | libevent_free: release ptr-libevent@0x55a876b1ea28 Aug 26 13:21:05.051919: | libevent_free: release ptr-libevent@0x55a876b1ecc8 Aug 26 13:21:05.051921: | libevent_free: release ptr-libevent@0x55a876aadcd8 Aug 26 13:21:05.051923: | libevent_free: release ptr-libevent@0x55a876a7d908 Aug 26 13:21:05.051925: | libevent_free: release ptr-libevent@0x55a876a7dd38 Aug 26 13:21:05.051926: | libevent_free: release ptr-libevent@0x55a876aae048 Aug 26 13:21:05.051928: | releasing global libevent data Aug 26 13:21:05.051930: | libevent_free: release ptr-libevent@0x55a876a83138 Aug 26 13:21:05.051932: | libevent_free: release ptr-libevent@0x55a876a7dcd8 Aug 26 13:21:05.051934: | libevent_free: release ptr-libevent@0x55a876a7ddd8 Aug 26 13:21:05.051962: leak detective found no leaks