Aug 26 13:23:36.985371: FIPS Product: YES Aug 26 13:23:36.985446: FIPS Kernel: NO Aug 26 13:23:36.985448: FIPS Mode: NO Aug 26 13:23:36.985450: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:23:36.985569: Initializing NSS Aug 26 13:23:36.985574: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:23:37.012340: NSS initialized Aug 26 13:23:37.012358: NSS crypto library initialized Aug 26 13:23:37.012361: FIPS HMAC integrity support [enabled] Aug 26 13:23:37.012362: FIPS mode disabled for pluto daemon Aug 26 13:23:37.047216: FIPS HMAC integrity verification self-test FAILED Aug 26 13:23:37.047334: libcap-ng support [enabled] Aug 26 13:23:37.047342: Linux audit support [enabled] Aug 26 13:23:37.047363: Linux audit activated Aug 26 13:23:37.047370: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:14053 Aug 26 13:23:37.047372: core dump dir: /tmp Aug 26 13:23:37.047374: secrets file: /etc/ipsec.secrets Aug 26 13:23:37.047375: leak-detective enabled Aug 26 13:23:37.047376: NSS crypto [enabled] Aug 26 13:23:37.047378: XAUTH PAM support [enabled] Aug 26 13:23:37.047431: | libevent is using pluto's memory allocator Aug 26 13:23:37.047436: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:23:37.047449: | libevent_malloc: new ptr-libevent@0x55d8a66aba08 size 40 Aug 26 13:23:37.047451: | libevent_malloc: new ptr-libevent@0x55d8a66abcd8 size 40 Aug 26 13:23:37.047453: | libevent_malloc: new ptr-libevent@0x55d8a66abdd8 size 40 Aug 26 13:23:37.047455: | creating event base Aug 26 13:23:37.047457: | libevent_malloc: new ptr-libevent@0x55d8a67303e8 size 56 Aug 26 13:23:37.047460: | libevent_malloc: new ptr-libevent@0x55d8a66d4718 size 664 Aug 26 13:23:37.047469: | libevent_malloc: new ptr-libevent@0x55d8a6730458 size 24 Aug 26 13:23:37.047471: | libevent_malloc: new ptr-libevent@0x55d8a67304a8 size 384 Aug 26 13:23:37.047478: | libevent_malloc: new ptr-libevent@0x55d8a67303a8 size 16 Aug 26 13:23:37.047480: | libevent_malloc: new ptr-libevent@0x55d8a66ab908 size 40 Aug 26 13:23:37.047482: | libevent_malloc: new ptr-libevent@0x55d8a66abd38 size 48 Aug 26 13:23:37.047485: | libevent_realloc: new ptr-libevent@0x55d8a66d7838 size 256 Aug 26 13:23:37.047487: | libevent_malloc: new ptr-libevent@0x55d8a6730658 size 16 Aug 26 13:23:37.047491: | libevent_free: release ptr-libevent@0x55d8a67303e8 Aug 26 13:23:37.047494: | libevent initialized Aug 26 13:23:37.047496: | libevent_realloc: new ptr-libevent@0x55d8a67303e8 size 64 Aug 26 13:23:37.047500: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:23:37.047511: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:23:37.047513: NAT-Traversal support [enabled] Aug 26 13:23:37.047515: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:23:37.047519: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:23:37.047522: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:23:37.047549: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:23:37.047552: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:23:37.047554: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:23:37.047585: Encryption algorithms: Aug 26 13:23:37.047591: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:23:37.047593: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:23:37.047596: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:23:37.047598: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:23:37.047600: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:23:37.047607: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:23:37.047609: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:23:37.047612: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:23:37.047614: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:23:37.047616: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:23:37.047618: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:23:37.047620: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:23:37.047623: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:23:37.047625: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:23:37.047627: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:23:37.047629: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:23:37.047631: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:23:37.047636: Hash algorithms: Aug 26 13:23:37.047638: MD5 IKEv1: IKE IKEv2: Aug 26 13:23:37.047639: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:23:37.047641: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:23:37.047643: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:23:37.047645: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:23:37.047653: PRF algorithms: Aug 26 13:23:37.047655: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:23:37.047657: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:23:37.047659: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:23:37.047661: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:23:37.047663: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:23:37.047665: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:23:37.047681: Integrity algorithms: Aug 26 13:23:37.047683: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:23:37.047685: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:23:37.047688: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:23:37.047690: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:23:37.047693: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:23:37.047694: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:23:37.047697: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:23:37.047699: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:23:37.047701: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:23:37.047708: DH algorithms: Aug 26 13:23:37.047710: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:23:37.047712: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:23:37.047714: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:23:37.047717: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:23:37.047719: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:23:37.047721: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:23:37.047722: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:23:37.047724: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:23:37.047726: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:23:37.047728: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:23:37.047730: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:23:37.047732: testing CAMELLIA_CBC: Aug 26 13:23:37.047734: Camellia: 16 bytes with 128-bit key Aug 26 13:23:37.047820: Camellia: 16 bytes with 128-bit key Aug 26 13:23:37.047839: Camellia: 16 bytes with 256-bit key Aug 26 13:23:37.047856: Camellia: 16 bytes with 256-bit key Aug 26 13:23:37.047874: testing AES_GCM_16: Aug 26 13:23:37.047876: empty string Aug 26 13:23:37.047895: one block Aug 26 13:23:37.047911: two blocks Aug 26 13:23:37.047926: two blocks with associated data Aug 26 13:23:37.047942: testing AES_CTR: Aug 26 13:23:37.047944: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:23:37.047961: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:23:37.047977: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:23:37.047994: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:23:37.048010: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:23:37.048026: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:23:37.048043: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:23:37.048058: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:23:37.048076: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:23:37.048092: testing AES_CBC: Aug 26 13:23:37.048094: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:23:37.048111: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.048129: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.048146: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.048166: testing AES_XCBC: Aug 26 13:23:37.048168: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:23:37.048239: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:23:37.048386: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:23:37.048488: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:23:37.048618: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:23:37.048756: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:23:37.048893: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:23:37.049197: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:23:37.049372: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:23:37.049508: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:23:37.049652: testing HMAC_MD5: Aug 26 13:23:37.049655: RFC 2104: MD5_HMAC test 1 Aug 26 13:23:37.049760: RFC 2104: MD5_HMAC test 2 Aug 26 13:23:37.049851: RFC 2104: MD5_HMAC test 3 Aug 26 13:23:37.050005: 8 CPU cores online Aug 26 13:23:37.050008: starting up 7 crypto helpers Aug 26 13:23:37.050032: started thread for crypto helper 0 Aug 26 13:23:37.050049: started thread for crypto helper 1 Aug 26 13:23:37.050059: | starting up helper thread 0 Aug 26 13:23:37.050090: | starting up helper thread 2 Aug 26 13:23:37.050085: started thread for crypto helper 2 Aug 26 13:23:37.050087: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:23:37.050102: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:23:37.050116: started thread for crypto helper 3 Aug 26 13:23:37.050118: | starting up helper thread 3 Aug 26 13:23:37.050125: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:23:37.050084: | starting up helper thread 1 Aug 26 13:23:37.050109: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:37.050170: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:23:37.050174: | crypto helper 2 waiting (nothing to do) Aug 26 13:23:37.050161: started thread for crypto helper 4 Aug 26 13:23:37.050181: | crypto helper 3 waiting (nothing to do) Aug 26 13:23:37.050166: | starting up helper thread 4 Aug 26 13:23:37.050185: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:37.050191: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:23:37.050195: | crypto helper 4 waiting (nothing to do) Aug 26 13:23:37.050199: started thread for crypto helper 5 Aug 26 13:23:37.050215: started thread for crypto helper 6 Aug 26 13:23:37.050217: | starting up helper thread 6 Aug 26 13:23:37.050223: | checking IKEv1 state table Aug 26 13:23:37.050223: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:23:37.050230: | crypto helper 6 waiting (nothing to do) Aug 26 13:23:37.050232: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050235: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:23:37.050237: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050239: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:23:37.050241: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:23:37.050243: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:23:37.050244: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.050246: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.050247: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:23:37.050249: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:23:37.050250: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.050252: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.050254: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:23:37.050255: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.050257: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.050258: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:37.050260: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:23:37.050261: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.050263: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.050264: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:37.050266: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:23:37.050268: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050270: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:23:37.050271: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050273: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050274: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:23:37.050276: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050278: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:37.050279: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:37.050281: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:23:37.050283: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:37.050284: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:37.050286: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:23:37.050294: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050300: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.050302: | starting up helper thread 5 Aug 26 13:23:37.050303: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050314: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:23:37.050331: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:23:37.050338: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:23:37.050334: | crypto helper 5 waiting (nothing to do) Aug 26 13:23:37.050342: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:23:37.050351: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:23:37.050353: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:23:37.050355: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:23:37.050357: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:23:37.050358: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050360: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:23:37.050362: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050363: | INFO: category: informational flags: 0: Aug 26 13:23:37.050365: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050366: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:23:37.050368: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050370: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:23:37.050371: | -> XAUTH_R1 EVENT_NULL Aug 26 13:23:37.050373: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:23:37.050374: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.050376: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:23:37.050378: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:23:37.050379: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:23:37.050381: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:23:37.050383: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.050384: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.050386: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:23:37.050387: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.050389: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.050391: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:23:37.050392: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:23:37.050394: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:23:37.050398: | checking IKEv2 state table Aug 26 13:23:37.050402: | PARENT_I0: category: ignore flags: 0: Aug 26 13:23:37.050404: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:23:37.050406: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050408: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:23:37.050410: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:23:37.050412: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:23:37.050414: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:23:37.050416: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:23:37.050417: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:23:37.050419: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:23:37.050421: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:23:37.050423: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:23:37.050424: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:23:37.050426: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:23:37.050428: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:23:37.050429: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:23:37.050431: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050433: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:23:37.050434: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.050436: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:23:37.050438: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:23:37.050440: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.050441: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:23:37.050445: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:23:37.050447: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:23:37.050449: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:23:37.050450: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.050452: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:23:37.050454: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:23:37.050456: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:23:37.050458: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.050459: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:37.050461: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:23:37.050463: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:23:37.050465: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.050466: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:23:37.050468: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:23:37.050470: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:23:37.050472: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:23:37.050474: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:23:37.050475: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:37.050477: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:23:37.050479: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:23:37.050481: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:23:37.050483: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:23:37.050484: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:23:37.050486: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:23:37.050495: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:23:37.050785: | Hard-wiring algorithms Aug 26 13:23:37.050788: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:23:37.050791: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:23:37.050792: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:23:37.050794: | adding 3DES_CBC to kernel algorithm db Aug 26 13:23:37.050795: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:23:37.050797: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:23:37.050799: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:23:37.050800: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:23:37.050802: | adding AES_CTR to kernel algorithm db Aug 26 13:23:37.050804: | adding AES_CBC to kernel algorithm db Aug 26 13:23:37.050805: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:23:37.050807: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:23:37.050809: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:23:37.050810: | adding NULL to kernel algorithm db Aug 26 13:23:37.050812: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:23:37.050814: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:23:37.050815: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:23:37.050817: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:23:37.050818: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:23:37.050820: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:23:37.050822: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:23:37.050823: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:23:37.050825: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:23:37.050826: | adding NONE to kernel algorithm db Aug 26 13:23:37.050843: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:23:37.050847: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:23:37.050849: | setup kernel fd callback Aug 26 13:23:37.050851: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d8a6734ff8 Aug 26 13:23:37.050855: | libevent_malloc: new ptr-libevent@0x55d8a67195f8 size 128 Aug 26 13:23:37.050857: | libevent_malloc: new ptr-libevent@0x55d8a6735108 size 16 Aug 26 13:23:37.050861: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d8a6735b38 Aug 26 13:23:37.050862: | libevent_malloc: new ptr-libevent@0x55d8a66d7968 size 128 Aug 26 13:23:37.050864: | libevent_malloc: new ptr-libevent@0x55d8a6735af8 size 16 Aug 26 13:23:37.051003: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:23:37.051009: selinux support is enabled. Aug 26 13:23:37.051230: | unbound context created - setting debug level to 5 Aug 26 13:23:37.051251: | /etc/hosts lookups activated Aug 26 13:23:37.051261: | /etc/resolv.conf usage activated Aug 26 13:23:37.051305: | outgoing-port-avoid set 0-65535 Aug 26 13:23:37.051340: | outgoing-port-permit set 32768-60999 Aug 26 13:23:37.051344: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:23:37.051347: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:23:37.051362: | Setting up events, loop start Aug 26 13:23:37.051364: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d8a6735ba8 Aug 26 13:23:37.051366: | libevent_malloc: new ptr-libevent@0x55d8a6741e38 size 128 Aug 26 13:23:37.051368: | libevent_malloc: new ptr-libevent@0x55d8a674d108 size 16 Aug 26 13:23:37.051372: | libevent_realloc: new ptr-libevent@0x55d8a66d43a8 size 256 Aug 26 13:23:37.051374: | libevent_malloc: new ptr-libevent@0x55d8a674d148 size 8 Aug 26 13:23:37.051376: | libevent_realloc: new ptr-libevent@0x55d8a66a7918 size 144 Aug 26 13:23:37.051378: | libevent_malloc: new ptr-libevent@0x55d8a66d8e38 size 152 Aug 26 13:23:37.051380: | libevent_malloc: new ptr-libevent@0x55d8a674d188 size 16 Aug 26 13:23:37.051383: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:23:37.051385: | libevent_malloc: new ptr-libevent@0x55d8a674d1c8 size 8 Aug 26 13:23:37.051387: | libevent_malloc: new ptr-libevent@0x55d8a674d208 size 152 Aug 26 13:23:37.051389: | signal event handler PLUTO_SIGTERM installed Aug 26 13:23:37.051391: | libevent_malloc: new ptr-libevent@0x55d8a674d2d8 size 8 Aug 26 13:23:37.051393: | libevent_malloc: new ptr-libevent@0x55d8a674d318 size 152 Aug 26 13:23:37.051395: | signal event handler PLUTO_SIGHUP installed Aug 26 13:23:37.051396: | libevent_malloc: new ptr-libevent@0x55d8a674d3e8 size 8 Aug 26 13:23:37.051398: | libevent_realloc: release ptr-libevent@0x55d8a66a7918 Aug 26 13:23:37.051400: | libevent_realloc: new ptr-libevent@0x55d8a674d428 size 256 Aug 26 13:23:37.051402: | libevent_malloc: new ptr-libevent@0x55d8a674d558 size 152 Aug 26 13:23:37.051404: | signal event handler PLUTO_SIGSYS installed Aug 26 13:23:37.051626: | created addconn helper (pid:14169) using fork+execve Aug 26 13:23:37.051640: | forked child 14169 Aug 26 13:23:37.051676: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.051688: listening for IKE messages Aug 26 13:23:37.051715: | Inspecting interface lo Aug 26 13:23:37.051720: | found lo with address 127.0.0.1 Aug 26 13:23:37.051722: | Inspecting interface eth0 Aug 26 13:23:37.051725: | found eth0 with address 192.0.2.254 Aug 26 13:23:37.051726: | Inspecting interface eth1 Aug 26 13:23:37.051729: | found eth1 with address 192.1.2.23 Aug 26 13:23:37.051782: Kernel supports NIC esp-hw-offload Aug 26 13:23:37.051791: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:23:37.051806: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.051810: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.051812: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:23:37.051832: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:23:37.051848: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.051851: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.051853: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:23:37.051871: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:23:37.051886: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.051889: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.051891: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:23:37.051929: | no interfaces to sort Aug 26 13:23:37.051932: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:23:37.051937: | add_fd_read_event_handler: new ethX-pe@0x55d8a674da28 Aug 26 13:23:37.051939: | libevent_malloc: new ptr-libevent@0x55d8a6741d88 size 128 Aug 26 13:23:37.051941: | libevent_malloc: new ptr-libevent@0x55d8a674da98 size 16 Aug 26 13:23:37.051945: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:37.051947: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dad8 Aug 26 13:23:37.051948: | libevent_malloc: new ptr-libevent@0x55d8a66d4b08 size 128 Aug 26 13:23:37.051950: | libevent_malloc: new ptr-libevent@0x55d8a674db48 size 16 Aug 26 13:23:37.051953: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:37.051955: | add_fd_read_event_handler: new ethX-pe@0x55d8a674db88 Aug 26 13:23:37.051958: | libevent_malloc: new ptr-libevent@0x55d8a66d7f98 size 128 Aug 26 13:23:37.051959: | libevent_malloc: new ptr-libevent@0x55d8a674dbf8 size 16 Aug 26 13:23:37.051962: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:23:37.051964: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dc38 Aug 26 13:23:37.051966: | libevent_malloc: new ptr-libevent@0x55d8a66d89a8 size 128 Aug 26 13:23:37.051967: | libevent_malloc: new ptr-libevent@0x55d8a674dca8 size 16 Aug 26 13:23:37.051970: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:23:37.051972: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dce8 Aug 26 13:23:37.051975: | libevent_malloc: new ptr-libevent@0x55d8a66ac4e8 size 128 Aug 26 13:23:37.051976: | libevent_malloc: new ptr-libevent@0x55d8a674dd58 size 16 Aug 26 13:23:37.051979: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:23:37.051981: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dd98 Aug 26 13:23:37.051983: | libevent_malloc: new ptr-libevent@0x55d8a66ac1d8 size 128 Aug 26 13:23:37.051984: | libevent_malloc: new ptr-libevent@0x55d8a674de08 size 16 Aug 26 13:23:37.051987: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:23:37.051990: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:37.051992: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:37.052009: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:37.052033: | id type added to secret(0x55d8a66a7b58) PKK_PSK: @west Aug 26 13:23:37.052035: | id type added to secret(0x55d8a66a7b58) PKK_PSK: @east Aug 26 13:23:37.052038: | Processing PSK at line 1: passed Aug 26 13:23:37.052040: | certs and keys locked by 'process_secret' Aug 26 13:23:37.052042: | certs and keys unlocked by 'process_secret' Aug 26 13:23:37.052049: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.052054: | spent 0.386 milliseconds in whack Aug 26 13:23:37.074118: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.074141: listening for IKE messages Aug 26 13:23:37.074168: | Inspecting interface lo Aug 26 13:23:37.074173: | found lo with address 127.0.0.1 Aug 26 13:23:37.074176: | Inspecting interface eth0 Aug 26 13:23:37.074178: | found eth0 with address 192.0.2.254 Aug 26 13:23:37.074180: | Inspecting interface eth1 Aug 26 13:23:37.074183: | found eth1 with address 192.1.2.23 Aug 26 13:23:37.074223: | no interfaces to sort Aug 26 13:23:37.074233: | libevent_free: release ptr-libevent@0x55d8a6741d88 Aug 26 13:23:37.074236: | free_event_entry: release EVENT_NULL-pe@0x55d8a674da28 Aug 26 13:23:37.074238: | add_fd_read_event_handler: new ethX-pe@0x55d8a674da28 Aug 26 13:23:37.074241: | libevent_malloc: new ptr-libevent@0x55d8a6741d88 size 128 Aug 26 13:23:37.074246: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:37.074248: | libevent_free: release ptr-libevent@0x55d8a66d4b08 Aug 26 13:23:37.074250: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dad8 Aug 26 13:23:37.074252: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dad8 Aug 26 13:23:37.074253: | libevent_malloc: new ptr-libevent@0x55d8a66d4b08 size 128 Aug 26 13:23:37.074257: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:37.074259: | libevent_free: release ptr-libevent@0x55d8a66d7f98 Aug 26 13:23:37.074261: | free_event_entry: release EVENT_NULL-pe@0x55d8a674db88 Aug 26 13:23:37.074263: | add_fd_read_event_handler: new ethX-pe@0x55d8a674db88 Aug 26 13:23:37.074264: | libevent_malloc: new ptr-libevent@0x55d8a66d7f98 size 128 Aug 26 13:23:37.074268: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:23:37.074270: | libevent_free: release ptr-libevent@0x55d8a66d89a8 Aug 26 13:23:37.074272: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dc38 Aug 26 13:23:37.074274: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dc38 Aug 26 13:23:37.074275: | libevent_malloc: new ptr-libevent@0x55d8a66d89a8 size 128 Aug 26 13:23:37.074304: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:23:37.074312: | libevent_free: release ptr-libevent@0x55d8a66ac4e8 Aug 26 13:23:37.074316: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dce8 Aug 26 13:23:37.074319: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dce8 Aug 26 13:23:37.074322: | libevent_malloc: new ptr-libevent@0x55d8a66ac4e8 size 128 Aug 26 13:23:37.074340: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:23:37.074344: | libevent_free: release ptr-libevent@0x55d8a66ac1d8 Aug 26 13:23:37.074347: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dd98 Aug 26 13:23:37.074350: | add_fd_read_event_handler: new ethX-pe@0x55d8a674dd98 Aug 26 13:23:37.074353: | libevent_malloc: new ptr-libevent@0x55d8a66ac1d8 size 128 Aug 26 13:23:37.074358: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:23:37.074362: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:37.074364: forgetting secrets Aug 26 13:23:37.074372: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:37.074386: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:37.074393: | id type added to secret(0x55d8a66a7b58) PKK_PSK: @west Aug 26 13:23:37.074397: | id type added to secret(0x55d8a66a7b58) PKK_PSK: @east Aug 26 13:23:37.074401: | Processing PSK at line 1: passed Aug 26 13:23:37.074403: | certs and keys locked by 'process_secret' Aug 26 13:23:37.074406: | certs and keys unlocked by 'process_secret' Aug 26 13:23:37.074416: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.074424: | spent 0.302 milliseconds in whack Aug 26 13:23:37.074876: | processing signal PLUTO_SIGCHLD Aug 26 13:23:37.074900: | waitpid returned pid 14169 (exited with status 0) Aug 26 13:23:37.074903: | reaped addconn helper child (status 0) Aug 26 13:23:37.074907: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:37.074910: | spent 0.0259 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:37.136958: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.136977: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.136980: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:37.136982: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.136983: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:37.136986: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.136992: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:37.137062: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:23:37.137065: | from whack: got --esp= Aug 26 13:23:37.137097: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:23:37.137103: | counting wild cards for @west is 0 Aug 26 13:23:37.137107: | counting wild cards for @east is 0 Aug 26 13:23:37.137117: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 13:23:37.137121: | new hp@0x55d8a6750258 Aug 26 13:23:37.137125: added connection description "east" Aug 26 13:23:37.137135: | ike_life: 3600s; ipsec_life: 30s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:37.137160: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 13:23:37.137169: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.137177: | spent 0.226 milliseconds in whack Aug 26 13:23:37.137200: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.137210: add keyid @west Aug 26 13:23:37.137215: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:23:37.137218: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:23:37.137220: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:23:37.137223: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:23:37.137225: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:23:37.137228: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:23:37.137231: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:23:37.137233: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:23:37.137236: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:23:37.137238: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:23:37.137241: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:23:37.137243: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:23:37.137246: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:23:37.137248: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:23:37.137250: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:23:37.137253: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:23:37.137255: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:23:37.137257: | add pubkey 15 04 37 f9 Aug 26 13:23:37.137300: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:23:37.137306: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:23:37.137331: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.137336: | spent 0.138 milliseconds in whack Aug 26 13:23:37.137398: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.137410: add keyid @east Aug 26 13:23:37.137414: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:23:37.137415: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:23:37.137417: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:23:37.137419: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:23:37.137423: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:23:37.137425: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:23:37.137426: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:23:37.137428: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:23:37.137430: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:23:37.137431: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:23:37.137433: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:23:37.137434: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:23:37.137436: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:23:37.137437: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:23:37.137439: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:23:37.137440: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:23:37.137442: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:23:37.137444: | add pubkey 51 51 48 ef Aug 26 13:23:37.137455: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:23:37.137457: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:23:37.137465: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.137469: | spent 0.0763 milliseconds in whack Aug 26 13:23:38.327889: | spent 0.00956 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:38.328022: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:23:38.328046: | 4f 2c 70 31 f8 84 a1 b5 00 00 00 00 00 00 00 00 Aug 26 13:23:38.328061: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:23:38.328071: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:23:38.328079: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:23:38.328086: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:23:38.328093: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:23:38.328101: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:23:38.328108: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:23:38.328115: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:23:38.328123: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:23:38.328130: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:23:38.328137: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:23:38.328145: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:23:38.328152: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:23:38.328159: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:23:38.328167: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:23:38.328174: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:23:38.328181: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:23:38.328189: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:23:38.328196: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:23:38.328203: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:23:38.328210: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:23:38.328218: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:23:38.328225: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:23:38.328232: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:23:38.328240: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:23:38.328247: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:23:38.328254: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:23:38.328262: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:23:38.328269: | 28 00 01 08 00 0e 00 00 02 27 9f e0 f3 6c 76 a1 Aug 26 13:23:38.328322: | fd 9a 6c 82 0d be 05 47 8a 56 6a e5 c9 97 2a 35 Aug 26 13:23:38.328332: | 31 3c ce 92 36 e6 ea c6 1a 00 3d bc 3d 91 01 59 Aug 26 13:23:38.328340: | ba ff 58 1c 9f 4a 5c e4 57 0f f0 71 fa a3 e7 58 Aug 26 13:23:38.328347: | a4 8b 62 19 2b 32 93 d8 d8 2f af 7a e7 8e 82 6d Aug 26 13:23:38.328362: | d2 95 93 a2 4c ec 91 a9 a0 b2 db fd a1 b0 c4 00 Aug 26 13:23:38.328369: | 59 94 7b 23 de 09 50 93 a1 f3 8e c0 32 1e aa d9 Aug 26 13:23:38.328377: | 85 f7 9a 48 2a 2a 86 14 c6 8f 78 c6 50 19 1f 8d Aug 26 13:23:38.328384: | fc fb 2a 5b 79 9e 81 ed f2 ca 0f e0 63 cb a6 28 Aug 26 13:23:38.328391: | 10 2a 80 4f a0 5d a4 1f 7f c6 0c 2a cd 62 a3 7b Aug 26 13:23:38.328399: | 0b f9 a3 d6 0e 9b aa 90 57 21 0b 05 bd 07 67 b2 Aug 26 13:23:38.328406: | 4d 1b 9e 8b fc ee 7e a0 f0 37 5b 58 74 2a f7 ec Aug 26 13:23:38.328413: | e6 3d 71 5a 90 f1 9b 30 e8 97 b5 9a 76 e4 ad e1 Aug 26 13:23:38.328421: | 7a 9c d3 d1 fe cc f1 87 3c 95 37 74 3c be 6b 55 Aug 26 13:23:38.328428: | c1 a2 63 db fd c0 f1 d2 f2 94 bf fa 51 a8 06 f4 Aug 26 13:23:38.328435: | 4a f2 40 4a 46 ae 75 21 d9 93 ba 20 86 dc 5d 3a Aug 26 13:23:38.328443: | 4c 09 92 86 f2 2b 84 d7 29 00 00 24 69 22 14 5f Aug 26 13:23:38.328450: | 4b 98 b9 b5 49 a7 d2 d8 c0 d9 23 a1 34 6e 76 dc Aug 26 13:23:38.328457: | cf 19 40 e3 53 48 74 e1 71 a9 4f ba 29 00 00 08 Aug 26 13:23:38.328465: | 00 00 40 2e 29 00 00 1c 00 00 40 04 a7 71 13 b5 Aug 26 13:23:38.328472: | 72 94 09 68 b3 09 35 71 c5 41 e2 6c 0a a9 05 aa Aug 26 13:23:38.328479: | 00 00 00 1c 00 00 40 05 99 43 7c 29 b9 86 e6 0e Aug 26 13:23:38.328487: | 7d 65 bf 33 2b 05 9d 3d 83 bb 7e e4 Aug 26 13:23:38.328509: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:23:38.328521: | **parse ISAKMP Message: Aug 26 13:23:38.328530: | initiator cookie: Aug 26 13:23:38.328537: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.328545: | responder cookie: Aug 26 13:23:38.328552: | 00 00 00 00 00 00 00 00 Aug 26 13:23:38.328562: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:38.328570: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:38.328579: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:38.328587: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:38.328596: | Message ID: 0 (0x0) Aug 26 13:23:38.328604: | length: 828 (0x33c) Aug 26 13:23:38.328614: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:23:38.328624: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:23:38.328635: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:23:38.328644: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:38.328655: | ***parse IKEv2 Security Association Payload: Aug 26 13:23:38.328663: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:23:38.328671: | flags: none (0x0) Aug 26 13:23:38.328678: | length: 436 (0x1b4) Aug 26 13:23:38.328687: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:23:38.328695: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:23:38.328703: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:23:38.328711: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:23:38.328719: | flags: none (0x0) Aug 26 13:23:38.328726: | length: 264 (0x108) Aug 26 13:23:38.328734: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.328742: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:23:38.328750: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:23:38.328758: | ***parse IKEv2 Nonce Payload: Aug 26 13:23:38.328766: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:38.328773: | flags: none (0x0) Aug 26 13:23:38.328781: | length: 36 (0x24) Aug 26 13:23:38.328788: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:23:38.328796: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:38.328805: | ***parse IKEv2 Notify Payload: Aug 26 13:23:38.328820: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:38.328828: | flags: none (0x0) Aug 26 13:23:38.328836: | length: 8 (0x8) Aug 26 13:23:38.328844: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.328852: | SPI size: 0 (0x0) Aug 26 13:23:38.328861: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:38.328869: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:23:38.328876: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:38.328884: | ***parse IKEv2 Notify Payload: Aug 26 13:23:38.328892: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:38.328900: | flags: none (0x0) Aug 26 13:23:38.328907: | length: 28 (0x1c) Aug 26 13:23:38.328915: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.328922: | SPI size: 0 (0x0) Aug 26 13:23:38.328930: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:38.328938: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:38.328945: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:38.328953: | ***parse IKEv2 Notify Payload: Aug 26 13:23:38.328961: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.328968: | flags: none (0x0) Aug 26 13:23:38.328976: | length: 28 (0x1c) Aug 26 13:23:38.328983: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.328991: | SPI size: 0 (0x0) Aug 26 13:23:38.328999: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:38.329007: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:38.329015: | DDOS disabled and no cookie sent, continuing Aug 26 13:23:38.329031: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:23:38.329046: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:23:38.329056: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:23:38.329067: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) Aug 26 13:23:38.329076: | find_next_host_connection returns empty Aug 26 13:23:38.329089: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:23:38.329098: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:23:38.329106: | find_next_host_connection returns empty Aug 26 13:23:38.329117: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:23:38.329131: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:23:38.329144: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:23:38.329153: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:23:38.329162: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) Aug 26 13:23:38.329170: | find_next_host_connection returns empty Aug 26 13:23:38.329182: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:23:38.329190: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:23:38.329198: | find_next_host_connection returns empty Aug 26 13:23:38.329209: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 13:23:38.329223: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 13:23:38.329236: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:23:38.329244: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:23:38.329254: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) Aug 26 13:23:38.329262: | find_next_host_connection returns east Aug 26 13:23:38.329270: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:23:38.329283: | find_next_host_connection returns empty Aug 26 13:23:38.329307: | found connection: east with policy PSK+IKEV2_ALLOW Aug 26 13:23:38.329373: | creating state object #1 at 0x55d8a6752478 Aug 26 13:23:38.329392: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:23:38.329418: | pstats #1 ikev2.ike started Aug 26 13:23:38.329430: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:23:38.329440: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:23:38.329457: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:38.329480: | #1 spent 1.5 milliseconds Aug 26 13:23:38.329497: | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:38.329506: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:23:38.329520: | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:23:38.329530: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:23:38.329542: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:23:38.329557: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:23:38.329566: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:23:38.329574: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:23:38.329582: | Now let's proceed with state specific processing Aug 26 13:23:38.329590: | calling processor Respond to IKE_SA_INIT Aug 26 13:23:38.329601: | #1 spent 1.62 milliseconds Aug 26 13:23:38.329629: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:23:38.329639: | constructing local IKE proposals for east (IKE SA responder matching remote proposals) Aug 26 13:23:38.329663: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:38.329685: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:38.329698: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:38.329714: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:38.329726: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:38.329742: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:38.329753: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:38.329769: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:38.329798: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:38.329825: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:23:38.329844: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:38.329853: | local proposal 1 type PRF has 2 transforms Aug 26 13:23:38.329861: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:38.329869: | local proposal 1 type DH has 8 transforms Aug 26 13:23:38.329877: | local proposal 1 type ESN has 0 transforms Aug 26 13:23:38.329888: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:38.329897: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:38.329904: | local proposal 2 type PRF has 2 transforms Aug 26 13:23:38.329912: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:38.329920: | local proposal 2 type DH has 8 transforms Aug 26 13:23:38.329928: | local proposal 2 type ESN has 0 transforms Aug 26 13:23:38.329937: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:38.329945: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:38.329953: | local proposal 3 type PRF has 2 transforms Aug 26 13:23:38.329961: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:38.329968: | local proposal 3 type DH has 8 transforms Aug 26 13:23:38.329976: | local proposal 3 type ESN has 0 transforms Aug 26 13:23:38.329986: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:38.329994: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:38.330001: | local proposal 4 type PRF has 2 transforms Aug 26 13:23:38.330009: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:38.330017: | local proposal 4 type DH has 8 transforms Aug 26 13:23:38.330025: | local proposal 4 type ESN has 0 transforms Aug 26 13:23:38.330034: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:38.330044: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.330052: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.330061: | length: 100 (0x64) Aug 26 13:23:38.330069: | prop #: 1 (0x1) Aug 26 13:23:38.330077: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:38.330084: | spi size: 0 (0x0) Aug 26 13:23:38.330092: | # transforms: 11 (0xb) Aug 26 13:23:38.330103: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:23:38.330113: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330129: | length: 12 (0xc) Aug 26 13:23:38.330137: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.330145: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.330154: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.330162: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.330170: | length/value: 256 (0x100) Aug 26 13:23:38.330184: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:38.330193: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330208: | length: 8 (0x8) Aug 26 13:23:38.330216: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.330224: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:38.330235: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:23:38.330245: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:23:38.330254: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:23:38.330264: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:23:38.330277: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330320: | length: 8 (0x8) Aug 26 13:23:38.330328: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.330336: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:38.330345: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330358: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330365: | length: 8 (0x8) Aug 26 13:23:38.330373: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330381: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.330392: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:23:38.330402: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:23:38.330411: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:23:38.330421: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:23:38.330429: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330444: | length: 8 (0x8) Aug 26 13:23:38.330452: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330460: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:38.330468: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330483: | length: 8 (0x8) Aug 26 13:23:38.330491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330499: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:38.330507: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330522: | length: 8 (0x8) Aug 26 13:23:38.330530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330538: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:38.330546: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330561: | length: 8 (0x8) Aug 26 13:23:38.330569: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330577: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:38.330585: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330600: | length: 8 (0x8) Aug 26 13:23:38.330608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330616: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:38.330624: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330639: | length: 8 (0x8) Aug 26 13:23:38.330647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330655: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:38.330663: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330671: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.330678: | length: 8 (0x8) Aug 26 13:23:38.330686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330694: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:38.330706: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:23:38.330720: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:23:38.330729: | remote proposal 1 matches local proposal 1 Aug 26 13:23:38.330738: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.330746: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.330753: | length: 100 (0x64) Aug 26 13:23:38.330770: | prop #: 2 (0x2) Aug 26 13:23:38.330778: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:38.330786: | spi size: 0 (0x0) Aug 26 13:23:38.330793: | # transforms: 11 (0xb) Aug 26 13:23:38.330804: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.330812: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330828: | length: 12 (0xc) Aug 26 13:23:38.330836: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.330843: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.330851: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.330859: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.330867: | length/value: 128 (0x80) Aug 26 13:23:38.330876: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330891: | length: 8 (0x8) Aug 26 13:23:38.330899: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.330907: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:38.330915: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330923: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330930: | length: 8 (0x8) Aug 26 13:23:38.330938: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.330946: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:38.330954: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.330962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.330969: | length: 8 (0x8) Aug 26 13:23:38.330976: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.330984: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.330993: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331008: | length: 8 (0x8) Aug 26 13:23:38.331015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331023: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:38.331032: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331046: | length: 8 (0x8) Aug 26 13:23:38.331054: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331062: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:38.331070: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331085: | length: 8 (0x8) Aug 26 13:23:38.331093: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331101: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:38.331109: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331117: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331124: | length: 8 (0x8) Aug 26 13:23:38.331132: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331140: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:38.331148: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331163: | length: 8 (0x8) Aug 26 13:23:38.331170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331178: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:38.331187: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331202: | length: 8 (0x8) Aug 26 13:23:38.331209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331217: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:38.331225: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331233: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.331244: | length: 8 (0x8) Aug 26 13:23:38.331252: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331260: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:38.331271: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:23:38.331280: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:23:38.331298: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.331307: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.331314: | length: 116 (0x74) Aug 26 13:23:38.331322: | prop #: 3 (0x3) Aug 26 13:23:38.331329: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:38.331336: | spi size: 0 (0x0) Aug 26 13:23:38.331344: | # transforms: 13 (0xd) Aug 26 13:23:38.331358: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.331366: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331373: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331381: | length: 12 (0xc) Aug 26 13:23:38.331389: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.331396: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:38.331404: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.331412: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.331420: | length/value: 256 (0x100) Aug 26 13:23:38.331429: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331444: | length: 8 (0x8) Aug 26 13:23:38.331452: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.331460: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:38.331468: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331483: | length: 8 (0x8) Aug 26 13:23:38.331491: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.331499: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:38.331507: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331522: | length: 8 (0x8) Aug 26 13:23:38.331530: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.331538: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:38.331546: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331561: | length: 8 (0x8) Aug 26 13:23:38.331569: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.331577: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:38.331586: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331600: | length: 8 (0x8) Aug 26 13:23:38.331608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331616: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.331624: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331639: | length: 8 (0x8) Aug 26 13:23:38.331647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331655: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:38.331663: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331678: | length: 8 (0x8) Aug 26 13:23:38.331685: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331693: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:38.331702: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331717: | length: 8 (0x8) Aug 26 13:23:38.331724: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331736: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:38.331745: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331760: | length: 8 (0x8) Aug 26 13:23:38.331768: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331776: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:38.331784: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331799: | length: 8 (0x8) Aug 26 13:23:38.331807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331814: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:38.331823: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331830: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331838: | length: 8 (0x8) Aug 26 13:23:38.331845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331853: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:38.331861: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331869: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.331877: | length: 8 (0x8) Aug 26 13:23:38.331884: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.331892: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:38.331904: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:23:38.331913: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:23:38.331921: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.331929: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:38.331937: | length: 116 (0x74) Aug 26 13:23:38.331944: | prop #: 4 (0x4) Aug 26 13:23:38.331952: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:38.331959: | spi size: 0 (0x0) Aug 26 13:23:38.331966: | # transforms: 13 (0xd) Aug 26 13:23:38.331976: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.331984: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.331992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.331999: | length: 12 (0xc) Aug 26 13:23:38.332007: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.332015: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:38.332023: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.332030: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.332038: | length/value: 128 (0x80) Aug 26 13:23:38.332047: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332062: | length: 8 (0x8) Aug 26 13:23:38.332069: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.332077: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:38.332086: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332101: | length: 8 (0x8) Aug 26 13:23:38.332108: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.332116: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:38.332124: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332139: | length: 8 (0x8) Aug 26 13:23:38.332147: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.332155: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:38.332163: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332178: | length: 8 (0x8) Aug 26 13:23:38.332186: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.332194: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:38.332205: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332221: | length: 8 (0x8) Aug 26 13:23:38.332228: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332236: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.332245: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332252: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332259: | length: 8 (0x8) Aug 26 13:23:38.332267: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332275: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:38.332283: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332320: | length: 8 (0x8) Aug 26 13:23:38.332333: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332346: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:38.332360: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332377: | length: 8 (0x8) Aug 26 13:23:38.332384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332392: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:38.332400: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332415: | length: 8 (0x8) Aug 26 13:23:38.332423: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332431: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:38.332439: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332454: | length: 8 (0x8) Aug 26 13:23:38.332462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332470: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:38.332478: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.332493: | length: 8 (0x8) Aug 26 13:23:38.332501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332509: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:38.332517: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.332525: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.332532: | length: 8 (0x8) Aug 26 13:23:38.332540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.332548: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:38.332559: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:23:38.332569: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:23:38.332583: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:23:38.332597: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:23:38.332605: | converting proposal to internal trans attrs Aug 26 13:23:38.332617: | natd_hash: rcookie is zero Aug 26 13:23:38.332652: | natd_hash: hasher=0x55d8a53c8800(20) Aug 26 13:23:38.332662: | natd_hash: icookie= 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.332670: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:38.332677: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:38.332685: | natd_hash: port=500 Aug 26 13:23:38.332693: | natd_hash: hash= 99 43 7c 29 b9 86 e6 0e 7d 65 bf 33 2b 05 9d 3d Aug 26 13:23:38.332700: | natd_hash: hash= 83 bb 7e e4 Aug 26 13:23:38.332708: | natd_hash: rcookie is zero Aug 26 13:23:38.332725: | natd_hash: hasher=0x55d8a53c8800(20) Aug 26 13:23:38.332733: | natd_hash: icookie= 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.332740: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:38.332748: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:38.332755: | natd_hash: port=500 Aug 26 13:23:38.332762: | natd_hash: hash= a7 71 13 b5 72 94 09 68 b3 09 35 71 c5 41 e2 6c Aug 26 13:23:38.332770: | natd_hash: hash= 0a a9 05 aa Aug 26 13:23:38.332778: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:23:38.332785: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:23:38.332793: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:23:38.332803: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Aug 26 13:23:38.332822: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:23:38.332833: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d8a6750338 Aug 26 13:23:38.332845: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:38.332855: | libevent_malloc: new ptr-libevent@0x55d8a6754578 size 128 Aug 26 13:23:38.332888: | #1 spent 3.25 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:23:38.332911: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:38.332922: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:23:38.332930: | suspending state #1 and saving MD Aug 26 13:23:38.332938: | #1 is busy; has a suspended MD Aug 26 13:23:38.332951: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:23:38.332962: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:23:38.332976: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:38.333004: | #1 spent 4.99 milliseconds in ikev2_process_packet() Aug 26 13:23:38.332964: | crypto helper 0 resuming Aug 26 13:23:38.333066: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:23:38.333085: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:23:38.333022: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:23:38.333114: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:38.333128: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:38.333143: | spent 5.11 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:38.335814: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.002728 seconds Aug 26 13:23:38.335855: | (#1) spent 2.73 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:23:38.335867: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:23:38.335877: | scheduling resume sending helper answer for #1 Aug 26 13:23:38.335888: | libevent_malloc: new ptr-libevent@0x7f01d8002888 size 128 Aug 26 13:23:38.335912: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:38.335990: | processing resume sending helper answer for #1 Aug 26 13:23:38.336034: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:23:38.336051: | crypto helper 0 replies to request ID 1 Aug 26 13:23:38.336060: | calling continuation function 0x55d8a52f3b50 Aug 26 13:23:38.336079: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:23:38.336193: | **emit ISAKMP Message: Aug 26 13:23:38.336204: | initiator cookie: Aug 26 13:23:38.336212: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.336220: | responder cookie: Aug 26 13:23:38.336227: | 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.336236: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:38.336245: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:38.336253: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:38.336262: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:38.336271: | Message ID: 0 (0x0) Aug 26 13:23:38.336280: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:38.336327: | Emitting ikev2_proposal ... Aug 26 13:23:38.336357: | ***emit IKEv2 Security Association Payload: Aug 26 13:23:38.336373: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.336386: | flags: none (0x0) Aug 26 13:23:38.336402: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:38.336418: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.336432: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.336443: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:38.336451: | prop #: 1 (0x1) Aug 26 13:23:38.336459: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:38.336467: | spi size: 0 (0x0) Aug 26 13:23:38.336475: | # transforms: 3 (0x3) Aug 26 13:23:38.336485: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:38.336494: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:38.336503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.336511: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.336519: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.336529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:38.336538: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.336547: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.336555: | length/value: 256 (0x100) Aug 26 13:23:38.336564: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:38.336572: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:38.336580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.336588: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:38.336596: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:38.336607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.336617: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:38.336625: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:38.336633: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:38.336641: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.336649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:38.336657: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.336667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.336676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:38.336684: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:38.336693: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:23:38.336709: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:38.336717: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:23:38.336726: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:38.336737: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:23:38.336745: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.336753: | flags: none (0x0) Aug 26 13:23:38.336761: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:38.336772: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:23:38.336781: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.336792: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:23:38.336801: | ikev2 g^x 45 e0 c6 09 4e 0b e3 09 0e 91 07 5b 42 7e e3 8f Aug 26 13:23:38.336809: | ikev2 g^x e7 26 0b 02 1e 7d a5 ff 49 42 0a 65 73 2c 13 1e Aug 26 13:23:38.336817: | ikev2 g^x 9c 4d ef d1 57 4a 09 c8 ac 9b 42 90 ef 4b 64 5e Aug 26 13:23:38.336824: | ikev2 g^x 0a c4 0e ef 14 00 f4 f9 8b 28 f2 83 30 c9 7b f5 Aug 26 13:23:38.336832: | ikev2 g^x 1b 3b ec 1f b1 ee 59 20 78 9c bc 39 f1 f0 ca ed Aug 26 13:23:38.336839: | ikev2 g^x aa de 48 50 ca 7e ee 15 5c 41 3b a2 8a aa fd e8 Aug 26 13:23:38.336847: | ikev2 g^x 07 91 20 96 f0 c4 3a 29 31 63 9a 63 cd f2 8e da Aug 26 13:23:38.336854: | ikev2 g^x f6 ca 95 0b 4a 75 db dc 14 7f 41 c7 fd 2f d9 87 Aug 26 13:23:38.336862: | ikev2 g^x f0 34 37 0d a3 74 51 a5 a4 36 3a b2 8e b2 19 2c Aug 26 13:23:38.336869: | ikev2 g^x 19 bd d9 15 99 cc 95 fb 2b 22 be 82 fb 59 b2 aa Aug 26 13:23:38.336876: | ikev2 g^x 05 c1 65 21 57 66 71 cd 76 23 0a 5f c2 44 c8 4c Aug 26 13:23:38.336884: | ikev2 g^x 85 84 be 20 97 e1 92 5a 0b c6 28 56 9e 0a d4 ff Aug 26 13:23:38.336891: | ikev2 g^x fa f1 66 95 5b 25 cc 7b 00 9e bb 53 db 9c db bd Aug 26 13:23:38.336899: | ikev2 g^x 3e 2c 9b 77 3a 47 8f c2 09 86 5d c3 7f 65 64 e9 Aug 26 13:23:38.336906: | ikev2 g^x a0 43 30 67 92 d8 e6 2a 35 c6 84 1b 25 6b b0 23 Aug 26 13:23:38.336914: | ikev2 g^x a5 13 12 9d e1 d2 98 0c ed 34 62 e7 89 a5 a8 3f Aug 26 13:23:38.336922: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:23:38.336930: | ***emit IKEv2 Nonce Payload: Aug 26 13:23:38.336939: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:38.336946: | flags: none (0x0) Aug 26 13:23:38.336956: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:23:38.336966: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:23:38.336975: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.336984: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:23:38.336992: | IKEv2 nonce 6f 4c e0 58 ea c8 af 2d d1 f2 b6 6c 3c b5 58 25 Aug 26 13:23:38.337000: | IKEv2 nonce a5 d9 f3 18 72 86 e8 ac 46 a7 6e 05 9e 36 c5 50 Aug 26 13:23:38.337008: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:23:38.337015: | Adding a v2N Payload Aug 26 13:23:38.337023: | ***emit IKEv2 Notify Payload: Aug 26 13:23:38.337031: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.337039: | flags: none (0x0) Aug 26 13:23:38.337047: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.337055: | SPI size: 0 (0x0) Aug 26 13:23:38.337064: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:38.337074: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:38.337082: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.337095: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:23:38.337105: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:23:38.337141: | natd_hash: hasher=0x55d8a53c8800(20) Aug 26 13:23:38.337150: | natd_hash: icookie= 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.337158: | natd_hash: rcookie= 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.337165: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:38.337173: | natd_hash: port=500 Aug 26 13:23:38.337181: | natd_hash: hash= 05 b4 0d 21 ab 6d d7 da 8a fd e4 68 c5 94 d9 1b Aug 26 13:23:38.337189: | natd_hash: hash= cd 33 90 da Aug 26 13:23:38.337196: | Adding a v2N Payload Aug 26 13:23:38.337204: | ***emit IKEv2 Notify Payload: Aug 26 13:23:38.337212: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.337220: | flags: none (0x0) Aug 26 13:23:38.337228: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.337235: | SPI size: 0 (0x0) Aug 26 13:23:38.337244: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:38.337253: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:38.337262: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.337272: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:38.337280: | Notify data 05 b4 0d 21 ab 6d d7 da 8a fd e4 68 c5 94 d9 1b Aug 26 13:23:38.337287: | Notify data cd 33 90 da Aug 26 13:23:38.337320: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:38.337353: | natd_hash: hasher=0x55d8a53c8800(20) Aug 26 13:23:38.337365: | natd_hash: icookie= 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.337373: | natd_hash: rcookie= 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.337380: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:38.337387: | natd_hash: port=500 Aug 26 13:23:38.337395: | natd_hash: hash= d6 82 09 15 fa 5d 3b a7 59 3c 57 b1 f4 e4 a9 32 Aug 26 13:23:38.337403: | natd_hash: hash= 7d 65 91 9f Aug 26 13:23:38.337410: | Adding a v2N Payload Aug 26 13:23:38.337418: | ***emit IKEv2 Notify Payload: Aug 26 13:23:38.337426: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.337434: | flags: none (0x0) Aug 26 13:23:38.337441: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:38.337449: | SPI size: 0 (0x0) Aug 26 13:23:38.337457: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:38.337467: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:38.337476: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.337485: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:38.337493: | Notify data d6 82 09 15 fa 5d 3b a7 59 3c 57 b1 f4 e4 a9 32 Aug 26 13:23:38.337500: | Notify data 7d 65 91 9f Aug 26 13:23:38.337508: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:38.337516: | emitting length of ISAKMP Message: 432 Aug 26 13:23:38.337537: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:38.337549: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:23:38.337558: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:23:38.337569: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:23:38.337578: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:23:38.337594: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:23:38.337608: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:23:38.337622: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:23:38.337643: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:23:38.337660: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:23:38.337679: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.337686: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:23:38.337694: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:23:38.337701: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:23:38.337708: | 04 00 00 0e 28 00 01 08 00 0e 00 00 45 e0 c6 09 Aug 26 13:23:38.337716: | 4e 0b e3 09 0e 91 07 5b 42 7e e3 8f e7 26 0b 02 Aug 26 13:23:38.337723: | 1e 7d a5 ff 49 42 0a 65 73 2c 13 1e 9c 4d ef d1 Aug 26 13:23:38.337731: | 57 4a 09 c8 ac 9b 42 90 ef 4b 64 5e 0a c4 0e ef Aug 26 13:23:38.337740: | 14 00 f4 f9 8b 28 f2 83 30 c9 7b f5 1b 3b ec 1f Aug 26 13:23:38.337751: | b1 ee 59 20 78 9c bc 39 f1 f0 ca ed aa de 48 50 Aug 26 13:23:38.337761: | ca 7e ee 15 5c 41 3b a2 8a aa fd e8 07 91 20 96 Aug 26 13:23:38.337771: | f0 c4 3a 29 31 63 9a 63 cd f2 8e da f6 ca 95 0b Aug 26 13:23:38.337781: | 4a 75 db dc 14 7f 41 c7 fd 2f d9 87 f0 34 37 0d Aug 26 13:23:38.337792: | a3 74 51 a5 a4 36 3a b2 8e b2 19 2c 19 bd d9 15 Aug 26 13:23:38.337802: | 99 cc 95 fb 2b 22 be 82 fb 59 b2 aa 05 c1 65 21 Aug 26 13:23:38.337813: | 57 66 71 cd 76 23 0a 5f c2 44 c8 4c 85 84 be 20 Aug 26 13:23:38.337824: | 97 e1 92 5a 0b c6 28 56 9e 0a d4 ff fa f1 66 95 Aug 26 13:23:38.337836: | 5b 25 cc 7b 00 9e bb 53 db 9c db bd 3e 2c 9b 77 Aug 26 13:23:38.337848: | 3a 47 8f c2 09 86 5d c3 7f 65 64 e9 a0 43 30 67 Aug 26 13:23:38.337859: | 92 d8 e6 2a 35 c6 84 1b 25 6b b0 23 a5 13 12 9d Aug 26 13:23:38.337870: | e1 d2 98 0c ed 34 62 e7 89 a5 a8 3f 29 00 00 24 Aug 26 13:23:38.337882: | 6f 4c e0 58 ea c8 af 2d d1 f2 b6 6c 3c b5 58 25 Aug 26 13:23:38.337893: | a5 d9 f3 18 72 86 e8 ac 46 a7 6e 05 9e 36 c5 50 Aug 26 13:23:38.337905: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:23:38.337918: | 05 b4 0d 21 ab 6d d7 da 8a fd e4 68 c5 94 d9 1b Aug 26 13:23:38.337926: | cd 33 90 da 00 00 00 1c 00 00 40 05 d6 82 09 15 Aug 26 13:23:38.337933: | fa 5d 3b a7 59 3c 57 b1 f4 e4 a9 32 7d 65 91 9f Aug 26 13:23:38.338022: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:38.338038: | libevent_free: release ptr-libevent@0x55d8a6754578 Aug 26 13:23:38.338048: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d8a6750338 Aug 26 13:23:38.338058: | event_schedule: new EVENT_SO_DISCARD-pe@0x55d8a6750338 Aug 26 13:23:38.338070: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:23:38.338080: | libevent_malloc: new ptr-libevent@0x55d8a6755668 size 128 Aug 26 13:23:38.338093: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:23:38.338113: | #1 spent 1.98 milliseconds in resume sending helper answer Aug 26 13:23:38.338129: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:23:38.338139: | libevent_free: release ptr-libevent@0x7f01d8002888 Aug 26 13:23:38.349992: | spent 0.0106 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:38.350084: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:23:38.350104: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.350119: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:23:38.350132: | e8 db 03 98 7a dd 5d 04 18 91 9a 61 a8 23 19 eb Aug 26 13:23:38.350145: | 55 38 06 81 0e eb ef 39 98 e2 71 1b d0 98 e6 e0 Aug 26 13:23:38.350157: | 3c 06 98 70 4e e9 22 3e 6a 07 ca 47 53 fd 99 28 Aug 26 13:23:38.350169: | a4 f5 5a 5b fb 08 b0 fb ae 49 92 0b 1a c7 8a 2a Aug 26 13:23:38.350183: | 21 a3 cf 30 bc f3 40 0d a8 4d 34 53 5e a3 ea c0 Aug 26 13:23:38.350206: | 4c cd 10 2a b7 ef 26 78 a8 72 a7 8b 31 9f 58 49 Aug 26 13:23:38.350220: | b1 8b b9 85 17 5d 13 9c bd ad 10 76 62 41 56 35 Aug 26 13:23:38.350231: | 23 5b 06 ce 4e 30 f6 34 c4 85 4e c9 c7 d6 a0 77 Aug 26 13:23:38.350243: | dd 41 44 9e e3 fd 54 09 7a f2 f3 5e 51 d1 84 d4 Aug 26 13:23:38.350255: | 54 0a bb 3b 6e f1 18 96 2c b9 71 81 35 0f aa 82 Aug 26 13:23:38.350267: | b7 35 53 b0 a7 9b a5 6f 5c 9b ab 61 43 12 3b 6f Aug 26 13:23:38.350281: | 62 8f 60 5a 03 a6 73 81 e0 5e 6f b6 03 da ad 9d Aug 26 13:23:38.350311: | 06 78 45 61 5b 0d e7 c7 cd 52 02 28 e6 bc b4 4c Aug 26 13:23:38.350333: | 1b b0 5e 69 00 e7 4d 37 c5 5e fc 8c 42 78 df 0b Aug 26 13:23:38.350347: | dc 39 8f 15 ac 2b dd 69 20 8e 49 28 a7 16 4c 58 Aug 26 13:23:38.350359: | f3 69 81 22 cb 86 3c b8 9e 49 47 53 37 22 3e 91 Aug 26 13:23:38.350371: | 2a 41 ce 5d 31 6d 8c b5 21 73 45 7c 76 10 56 0b Aug 26 13:23:38.350384: | 56 af 6b 74 3d 80 46 4d d6 70 c6 ed 4b e3 ed 72 Aug 26 13:23:38.350396: | ee e6 b4 d0 18 ed b1 64 12 ee b4 2a 75 2d 43 bf Aug 26 13:23:38.350409: | 6f 70 63 11 72 ec c8 f9 06 5d c1 f1 e7 a1 55 8c Aug 26 13:23:38.350422: | 24 3c c9 0f fe 1c ce a9 96 dd e2 d7 57 Aug 26 13:23:38.350449: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:23:38.350466: | **parse ISAKMP Message: Aug 26 13:23:38.350480: | initiator cookie: Aug 26 13:23:38.350493: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.350506: | responder cookie: Aug 26 13:23:38.350517: | 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.350530: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:23:38.350545: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:38.350558: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:38.350571: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:38.350585: | Message ID: 1 (0x1) Aug 26 13:23:38.350599: | length: 365 (0x16d) Aug 26 13:23:38.350614: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:23:38.350630: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:23:38.350645: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:23:38.350682: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:38.350699: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:23:38.350725: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:23:38.350741: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:23:38.350763: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:23:38.350776: | unpacking clear payload Aug 26 13:23:38.350789: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:23:38.350805: | ***parse IKEv2 Encryption Payload: Aug 26 13:23:38.350819: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:23:38.350833: | flags: none (0x0) Aug 26 13:23:38.350846: | length: 337 (0x151) Aug 26 13:23:38.350859: | processing payload: ISAKMP_NEXT_v2SK (len=333) Aug 26 13:23:38.350882: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:23:38.350898: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:23:38.350913: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:23:38.350926: | Now let's proceed with state specific processing Aug 26 13:23:38.350939: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:23:38.350957: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:23:38.350977: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:23:38.350994: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:23:38.351025: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:23:38.351047: | libevent_free: release ptr-libevent@0x55d8a6755668 Aug 26 13:23:38.351064: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55d8a6750338 Aug 26 13:23:38.351081: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d8a6750338 Aug 26 13:23:38.351099: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:38.351114: | libevent_malloc: new ptr-libevent@0x7f01d8002888 size 128 Aug 26 13:23:38.351158: | #1 spent 0.193 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:23:38.351187: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:38.351202: | crypto helper 2 resuming Aug 26 13:23:38.351208: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:23:38.351265: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:23:38.351273: | suspending state #1 and saving MD Aug 26 13:23:38.351286: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:23:38.351333: | #1 is busy; has a suspended MD Aug 26 13:23:38.351394: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:23:38.351418: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:23:38.351443: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:38.351472: | #1 spent 1.33 milliseconds in ikev2_process_packet() Aug 26 13:23:38.351497: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:23:38.351513: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:38.351531: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:38.351553: | spent 1.42 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:38.353902: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:23:38.355182: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.003895 seconds Aug 26 13:23:38.355217: | (#1) spent 3.87 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:23:38.355228: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:23:38.355238: | scheduling resume sending helper answer for #1 Aug 26 13:23:38.355249: | libevent_malloc: new ptr-libevent@0x7f01d0000f48 size 128 Aug 26 13:23:38.355273: | crypto helper 2 waiting (nothing to do) Aug 26 13:23:38.355348: | processing resume sending helper answer for #1 Aug 26 13:23:38.355399: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:23:38.355417: | crypto helper 2 replies to request ID 2 Aug 26 13:23:38.355426: | calling continuation function 0x55d8a52f3b50 Aug 26 13:23:38.355436: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:23:38.355446: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:23:38.355483: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:23:38.355493: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:23:38.355504: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:23:38.355513: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:23:38.355521: | flags: none (0x0) Aug 26 13:23:38.355530: | length: 12 (0xc) Aug 26 13:23:38.355538: | ID type: ID_FQDN (0x2) Aug 26 13:23:38.355547: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 13:23:38.355555: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:23:38.355563: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:23:38.355571: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:38.355589: | flags: none (0x0) Aug 26 13:23:38.355597: | length: 12 (0xc) Aug 26 13:23:38.355605: | ID type: ID_FQDN (0x2) Aug 26 13:23:38.355613: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:23:38.355621: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:23:38.355629: | **parse IKEv2 Authentication Payload: Aug 26 13:23:38.355637: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:38.355645: | flags: none (0x0) Aug 26 13:23:38.355652: | length: 72 (0x48) Aug 26 13:23:38.355660: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:38.355668: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:23:38.355676: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:38.355684: | **parse IKEv2 Security Association Payload: Aug 26 13:23:38.355691: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:23:38.355699: | flags: none (0x0) Aug 26 13:23:38.355706: | length: 164 (0xa4) Aug 26 13:23:38.355714: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:23:38.355722: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:23:38.355730: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:38.355738: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:23:38.355746: | flags: none (0x0) Aug 26 13:23:38.355753: | length: 24 (0x18) Aug 26 13:23:38.355761: | number of TS: 1 (0x1) Aug 26 13:23:38.355769: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:23:38.355776: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:23:38.355784: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:38.355792: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.355800: | flags: none (0x0) Aug 26 13:23:38.355807: | length: 24 (0x18) Aug 26 13:23:38.355815: | number of TS: 1 (0x1) Aug 26 13:23:38.355822: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:23:38.355831: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:23:38.355839: | Now let's proceed with state specific processing Aug 26 13:23:38.355847: | calling processor Responder: process IKE_AUTH request Aug 26 13:23:38.355864: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:23:38.355883: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:23:38.355893: | received IDr payload - extracting our alleged ID Aug 26 13:23:38.355903: | refine_host_connection for IKEv2: starting with "east" Aug 26 13:23:38.355916: | match_id a=@west Aug 26 13:23:38.355924: | b=@west Aug 26 13:23:38.355931: | results matched Aug 26 13:23:38.355944: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:23:38.355953: | Warning: not switching back to template of current instance Aug 26 13:23:38.355962: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 13:23:38.355970: | This connection's local id is @east (ID_FQDN) Aug 26 13:23:38.355980: | refine_host_connection: checked east against east, now for see if best Aug 26 13:23:38.355990: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.355999: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.356010: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:23:38.356020: | 1: compared key @east to @east / @west -> 010 Aug 26 13:23:38.356029: | 2: compared key @west to @east / @west -> 014 Aug 26 13:23:38.356037: | line 1: match=014 Aug 26 13:23:38.356047: | match 014 beats previous best_match 000 match=0x55d8a66a7b58 (line=1) Aug 26 13:23:38.356056: | concluding with best_match=014 best=0x55d8a66a7b58 (lineno=1) Aug 26 13:23:38.356064: | returning because exact peer id match Aug 26 13:23:38.356073: | offered CA: '%none' Aug 26 13:23:38.356083: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Aug 26 13:23:38.356158: | verifying AUTH payload Aug 26 13:23:38.356180: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 13:23:38.356191: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.356200: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.356209: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:23:38.356219: | 1: compared key @east to @east / @west -> 010 Aug 26 13:23:38.356227: | 2: compared key @west to @east / @west -> 014 Aug 26 13:23:38.356234: | line 1: match=014 Aug 26 13:23:38.356243: | match 014 beats previous best_match 000 match=0x55d8a66a7b58 (line=1) Aug 26 13:23:38.356252: | concluding with best_match=014 best=0x55d8a66a7b58 (lineno=1) Aug 26 13:23:38.356464: "east" #1: Authenticated using authby=secret Aug 26 13:23:38.356489: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:23:38.356504: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key) Aug 26 13:23:38.356513: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:38.356524: | libevent_free: release ptr-libevent@0x7f01d8002888 Aug 26 13:23:38.356534: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d8a6750338 Aug 26 13:23:38.356543: | event_schedule: new EVENT_SA_REKEY-pe@0x55d8a6750338 Aug 26 13:23:38.356555: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1 Aug 26 13:23:38.356565: | libevent_malloc: new ptr-libevent@0x55d8a6755668 size 128 Aug 26 13:23:38.356873: | pstats #1 ikev2.ike established Aug 26 13:23:38.356903: | **emit ISAKMP Message: Aug 26 13:23:38.356913: | initiator cookie: Aug 26 13:23:38.356921: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:23:38.356929: | responder cookie: Aug 26 13:23:38.356936: | 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.356945: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:38.356954: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:38.356962: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:38.356971: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:38.356979: | Message ID: 1 (0x1) Aug 26 13:23:38.356989: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:38.356999: | IKEv2 CERT: send a certificate? Aug 26 13:23:38.357008: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:23:38.357017: | ***emit IKEv2 Encryption Payload: Aug 26 13:23:38.357025: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.357033: | flags: none (0x0) Aug 26 13:23:38.357043: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:23:38.357053: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.357063: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:23:38.357086: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:23:38.357128: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:23:38.357138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.357146: | flags: none (0x0) Aug 26 13:23:38.357155: | ID type: ID_FQDN (0x2) Aug 26 13:23:38.357165: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:23:38.357175: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.357185: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:23:38.357193: | my identity 65 61 73 74 Aug 26 13:23:38.357202: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:23:38.357226: | assembled IDr payload Aug 26 13:23:38.357234: | CHILD SA proposals received Aug 26 13:23:38.357242: | going to assemble AUTH payload Aug 26 13:23:38.357251: | ****emit IKEv2 Authentication Payload: Aug 26 13:23:38.357267: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:38.357275: | flags: none (0x0) Aug 26 13:23:38.357283: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:38.357330: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:23:38.357358: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:23:38.357375: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.357391: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 13:23:38.357409: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.357424: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:23:38.357440: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:23:38.357455: | 1: compared key @east to @east / @west -> 010 Aug 26 13:23:38.357470: | 2: compared key @west to @east / @west -> 014 Aug 26 13:23:38.357482: | line 1: match=014 Aug 26 13:23:38.357496: | match 014 beats previous best_match 000 match=0x55d8a66a7b58 (line=1) Aug 26 13:23:38.357509: | concluding with best_match=014 best=0x55d8a66a7b58 (lineno=1) Aug 26 13:23:38.357684: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:23:38.357696: | PSK auth 56 1f 3f 6a c6 6a b8 65 ab 17 39 86 90 d3 69 b5 Aug 26 13:23:38.357704: | PSK auth 13 60 b4 69 d0 7d 7b 5e 1f 56 3f 7b 7a 49 81 7f Aug 26 13:23:38.357712: | PSK auth 5b 80 a7 4f c5 8f 2d 87 15 27 e1 08 da 04 0d 41 Aug 26 13:23:38.357720: | PSK auth 1b 7e cc 57 90 06 9c 8a ba a5 72 6c ce b3 72 68 Aug 26 13:23:38.357729: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:23:38.357744: | creating state object #2 at 0x55d8a6756388 Aug 26 13:23:38.357752: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:23:38.357764: | pstats #2 ikev2.child started Aug 26 13:23:38.357773: | duplicating state object #1 "east" as #2 for IPSEC SA Aug 26 13:23:38.357789: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:23:38.357808: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:38.357823: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:23:38.357837: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:23:38.357847: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:23:38.357856: | TSi: parsing 1 traffic selectors Aug 26 13:23:38.357865: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:38.357874: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:38.357882: | IP Protocol ID: 0 (0x0) Aug 26 13:23:38.357890: | length: 16 (0x10) Aug 26 13:23:38.357898: | start port: 0 (0x0) Aug 26 13:23:38.357906: | end port: 65535 (0xffff) Aug 26 13:23:38.357915: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:38.357923: | TS low c0 00 01 00 Aug 26 13:23:38.357932: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:38.357940: | TS high c0 00 01 ff Aug 26 13:23:38.357948: | TSi: parsed 1 traffic selectors Aug 26 13:23:38.357956: | TSr: parsing 1 traffic selectors Aug 26 13:23:38.357964: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:38.357972: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:38.357979: | IP Protocol ID: 0 (0x0) Aug 26 13:23:38.357987: | length: 16 (0x10) Aug 26 13:23:38.357994: | start port: 0 (0x0) Aug 26 13:23:38.358002: | end port: 65535 (0xffff) Aug 26 13:23:38.358010: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:38.358025: | TS low c0 00 02 00 Aug 26 13:23:38.358034: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:38.358041: | TS high c0 00 02 ff Aug 26 13:23:38.358049: | TSr: parsed 1 traffic selectors Aug 26 13:23:38.358056: | looking for best SPD in current connection Aug 26 13:23:38.358074: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:23:38.358089: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:38.358108: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:23:38.358118: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:23:38.358127: | TSi[0] port match: YES fitness 65536 Aug 26 13:23:38.358136: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:23:38.358145: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:38.358159: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:38.358174: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:23:38.358183: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:23:38.358191: | TSr[0] port match: YES fitness 65536 Aug 26 13:23:38.358199: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:23:38.358208: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:38.358216: | best fit so far: TSi[0] TSr[0] Aug 26 13:23:38.358225: | found better spd route for TSi[0],TSr[0] Aug 26 13:23:38.358232: | looking for better host pair Aug 26 13:23:38.358248: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:23:38.358261: | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found Aug 26 13:23:38.358269: | investigating connection "east" as a better match Aug 26 13:23:38.358279: | match_id a=@west Aug 26 13:23:38.358287: | b=@west Aug 26 13:23:38.358320: | results matched Aug 26 13:23:38.358336: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:23:38.358349: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:38.358364: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:23:38.358373: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:23:38.358381: | TSi[0] port match: YES fitness 65536 Aug 26 13:23:38.358390: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:23:38.358398: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:38.358411: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:38.358426: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:23:38.358435: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:23:38.358443: | TSr[0] port match: YES fitness 65536 Aug 26 13:23:38.358451: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:23:38.358460: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:38.358468: | best fit so far: TSi[0] TSr[0] Aug 26 13:23:38.358475: | did not find a better connection using host pair Aug 26 13:23:38.358483: | printing contents struct traffic_selector Aug 26 13:23:38.358491: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:23:38.358499: | ipprotoid: 0 Aug 26 13:23:38.358506: | port range: 0-65535 Aug 26 13:23:38.358518: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:23:38.358525: | printing contents struct traffic_selector Aug 26 13:23:38.358533: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:23:38.358540: | ipprotoid: 0 Aug 26 13:23:38.358547: | port range: 0-65535 Aug 26 13:23:38.358558: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:23:38.358570: | constructing ESP/AH proposals with all DH removed for east (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:23:38.358597: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:23:38.358616: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:38.358625: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:23:38.358638: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:38.358648: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:38.358661: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:38.358671: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:38.358683: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:38.358705: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:38.358717: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:23:38.358733: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:38.358742: | local proposal 1 type PRF has 0 transforms Aug 26 13:23:38.358751: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:38.358758: | local proposal 1 type DH has 1 transforms Aug 26 13:23:38.358766: | local proposal 1 type ESN has 1 transforms Aug 26 13:23:38.358777: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:38.358785: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:38.358793: | local proposal 2 type PRF has 0 transforms Aug 26 13:23:38.358801: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:38.358809: | local proposal 2 type DH has 1 transforms Aug 26 13:23:38.358816: | local proposal 2 type ESN has 1 transforms Aug 26 13:23:38.358825: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:38.358833: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:38.358841: | local proposal 3 type PRF has 0 transforms Aug 26 13:23:38.358849: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:38.358857: | local proposal 3 type DH has 1 transforms Aug 26 13:23:38.358864: | local proposal 3 type ESN has 1 transforms Aug 26 13:23:38.358873: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:38.358881: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:38.358889: | local proposal 4 type PRF has 0 transforms Aug 26 13:23:38.358897: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:38.358905: | local proposal 4 type DH has 1 transforms Aug 26 13:23:38.358913: | local proposal 4 type ESN has 1 transforms Aug 26 13:23:38.358922: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:38.358931: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.358940: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.358948: | length: 32 (0x20) Aug 26 13:23:38.358956: | prop #: 1 (0x1) Aug 26 13:23:38.358965: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:38.358972: | spi size: 4 (0x4) Aug 26 13:23:38.358980: | # transforms: 2 (0x2) Aug 26 13:23:38.358990: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:38.358998: | remote SPI e1 8b 2b 04 Aug 26 13:23:38.359008: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:23:38.359018: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359034: | length: 12 (0xc) Aug 26 13:23:38.359046: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.359054: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.359063: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.359072: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.359080: | length/value: 256 (0x100) Aug 26 13:23:38.359093: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:38.359102: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359110: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.359118: | length: 8 (0x8) Aug 26 13:23:38.359126: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:38.359134: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:38.359145: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:23:38.359155: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:23:38.359164: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:23:38.359174: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:23:38.359185: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:23:38.359198: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:23:38.359206: | remote proposal 1 matches local proposal 1 Aug 26 13:23:38.359215: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.359223: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.359231: | length: 32 (0x20) Aug 26 13:23:38.359238: | prop #: 2 (0x2) Aug 26 13:23:38.359246: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:38.359254: | spi size: 4 (0x4) Aug 26 13:23:38.359261: | # transforms: 2 (0x2) Aug 26 13:23:38.359271: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:38.359278: | remote SPI e1 8b 2b 04 Aug 26 13:23:38.359300: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.359314: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359330: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359338: | length: 12 (0xc) Aug 26 13:23:38.359346: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.359354: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.359362: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.359370: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.359377: | length/value: 128 (0x80) Aug 26 13:23:38.359387: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359395: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.359402: | length: 8 (0x8) Aug 26 13:23:38.359410: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:38.359418: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:38.359429: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:23:38.359438: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:23:38.359446: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.359454: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:38.359462: | length: 48 (0x30) Aug 26 13:23:38.359469: | prop #: 3 (0x3) Aug 26 13:23:38.359477: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:38.359484: | spi size: 4 (0x4) Aug 26 13:23:38.359491: | # transforms: 4 (0x4) Aug 26 13:23:38.359501: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:38.359508: | remote SPI e1 8b 2b 04 Aug 26 13:23:38.359517: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.359525: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359547: | length: 12 (0xc) Aug 26 13:23:38.359555: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.359563: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:38.359571: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.359578: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.359586: | length/value: 256 (0x100) Aug 26 13:23:38.359595: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359610: | length: 8 (0x8) Aug 26 13:23:38.359618: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.359626: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:38.359635: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359650: | length: 8 (0x8) Aug 26 13:23:38.359658: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.359666: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:38.359674: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359682: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.359690: | length: 8 (0x8) Aug 26 13:23:38.359698: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:38.359705: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:38.359716: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:23:38.359725: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:23:38.359733: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.359741: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:38.359748: | length: 48 (0x30) Aug 26 13:23:38.359756: | prop #: 4 (0x4) Aug 26 13:23:38.359763: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:38.359771: | spi size: 4 (0x4) Aug 26 13:23:38.359778: | # transforms: 4 (0x4) Aug 26 13:23:38.359787: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:38.359795: | remote SPI e1 8b 2b 04 Aug 26 13:23:38.359804: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:23:38.359812: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359827: | length: 12 (0xc) Aug 26 13:23:38.359835: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.359842: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:38.359850: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.359858: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.359866: | length/value: 128 (0x80) Aug 26 13:23:38.359875: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359890: | length: 8 (0x8) Aug 26 13:23:38.359898: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.359905: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:38.359914: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.359929: | length: 8 (0x8) Aug 26 13:23:38.359937: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:38.359945: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:38.359953: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:38.359961: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.359968: | length: 8 (0x8) Aug 26 13:23:38.359976: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:38.359984: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:38.359994: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:23:38.360003: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:23:38.360029: "east" #1: proposal 1:ESP:SPI=e18b2b04;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:23:38.360044: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e18b2b04;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:23:38.360052: | converting proposal to internal trans attrs Aug 26 13:23:38.360107: | netlink_get_spi: allocated 0x88a33b60 for esp.0@192.1.2.23 Aug 26 13:23:38.360117: | Emitting ikev2_proposal ... Aug 26 13:23:38.360126: | ****emit IKEv2 Security Association Payload: Aug 26 13:23:38.360134: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.360142: | flags: none (0x0) Aug 26 13:23:38.360154: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:38.360163: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.360173: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:38.360181: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:38.360189: | prop #: 1 (0x1) Aug 26 13:23:38.360196: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:38.360204: | spi size: 4 (0x4) Aug 26 13:23:38.360211: | # transforms: 2 (0x2) Aug 26 13:23:38.360221: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:38.360231: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:38.360239: | our spi 88 a3 3b 60 Aug 26 13:23:38.360248: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:38.360255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.360263: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:38.360271: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:38.360281: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:38.360305: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:38.360322: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:38.360331: | length/value: 256 (0x100) Aug 26 13:23:38.360340: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:38.360349: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:38.360357: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:38.360365: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:38.360372: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:38.360383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:38.360392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:38.360401: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:38.360409: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:38.360419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:38.360427: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:23:38.360436: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:38.360445: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:38.360453: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.360461: | flags: none (0x0) Aug 26 13:23:38.360468: | number of TS: 1 (0x1) Aug 26 13:23:38.360485: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:23:38.360495: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.360503: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:38.360512: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:38.360519: | IP Protocol ID: 0 (0x0) Aug 26 13:23:38.360527: | start port: 0 (0x0) Aug 26 13:23:38.360535: | end port: 65535 (0xffff) Aug 26 13:23:38.360545: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:38.360552: | ipv4 start c0 00 01 00 Aug 26 13:23:38.360561: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:38.360569: | ipv4 end c0 00 01 ff Aug 26 13:23:38.360577: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:38.360585: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:23:38.360593: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:38.360601: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:38.360608: | flags: none (0x0) Aug 26 13:23:38.360616: | number of TS: 1 (0x1) Aug 26 13:23:38.360626: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:23:38.360635: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:38.360643: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:38.360651: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:38.360658: | IP Protocol ID: 0 (0x0) Aug 26 13:23:38.360666: | start port: 0 (0x0) Aug 26 13:23:38.360673: | end port: 65535 (0xffff) Aug 26 13:23:38.360682: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:38.360690: | ipv4 start c0 00 02 00 Aug 26 13:23:38.360698: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:38.360705: | ipv4 end c0 00 02 ff Aug 26 13:23:38.360713: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:38.360721: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:23:38.360729: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:23:38.360740: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:23:38.361189: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:23:38.361214: | #1 spent 5.28 milliseconds Aug 26 13:23:38.361224: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:23:38.361233: | could_route called for east (kind=CK_PERMANENT) Aug 26 13:23:38.361241: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:38.361251: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:23:38.361260: | conn east mark 0/00000000, 0/00000000 Aug 26 13:23:38.361272: | route owner of "east" unrouted: NULL; eroute owner: NULL Aug 26 13:23:38.361283: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:38.361309: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:38.361325: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:38.361334: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:38.361348: | setting IPsec SA replay-window to 32 Aug 26 13:23:38.361357: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:23:38.361366: | netlink: enabling tunnel mode Aug 26 13:23:38.361375: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:38.361384: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:38.361551: | netlink response for Add SA esp.e18b2b04@192.1.2.45 included non-error error Aug 26 13:23:38.361565: | set up outgoing SA, ref=0/0 Aug 26 13:23:38.361582: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:38.361592: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:38.361600: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:38.361609: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:38.361619: | setting IPsec SA replay-window to 32 Aug 26 13:23:38.361628: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:23:38.361636: | netlink: enabling tunnel mode Aug 26 13:23:38.361644: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:38.361652: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:38.361772: | netlink response for Add SA esp.88a33b60@192.1.2.23 included non-error error Aug 26 13:23:38.361787: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:23:38.361807: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:23:38.361817: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:38.361885: | raw_eroute result=success Aug 26 13:23:38.361897: | set up incoming SA, ref=0/0 Aug 26 13:23:38.361905: | sr for #2: unrouted Aug 26 13:23:38.361914: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:23:38.361923: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:38.361932: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:23:38.361940: | conn east mark 0/00000000, 0/00000000 Aug 26 13:23:38.361951: | route owner of "east" unrouted: NULL; eroute owner: NULL Aug 26 13:23:38.361962: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:23:38.361971: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:23:38.361992: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Aug 26 13:23:38.362001: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:38.362035: | raw_eroute result=success Aug 26 13:23:38.362046: | running updown command "ipsec _updown" for verb up Aug 26 13:23:38.362055: | command executing up-client Aug 26 13:23:38.362132: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe18b2b04 SPI_OUT=0x88a Aug 26 13:23:38.362144: | popen cmd is 1020 chars long Aug 26 13:23:38.362154: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: Aug 26 13:23:38.362163: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : Aug 26 13:23:38.362171: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: Aug 26 13:23:38.362180: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Aug 26 13:23:38.362188: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: Aug 26 13:23:38.362196: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': Aug 26 13:23:38.362204: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Aug 26 13:23:38.362219: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: Aug 26 13:23:38.362227: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Aug 26 13:23:38.362236: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Aug 26 13:23:38.362244: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Aug 26 13:23:38.362252: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: Aug 26 13:23:38.362260: | cmd( 960):'no' SPI_IN=0xe18b2b04 SPI_OUT=0x88a33b60 ipsec _updown 2>&1: Aug 26 13:23:38.389092: | route_and_eroute: firewall_notified: true Aug 26 13:23:38.389120: | running updown command "ipsec _updown" for verb prepare Aug 26 13:23:38.389127: | command executing prepare-client Aug 26 13:23:38.389176: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe18b2b04 SPI Aug 26 13:23:38.389182: | popen cmd is 1025 chars long Aug 26 13:23:38.389187: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: Aug 26 13:23:38.389192: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: Aug 26 13:23:38.389196: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: Aug 26 13:23:38.389200: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:23:38.389204: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_: Aug 26 13:23:38.389209: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M: Aug 26 13:23:38.389213: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Aug 26 13:23:38.389217: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Aug 26 13:23:38.389221: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : Aug 26 13:23:38.389225: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Aug 26 13:23:38.389229: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Aug 26 13:23:38.389233: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: Aug 26 13:23:38.389237: | cmd( 960):ARED='no' SPI_IN=0xe18b2b04 SPI_OUT=0x88a33b60 ipsec _updown 2>&1: Aug 26 13:23:38.403586: | running updown command "ipsec _updown" for verb route Aug 26 13:23:38.403616: | command executing route-client Aug 26 13:23:38.403659: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe18b2b04 SPI_OUT Aug 26 13:23:38.403669: | popen cmd is 1023 chars long Aug 26 13:23:38.403673: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE: Aug 26 13:23:38.403677: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas: Aug 26 13:23:38.403680: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN: Aug 26 13:23:38.403684: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Aug 26 13:23:38.403687: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE: Aug 26 13:23:38.403690: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS: Aug 26 13:23:38.403693: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Aug 26 13:23:38.403697: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Aug 26 13:23:38.403700: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Aug 26 13:23:38.403703: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Aug 26 13:23:38.403706: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Aug 26 13:23:38.403710: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Aug 26 13:23:38.403713: | cmd( 960):ED='no' SPI_IN=0xe18b2b04 SPI_OUT=0x88a33b60 ipsec _updown 2>&1: Aug 26 13:23:38.421166: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55d8a674e678,sr=0x55d8a674e678} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:23:38.421271: | #1 spent 3.36 milliseconds in install_ipsec_sa() Aug 26 13:23:38.421282: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:23:38.421299: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:23:38.421318: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:23:38.421330: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:23:38.421337: | emitting length of IKEv2 Encryption Payload: 197 Aug 26 13:23:38.421343: | emitting length of ISAKMP Message: 225 Aug 26 13:23:38.421401: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:23:38.421418: | #1 spent 8.78 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:23:38.421435: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:38.421449: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:38.421460: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:23:38.421467: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:23:38.421474: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:23:38.421481: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:23:38.421488: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:23:38.421498: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:23:38.421503: | pstats #2 ikev2.child established Aug 26 13:23:38.421514: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 13:23:38.421520: | NAT-T: encaps is 'auto' Aug 26 13:23:38.421526: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe18b2b04 <0x88a33b60 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:23:38.421532: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:23:38.421543: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:23:38.421547: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:23:38.421550: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:23:38.421553: | 6f b0 a7 91 83 58 41 3d da a4 56 ce 3e 5c c9 39 Aug 26 13:23:38.421556: | 4c 84 22 27 8d 35 fb 2e d0 bd e5 f5 96 f1 62 ba Aug 26 13:23:38.421559: | 7c 5d 07 ef 47 c8 e5 02 ae 1f 08 38 df 1b 39 09 Aug 26 13:23:38.421562: | ce 9d 84 c7 3c 47 a1 1b 08 b5 47 bd d0 c6 a7 e5 Aug 26 13:23:38.421565: | 54 66 a2 30 11 cc fa 04 3f 7e 46 57 13 02 2b 7e Aug 26 13:23:38.421568: | 1d 80 d3 86 32 8a 2c 62 58 a4 c1 8c 25 41 f2 74 Aug 26 13:23:38.421571: | f7 d7 54 45 ef c8 5c 2f 63 02 bf 3a b3 e9 70 fd Aug 26 13:23:38.421574: | 73 08 ab 68 33 1e 4b 10 84 1e b9 8a 51 21 d6 28 Aug 26 13:23:38.421577: | 5a a3 24 ef 30 f4 ee 3d 27 fe ff a0 16 6d 27 5e Aug 26 13:23:38.421580: | 14 dd c7 44 12 7c 54 78 9f b0 cb af 04 ef eb 44 Aug 26 13:23:38.421583: | 28 dc 74 60 65 26 aa 7f 67 e7 3e 85 c6 4c 4e 22 Aug 26 13:23:38.421585: | cb 0a 7b 5c ef fd a9 fb cb b9 7f 67 5f 34 a2 5e Aug 26 13:23:38.421588: | 12 Aug 26 13:23:38.421636: | releasing whack for #2 (sock=fd@-1) Aug 26 13:23:38.421642: | releasing whack and unpending for parent #1 Aug 26 13:23:38.421645: | unpending state #1 connection "east" Aug 26 13:23:38.421651: | #2 will start re-keying in 28 seconds with margin of 2 seconds (attempting re-key) Aug 26 13:23:38.421656: | event_schedule: new EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:23:38.421661: | inserting event EVENT_SA_REKEY, timeout in 28 seconds for #2 Aug 26 13:23:38.421666: | libevent_malloc: new ptr-libevent@0x55d8a67562d8 size 128 Aug 26 13:23:38.421686: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:23:38.421695: | #1 spent 9.48 milliseconds in resume sending helper answer Aug 26 13:23:38.421701: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:23:38.421708: | libevent_free: release ptr-libevent@0x7f01d0000f48 Aug 26 13:23:38.421727: | processing signal PLUTO_SIGCHLD Aug 26 13:23:38.421734: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:38.421740: | spent 0.00681 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:38.421744: | processing signal PLUTO_SIGCHLD Aug 26 13:23:38.421748: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:38.421753: | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:38.421756: | processing signal PLUTO_SIGCHLD Aug 26 13:23:38.421761: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:38.421766: | spent 0.00476 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:57.070339: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:23:57.070379: | expiring aged bare shunts from shunt table Aug 26 13:23:57.070395: | spent 0.0122 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:06.365335: | timer_event_cb: processing event@0x7f01d8002b78 Aug 26 13:24:06.365347: | handling event EVENT_SA_REKEY for child state #2 Aug 26 13:24:06.365354: | start processing: state #2 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:06.365360: | picked newest_ipsec_sa #2 for #2 Aug 26 13:24:06.365362: | rekeying stale CHILD SA Aug 26 13:24:06.365365: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:06.365367: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:06.365370: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:06.365373: | creating state object #3 at 0x55d8a6754728 Aug 26 13:24:06.365376: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:24:06.365385: | pstats #3 ikev2.child started Aug 26 13:24:06.365387: | duplicating state object #1 "east" as #3 for IPSEC SA Aug 26 13:24:06.365391: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:06.365401: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:06.365404: | suspend processing: state #2 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:06.365407: | start processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:06.365410: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:06.365412: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:24:06.365415: | constructing ESP/AH proposals with default DH MODP2048 for east (ESP/AH initiator emitting proposals) Aug 26 13:24:06.365418: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:24:06.365423: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.365425: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:24:06.365427: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.365429: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:06.365432: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.365434: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:06.365436: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.365441: "east": constructed local ESP/AH proposals for east (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.365445: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:24:06.365448: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d8a6759dd8 Aug 26 13:24:06.365450: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:24:06.365453: | libevent_malloc: new ptr-libevent@0x7f01d0000f48 size 128 Aug 26 13:24:06.365456: | RESET processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:06.365458: | scheduling drop-dead replace event for #2 Aug 26 13:24:06.365460: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d8a6754668 Aug 26 13:24:06.365463: | inserting event EVENT_SA_REPLACE, timeout in 2.056291 seconds for #2 Aug 26 13:24:06.365464: | libevent_malloc: new ptr-libevent@0x55d8a6752248 size 128 Aug 26 13:24:06.365467: | libevent_free: release ptr-libevent@0x55d8a67562d8 Aug 26 13:24:06.365469: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:24:06.365473: | #2 spent 0.14 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:06.365475: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:06.365480: | timer_event_cb: processing event@0x55d8a6759dd8 Aug 26 13:24:06.365483: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:24:06.365486: | start processing: state #3 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:06.365491: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:24:06.365493: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:06.365495: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:06.365497: | libevent_malloc: new ptr-libevent@0x55d8a67562d8 size 128 Aug 26 13:24:06.365502: | libevent_free: release ptr-libevent@0x7f01d0000f48 Aug 26 13:24:06.365504: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d8a6759dd8 Aug 26 13:24:06.365507: | #3 spent 0.0266 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:06.365511: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) Aug 26 13:24:06.365539: | crypto helper 3 resuming Aug 26 13:24:06.365548: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:24:06.365552: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:24:06.366112: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.00056 seconds Aug 26 13:24:06.366118: | (#3) spent 0.566 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:06.366120: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:24:06.366122: | scheduling resume sending helper answer for #3 Aug 26 13:24:06.366125: | libevent_malloc: new ptr-libevent@0x7f01d4002888 size 128 Aug 26 13:24:06.366127: | libevent_realloc: release ptr-libevent@0x55d8a67303e8 Aug 26 13:24:06.366129: | libevent_realloc: new ptr-libevent@0x7f01d40027d8 size 128 Aug 26 13:24:06.366135: | crypto helper 3 waiting (nothing to do) Aug 26 13:24:06.366145: | processing resume sending helper answer for #3 Aug 26 13:24:06.366155: | start processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:24:06.366160: | crypto helper 3 replies to request ID 3 Aug 26 13:24:06.366163: | calling continuation function 0x55d8a52f3b50 Aug 26 13:24:06.366168: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:06.366171: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:06.366175: | libevent_free: release ptr-libevent@0x55d8a67562d8 Aug 26 13:24:06.366178: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:06.366181: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f01d8002b78 Aug 26 13:24:06.366185: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:24:06.366188: | libevent_malloc: new ptr-libevent@0x55d8a67562d8 size 128 Aug 26 13:24:06.366194: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:06.366197: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:06.366200: | libevent_malloc: new ptr-libevent@0x7f01d0000f48 size 128 Aug 26 13:24:06.366206: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:06.366210: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:06.366213: | suspending state #3 and saving MD Aug 26 13:24:06.366216: | #3 is busy; has a suspended MD Aug 26 13:24:06.366221: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:06.366224: | "east" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:06.366229: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:24:06.366234: | #3 spent 0.073 milliseconds in resume sending helper answer Aug 26 13:24:06.366241: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:24:06.366245: | libevent_free: release ptr-libevent@0x7f01d4002888 Aug 26 13:24:06.366251: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:06.366255: | start processing: state #1 connection "east" from 192.1.2.45:500 (in callback_handler() at server.c:904) Aug 26 13:24:06.366259: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:06.366262: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:06.366265: | start processing: state #3 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:06.366285: | **emit ISAKMP Message: Aug 26 13:24:06.366287: | initiator cookie: Aug 26 13:24:06.366310: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:06.366312: | responder cookie: Aug 26 13:24:06.366314: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:06.366316: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:06.366318: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:06.366320: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:06.366322: | flags: none (0x0) Aug 26 13:24:06.366324: | Message ID: 0 (0x0) Aug 26 13:24:06.366326: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:06.366328: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:06.366330: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366332: | flags: none (0x0) Aug 26 13:24:06.366334: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:06.366336: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366338: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:06.366369: | netlink_get_spi: allocated 0x3c6bc9ad for esp.0@192.1.2.23 Aug 26 13:24:06.366372: | Emitting ikev2_proposals ... Aug 26 13:24:06.366374: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:06.366375: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366377: | flags: none (0x0) Aug 26 13:24:06.366379: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:06.366381: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366382: | discarding INTEG=NONE Aug 26 13:24:06.366384: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:06.366386: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366388: | prop #: 1 (0x1) Aug 26 13:24:06.366389: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:06.366391: | spi size: 4 (0x4) Aug 26 13:24:06.366392: | # transforms: 3 (0x3) Aug 26 13:24:06.366394: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:06.366396: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:06.366398: | our spi 3c 6b c9 ad Aug 26 13:24:06.366400: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366403: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:06.366405: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:06.366407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366409: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:06.366410: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:06.366414: | length/value: 256 (0x100) Aug 26 13:24:06.366416: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:06.366417: | discarding INTEG=NONE Aug 26 13:24:06.366419: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366422: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:06.366424: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.366426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366430: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366431: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366433: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:06.366434: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:06.366436: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:06.366438: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366440: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366441: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366443: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:06.366445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:06.366447: | discarding INTEG=NONE Aug 26 13:24:06.366448: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:06.366450: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366451: | prop #: 2 (0x2) Aug 26 13:24:06.366453: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:06.366454: | spi size: 4 (0x4) Aug 26 13:24:06.366456: | # transforms: 3 (0x3) Aug 26 13:24:06.366458: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366460: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:06.366462: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:06.366463: | our spi 3c 6b c9 ad Aug 26 13:24:06.366465: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366468: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:06.366469: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:06.366471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366473: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:06.366475: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:06.366476: | length/value: 128 (0x80) Aug 26 13:24:06.366478: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:06.366479: | discarding INTEG=NONE Aug 26 13:24:06.366481: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366484: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:06.366486: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.366488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366492: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366494: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366495: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:06.366497: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:06.366498: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:06.366500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366504: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366505: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:06.366507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:06.366509: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:06.366510: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366512: | prop #: 3 (0x3) Aug 26 13:24:06.366513: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:06.366515: | spi size: 4 (0x4) Aug 26 13:24:06.366516: | # transforms: 5 (0x5) Aug 26 13:24:06.366518: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366520: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:06.366522: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:06.366523: | our spi 3c 6b c9 ad Aug 26 13:24:06.366525: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366528: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:06.366530: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:06.366532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366533: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:06.366535: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:06.366536: | length/value: 256 (0x100) Aug 26 13:24:06.366538: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:06.366540: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366543: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:06.366544: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:06.366546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366550: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366551: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366553: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366554: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:06.366556: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:06.366558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366561: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366563: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366570: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:06.366573: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.366576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366584: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366587: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:06.366589: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:06.366593: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:06.366596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366605: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:06.366607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:06.366610: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:06.366613: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:06.366615: | prop #: 4 (0x4) Aug 26 13:24:06.366618: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:06.366620: | spi size: 4 (0x4) Aug 26 13:24:06.366623: | # transforms: 5 (0x5) Aug 26 13:24:06.366626: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:06.366629: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:06.366633: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:06.366635: | our spi 3c 6b c9 ad Aug 26 13:24:06.366638: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366643: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:06.366646: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:06.366649: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366651: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:06.366654: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:06.366657: | length/value: 128 (0x80) Aug 26 13:24:06.366659: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:06.366662: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366665: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366667: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:06.366670: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:06.366673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366679: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366682: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366685: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366688: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:06.366693: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:06.366697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366706: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:06.366714: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.366718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366723: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366726: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:06.366728: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:06.366731: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:06.366733: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:06.366736: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.366739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:06.366742: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:06.366745: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:06.366747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:06.366750: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:06.366753: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:06.366756: | #3 initiate rekey request for "east" #2 SPI 0x88a33b60 TSi TSr Aug 26 13:24:06.366759: | printing contents struct traffic_selector Aug 26 13:24:06.366761: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:24:06.366763: | ipprotoid: 0 Aug 26 13:24:06.366766: | port range: 0-65535 Aug 26 13:24:06.366770: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:06.366773: | printing contents struct traffic_selector Aug 26 13:24:06.366775: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:24:06.366778: | ipprotoid: 0 Aug 26 13:24:06.366780: | port range: 0-65535 Aug 26 13:24:06.366784: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:06.366787: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:06.366789: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366791: | flags: none (0x0) Aug 26 13:24:06.366794: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:06.366797: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366801: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:06.366804: | IKEv2 nonce 1c 46 aa 19 3d ef d2 41 8b f9 fb b3 64 d6 85 88 Aug 26 13:24:06.366806: | IKEv2 nonce ec d0 90 8c 69 55 6b 12 e7 d9 e2 65 97 47 21 ff Aug 26 13:24:06.366809: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:06.366811: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:06.366814: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366817: | flags: none (0x0) Aug 26 13:24:06.366820: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.366825: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:06.366828: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366831: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:06.366834: | ikev2 g^x 7b a4 ef 5f c5 18 bd a3 b1 ba 76 cb 79 f6 e8 58 Aug 26 13:24:06.366837: | ikev2 g^x 10 df 6e 92 fe 0d e6 0f a7 69 94 d9 10 5d 15 72 Aug 26 13:24:06.366840: | ikev2 g^x b7 17 1d 8d 18 77 df 38 a7 44 74 f0 35 7f 0d 79 Aug 26 13:24:06.366842: | ikev2 g^x dc 29 6c bc a4 a4 2b 3a 77 d3 d5 f1 05 80 32 a9 Aug 26 13:24:06.366845: | ikev2 g^x 91 1f b0 e2 cb 98 8f ed 90 ab 97 31 75 45 95 0e Aug 26 13:24:06.366848: | ikev2 g^x ec ac 5b ec 6e e0 eb 38 9a ca 7d d3 88 33 45 e5 Aug 26 13:24:06.366850: | ikev2 g^x 7f 4b 75 fa 19 56 8a 5c 8c e8 ac fc 34 bf c1 15 Aug 26 13:24:06.366852: | ikev2 g^x 7c 7f 0a 44 3b 1d 8a 8d 9b 88 39 e1 d4 f3 ef 3c Aug 26 13:24:06.366855: | ikev2 g^x 6f 3d 1a f9 0f fc e6 b6 55 43 6b 09 6c 28 24 b0 Aug 26 13:24:06.366857: | ikev2 g^x 07 2a 8a 23 69 41 1f 9a cb 58 09 4e 4b 82 8b 69 Aug 26 13:24:06.366860: | ikev2 g^x ec ff 05 b5 04 ff 1b 98 f6 de 24 50 2e f3 4d 5f Aug 26 13:24:06.366863: | ikev2 g^x 42 a4 68 0b 08 93 10 fc af 10 91 cd 6d 71 7b c1 Aug 26 13:24:06.366865: | ikev2 g^x d7 9a ae 0f 57 cf 78 ff ee 94 ea cf 75 5a 9f ff Aug 26 13:24:06.366868: | ikev2 g^x 40 7c 97 59 1c b6 19 d0 7a c4 58 31 0c d5 31 d3 Aug 26 13:24:06.366870: | ikev2 g^x f9 53 d8 94 6e dd b7 19 3f 67 d5 2b 10 b7 ff 48 Aug 26 13:24:06.366873: | ikev2 g^x c5 34 14 31 77 d4 b7 7c 58 79 6e 3d 31 2e 68 7e Aug 26 13:24:06.366876: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:06.366878: | Adding a v2N Payload Aug 26 13:24:06.366881: | ****emit IKEv2 Notify Payload: Aug 26 13:24:06.366884: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366887: | flags: none (0x0) Aug 26 13:24:06.366890: | Protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:06.366893: | SPI size: 4 (0x4) Aug 26 13:24:06.366895: | Notify Message Type: v2N_REKEY_SA (0x4009) Aug 26 13:24:06.366899: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:06.366902: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366906: | emitting 4 raw bytes of SPI into IKEv2 Notify Payload Aug 26 13:24:06.366908: | SPI 88 a3 3b 60 Aug 26 13:24:06.366911: | emitting length of IKEv2 Notify Payload: 12 Aug 26 13:24:06.366914: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:06.366917: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366920: | flags: none (0x0) Aug 26 13:24:06.366923: | number of TS: 1 (0x1) Aug 26 13:24:06.366926: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:24:06.366929: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366932: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:06.366935: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:06.366938: | IP Protocol ID: 0 (0x0) Aug 26 13:24:06.366941: | start port: 0 (0x0) Aug 26 13:24:06.366943: | end port: 65535 (0xffff) Aug 26 13:24:06.366946: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:24:06.366949: | ipv4 start c0 00 02 00 Aug 26 13:24:06.366952: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:24:06.366955: | ipv4 end c0 00 02 ff Aug 26 13:24:06.366957: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:24:06.366960: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:24:06.366963: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:06.366969: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.366972: | flags: none (0x0) Aug 26 13:24:06.366974: | number of TS: 1 (0x1) Aug 26 13:24:06.366977: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:24:06.366981: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:06.366984: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:06.366986: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:06.366988: | IP Protocol ID: 0 (0x0) Aug 26 13:24:06.366990: | start port: 0 (0x0) Aug 26 13:24:06.366993: | end port: 65535 (0xffff) Aug 26 13:24:06.366996: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:24:06.366998: | ipv4 start c0 00 01 00 Aug 26 13:24:06.367001: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:24:06.367003: | ipv4 end c0 00 01 ff Aug 26 13:24:06.367006: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:24:06.367009: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:24:06.367012: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:24:06.367015: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:06.367018: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:06.367021: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:06.367024: | emitting length of IKEv2 Encryption Payload: 585 Aug 26 13:24:06.367027: | emitting length of ISAKMP Message: 613 Aug 26 13:24:06.367044: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:06.367049: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_OK Aug 26 13:24:06.367052: | IKEv2: transition from state STATE_V2_REKEY_CHILD_I0 to state STATE_V2_REKEY_CHILD_I Aug 26 13:24:06.367056: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => V2_REKEY_CHILD_I(established IKE SA) Aug 26 13:24:06.367059: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:24:06.367062: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:06.367067: | Message ID: sent #1.#3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:24:06.367071: "east" #3: STATE_V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:06.367076: | sending V2 reply packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:24:06.367085: | sending 613 bytes for STATE_V2_REKEY_CHILD_I0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:24:06.367089: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:06.367091: | 2e 20 24 00 00 00 00 00 00 00 02 65 21 00 02 49 Aug 26 13:24:06.367094: | 18 37 0f 36 64 1b ea e6 6b 5b 4d fe d2 19 59 b5 Aug 26 13:24:06.367097: | 42 fe 5a f8 67 6a 8f 2f 5a 55 10 88 6b c0 ef c4 Aug 26 13:24:06.367099: | df 3e 34 04 50 e6 5a 6e e2 b2 09 bc a4 9f 11 37 Aug 26 13:24:06.367101: | c3 35 8d a8 97 75 dc c6 d6 da a0 48 66 78 0d 67 Aug 26 13:24:06.367104: | 72 73 0a ae 38 d5 f1 d0 c6 e3 18 c6 6c e6 38 78 Aug 26 13:24:06.367106: | bc ac 65 d0 52 dd 4b f3 c2 7b 60 58 02 53 60 ed Aug 26 13:24:06.367109: | 7f c8 05 31 b4 28 a7 65 fa 41 6d a1 30 f1 c1 29 Aug 26 13:24:06.367112: | c6 3b a3 1d 53 9d d5 68 00 a7 44 3e d1 aa 78 f5 Aug 26 13:24:06.367114: | 19 bb 2b 8a b3 20 92 9c 12 ee 06 a9 79 16 fa 26 Aug 26 13:24:06.367117: | 15 83 ec ed 23 14 60 5c 29 87 b4 28 d6 96 85 c8 Aug 26 13:24:06.367119: | 4e 29 05 41 cd be 60 e6 3f 9b 7d fc 29 c9 64 b9 Aug 26 13:24:06.367122: | 37 6f 9b c4 eb 6b 64 8f 4a d1 6c 1f d9 d3 72 42 Aug 26 13:24:06.367127: | cd fd eb 51 99 a1 3c 89 57 89 a0 54 68 93 c6 e5 Aug 26 13:24:06.367130: | f4 da 9e cf 77 b8 4e 24 6c 4f a2 eb 4e 21 da f8 Aug 26 13:24:06.367132: | 00 6c 8f ed 66 18 ba 8e 82 dd a4 36 69 48 e3 a5 Aug 26 13:24:06.367135: | af 7e e9 61 75 cb 0b 9f bf 07 03 96 4c 56 07 26 Aug 26 13:24:06.367137: | 34 3d 35 07 a0 d6 d6 20 85 88 22 ae 23 b0 0b 06 Aug 26 13:24:06.367140: | fe 66 c5 06 e8 b3 d8 ef 14 e2 b5 83 90 ce 9b 02 Aug 26 13:24:06.367142: | ff d5 8e 5a 10 ad f9 fa 5c bb 89 27 4f 93 d8 a8 Aug 26 13:24:06.367145: | 2f a4 50 4b 2d aa 58 f6 a1 9f 34 89 7a aa 71 d1 Aug 26 13:24:06.367147: | f3 79 c8 0e 84 f3 10 63 0b ba 27 f2 d8 c1 94 5a Aug 26 13:24:06.367150: | 93 ba 55 0d 80 5c 05 bc 04 ad d9 60 4e 4a 27 f1 Aug 26 13:24:06.367153: | 55 e7 66 af 8a d0 78 a3 51 f9 a0 8c 53 55 67 fa Aug 26 13:24:06.367155: | 4b ca 11 31 be e6 2d ba 5f 64 e0 c2 1a 7c 50 a0 Aug 26 13:24:06.367158: | 76 97 f0 19 2b dc 91 e4 d2 d6 ae a8 28 48 b7 25 Aug 26 13:24:06.367160: | f0 32 b7 02 b8 e7 13 92 01 ea a9 f5 ae af 24 f1 Aug 26 13:24:06.367163: | 2b e0 2d 01 18 b7 45 3a 59 f5 e3 95 18 29 2a d5 Aug 26 13:24:06.367166: | 63 54 5b 8b 6e c7 ba 23 45 3e bd de 9a c7 9d 4a Aug 26 13:24:06.367168: | a7 e1 75 bb 30 a6 78 29 52 f2 86 da 22 78 4d 53 Aug 26 13:24:06.367170: | 2f e4 3c 13 a5 70 1d 76 75 b0 61 c4 6d 8a 0b 20 Aug 26 13:24:06.367173: | 36 a6 9d 0e 6c c2 c2 d1 80 a1 cc 83 4d c3 3e 1a Aug 26 13:24:06.367176: | 95 5b a7 55 30 b9 c6 84 2e 21 2e ff 00 ff 77 c9 Aug 26 13:24:06.367178: | b4 de b0 9a 5b 1b 79 e6 29 7f a1 2b 76 86 99 57 Aug 26 13:24:06.367181: | 97 f9 f2 a4 5d fd ff 6f 4c d1 d9 3c 64 89 3e 6c Aug 26 13:24:06.367184: | b6 4f 94 cc 92 b2 1a c9 ea d7 c5 38 39 75 e7 7c Aug 26 13:24:06.367186: | 9d 7a 96 07 ed 87 6d 86 a1 b4 06 36 d2 18 76 3a Aug 26 13:24:06.367188: | 17 58 b1 71 51 Aug 26 13:24:06.367233: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:06.367239: | libevent_free: release ptr-libevent@0x55d8a67562d8 Aug 26 13:24:06.367242: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f01d8002b78 Aug 26 13:24:06.367246: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:24:06.367250: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f01d8002b78 Aug 26 13:24:06.367254: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:24:06.367257: | libevent_malloc: new ptr-libevent@0x55d8a675ba78 size 128 Aug 26 13:24:06.367263: | #3 STATE_V2_REKEY_CHILD_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11132.109716 Aug 26 13:24:06.367268: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:06.367273: | resume processing: state #1 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:06.367279: | #1 spent 0.996 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:06.367283: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in callback_handler() at server.c:908) Aug 26 13:24:06.367286: | libevent_free: release ptr-libevent@0x7f01d0000f48 Aug 26 13:24:06.370309: | spent 0.00255 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:06.370338: | *received 449 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:24:06.370341: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:06.370343: | 2e 20 24 28 00 00 00 00 00 00 01 c1 21 00 01 a5 Aug 26 13:24:06.370344: | 3e f6 22 c1 0e 16 25 a6 59 bc d9 e6 63 de e1 df Aug 26 13:24:06.370346: | 06 cf f5 80 ab 5b db 93 bf 5b 18 ec c6 73 50 35 Aug 26 13:24:06.370347: | ca 53 b8 e2 a1 ba 21 fc 10 f2 a2 e0 a0 41 d5 a3 Aug 26 13:24:06.370349: | d4 6c a4 44 c1 9f bf 54 b5 f0 af 06 25 28 e0 e9 Aug 26 13:24:06.370350: | db c4 57 26 89 29 7d 1b 01 22 44 7d 29 ba 67 55 Aug 26 13:24:06.370352: | 26 ef 05 0b b1 6a 9e 67 b5 24 c6 b2 f8 1e 60 65 Aug 26 13:24:06.370355: | 96 60 dc 3e 10 22 ee c7 b4 80 9d 7c 43 f2 91 df Aug 26 13:24:06.370357: | bb 57 13 66 a6 79 e3 8f 58 15 55 64 96 3e 86 4f Aug 26 13:24:06.370359: | cb 67 b7 20 bf 41 fd 19 7a f9 51 07 05 1b 2d ba Aug 26 13:24:06.370360: | 13 fd 79 a6 e1 a1 63 61 d5 7b e5 a4 b6 a5 3a da Aug 26 13:24:06.370362: | 89 9c a7 a5 c5 b3 b0 3d 42 b6 02 f7 c8 8e 4f 8b Aug 26 13:24:06.370363: | 80 26 57 b3 96 da a9 7c d9 0b 24 96 6a 9a 64 39 Aug 26 13:24:06.370364: | f1 a4 79 4f 56 62 e9 f4 bb 2b ab 31 a4 d6 4b 56 Aug 26 13:24:06.370366: | 6c 49 af 11 98 4b 42 b9 2d a3 99 bb 68 c1 0e 22 Aug 26 13:24:06.370367: | a0 e9 f4 ad ca 54 30 ea 12 c8 b3 f8 ec 37 9b 58 Aug 26 13:24:06.370369: | 89 6c 30 2c 3f c9 37 f6 64 07 f7 46 f4 7e 03 71 Aug 26 13:24:06.370370: | d5 62 d5 2d 8d 3a 74 b7 04 35 66 a4 b4 ad 27 1a Aug 26 13:24:06.370372: | 59 10 59 c0 1a 00 71 b6 07 3f d5 e4 a2 d0 74 ac Aug 26 13:24:06.370373: | ca 88 42 3c bb 47 6e 53 0a 53 01 37 13 c0 da a8 Aug 26 13:24:06.370375: | ff d1 3f dc 5f f1 df f0 83 ed 04 ba fc 54 fd 0b Aug 26 13:24:06.370376: | f2 1c 7e e4 e1 48 90 1c bd 38 55 cf e5 af cf 39 Aug 26 13:24:06.370378: | 9e 1a 1d 48 b3 95 a2 ed 4e 93 b9 46 6a 39 c5 af Aug 26 13:24:06.370379: | 41 d2 52 32 88 29 be d1 b5 18 4f 11 9b 2e 72 7a Aug 26 13:24:06.370381: | ab bc 08 5b 68 7f 79 5e a3 bb 87 88 54 4f e4 f4 Aug 26 13:24:06.370382: | c4 16 0d f0 b4 ba a7 1b 31 cd 86 6b 4f fc a2 8d Aug 26 13:24:06.370384: | 1c 51 5f 9b a6 1a 66 18 eb 46 61 47 d6 71 f4 e4 Aug 26 13:24:06.370385: | 14 Aug 26 13:24:06.370388: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:24:06.370391: | **parse ISAKMP Message: Aug 26 13:24:06.370393: | initiator cookie: Aug 26 13:24:06.370394: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:06.370396: | responder cookie: Aug 26 13:24:06.370397: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:06.370399: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:06.370401: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:06.370403: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:06.370405: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:06.370406: | Message ID: 0 (0x0) Aug 26 13:24:06.370408: | length: 449 (0x1c1) Aug 26 13:24:06.370410: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:06.370412: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:06.370415: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:24:06.370419: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:06.370421: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:06.370424: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:06.370426: | start processing: state #3 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:06.370428: | #3 is idle Aug 26 13:24:06.370429: | #3 idle Aug 26 13:24:06.370431: | unpacking clear payload Aug 26 13:24:06.370433: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:06.370434: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:06.370436: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:06.370438: | flags: none (0x0) Aug 26 13:24:06.370439: | length: 421 (0x1a5) Aug 26 13:24:06.370441: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:24:06.370443: | #3 in state V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:06.370454: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:06.370456: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:06.370458: | **parse IKEv2 Security Association Payload: Aug 26 13:24:06.370459: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:06.370462: | flags: none (0x0) Aug 26 13:24:06.370464: | length: 44 (0x2c) Aug 26 13:24:06.370466: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:24:06.370467: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:06.370469: | **parse IKEv2 Nonce Payload: Aug 26 13:24:06.370470: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:06.370472: | flags: none (0x0) Aug 26 13:24:06.370473: | length: 36 (0x24) Aug 26 13:24:06.370475: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:06.370476: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:06.370478: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:06.370480: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:24:06.370481: | flags: none (0x0) Aug 26 13:24:06.370483: | length: 264 (0x108) Aug 26 13:24:06.370484: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.370486: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:06.370487: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:24:06.370489: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:06.370491: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:24:06.370492: | flags: none (0x0) Aug 26 13:24:06.370494: | length: 24 (0x18) Aug 26 13:24:06.370495: | number of TS: 1 (0x1) Aug 26 13:24:06.370497: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:24:06.370498: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:24:06.370500: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:06.370502: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:06.370503: | flags: none (0x0) Aug 26 13:24:06.370505: | length: 24 (0x18) Aug 26 13:24:06.370506: | number of TS: 1 (0x1) Aug 26 13:24:06.370508: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:24:06.370510: | state #3 forced to match CREATE_CHILD_SA from V2_CREATE_I->V2_IPSEC_I by ignoring from state Aug 26 13:24:06.370512: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:06.370515: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:06.370517: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:24:06.370518: | Now let's proceed with state specific processing Aug 26 13:24:06.370520: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:06.370528: | using existing local ESP/AH proposals for east (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.370530: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:24:06.370533: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:06.370535: | local proposal 1 type PRF has 0 transforms Aug 26 13:24:06.370536: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:06.370538: | local proposal 1 type DH has 1 transforms Aug 26 13:24:06.370539: | local proposal 1 type ESN has 1 transforms Aug 26 13:24:06.370541: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:06.370543: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:06.370545: | local proposal 2 type PRF has 0 transforms Aug 26 13:24:06.370546: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:06.370548: | local proposal 2 type DH has 1 transforms Aug 26 13:24:06.370549: | local proposal 2 type ESN has 1 transforms Aug 26 13:24:06.370551: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:06.370553: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:06.370554: | local proposal 3 type PRF has 0 transforms Aug 26 13:24:06.370557: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:06.370559: | local proposal 3 type DH has 1 transforms Aug 26 13:24:06.370561: | local proposal 3 type ESN has 1 transforms Aug 26 13:24:06.370562: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:06.370564: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:06.370566: | local proposal 4 type PRF has 0 transforms Aug 26 13:24:06.370567: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:06.370569: | local proposal 4 type DH has 1 transforms Aug 26 13:24:06.370570: | local proposal 4 type ESN has 1 transforms Aug 26 13:24:06.370572: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:06.370574: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:06.370576: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:06.370577: | length: 40 (0x28) Aug 26 13:24:06.370579: | prop #: 1 (0x1) Aug 26 13:24:06.370581: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:06.370582: | spi size: 4 (0x4) Aug 26 13:24:06.370584: | # transforms: 3 (0x3) Aug 26 13:24:06.370586: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:06.370587: | remote SPI bf dc bc 36 Aug 26 13:24:06.370589: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:06.370591: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:06.370593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.370594: | length: 12 (0xc) Aug 26 13:24:06.370596: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:06.370597: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:06.370599: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:06.370601: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:06.370602: | length/value: 256 (0x100) Aug 26 13:24:06.370605: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:06.370607: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:06.370609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:06.370610: | length: 8 (0x8) Aug 26 13:24:06.370612: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:06.370613: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:06.370616: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:06.370617: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:06.370619: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:06.370620: | length: 8 (0x8) Aug 26 13:24:06.370622: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:06.370623: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:06.370626: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:24:06.370628: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:24:06.370630: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:24:06.370632: | remote proposal 1 matches local proposal 1 Aug 26 13:24:06.370634: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:24:06.370637: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=bfdcbc36;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:24:06.370639: | converting proposal to internal trans attrs Aug 26 13:24:06.370642: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:24:06.370646: | adding ikev2 Child Rekey SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:24:06.370648: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:06.370650: | #3 STATE_V2_REKEY_CHILD_I: retransmits: cleared Aug 26 13:24:06.370653: | libevent_free: release ptr-libevent@0x55d8a675ba78 Aug 26 13:24:06.370656: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f01d8002b78 Aug 26 13:24:06.370658: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:06.370660: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:06.370663: | libevent_malloc: new ptr-libevent@0x7f01d0000f48 size 128 Aug 26 13:24:06.370670: | #3 spent 0.147 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:24:06.370673: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:06.370676: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:24:06.370678: | suspending state #3 and saving MD Aug 26 13:24:06.370679: | #3 is busy; has a suspended MD Aug 26 13:24:06.370682: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:06.370684: | "east" #3 complete v2 state STATE_V2_REKEY_CHILD_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:06.370687: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:06.370690: | #1 spent 0.37 milliseconds in ikev2_process_packet() Aug 26 13:24:06.370692: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:24:06.370694: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:06.370696: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:06.370699: | spent 0.38 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:06.370704: | crypto helper 1 resuming Aug 26 13:24:06.370713: | crypto helper 1 starting work-order 4 for state #3 Aug 26 13:24:06.370717: | crypto helper 1 doing crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 Aug 26 13:24:06.371278: | crypto helper 1 finished crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 time elapsed 0.00056 seconds Aug 26 13:24:06.371285: | (#3) spent 0.567 milliseconds in crypto helper computing work-order 4: ikev2 Child Rekey SA initiator pfs=yes (dh) Aug 26 13:24:06.371287: | crypto helper 1 sending results from work-order 4 for state #3 to event queue Aug 26 13:24:06.371310: | scheduling resume sending helper answer for #3 Aug 26 13:24:06.371313: | libevent_malloc: new ptr-libevent@0x7f01c8001f78 size 128 Aug 26 13:24:06.371319: | crypto helper 1 waiting (nothing to do) Aug 26 13:24:06.371328: | processing resume sending helper answer for #3 Aug 26 13:24:06.371352: | start processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:24:06.371357: | crypto helper 1 replies to request ID 4 Aug 26 13:24:06.371360: | calling continuation function 0x55d8a52f49d0 Aug 26 13:24:06.371365: | ikev2_child_inR_continue for #3 STATE_V2_REKEY_CHILD_I Aug 26 13:24:06.371368: | TSi: parsing 1 traffic selectors Aug 26 13:24:06.371372: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:06.371375: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:06.371378: | IP Protocol ID: 0 (0x0) Aug 26 13:24:06.371381: | length: 16 (0x10) Aug 26 13:24:06.371383: | start port: 0 (0x0) Aug 26 13:24:06.371386: | end port: 65535 (0xffff) Aug 26 13:24:06.371389: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:06.371391: | TS low c0 00 02 00 Aug 26 13:24:06.371394: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:06.371397: | TS high c0 00 02 ff Aug 26 13:24:06.371400: | TSi: parsed 1 traffic selectors Aug 26 13:24:06.371402: | TSr: parsing 1 traffic selectors Aug 26 13:24:06.371405: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:06.371408: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:06.371410: | IP Protocol ID: 0 (0x0) Aug 26 13:24:06.371413: | length: 16 (0x10) Aug 26 13:24:06.371415: | start port: 0 (0x0) Aug 26 13:24:06.371420: | end port: 65535 (0xffff) Aug 26 13:24:06.371423: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:06.371426: | TS low c0 00 01 00 Aug 26 13:24:06.371429: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:06.371431: | TS high c0 00 01 ff Aug 26 13:24:06.371434: | TSr: parsed 1 traffic selectors Aug 26 13:24:06.371440: | evaluating our conn="east" I=192.0.2.0/24:0/0 R=192.0.1.0/24:0/0 to their: Aug 26 13:24:06.371446: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:06.371453: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:24:06.371456: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:24:06.371459: | TSi[0] port match: YES fitness 65536 Aug 26 13:24:06.371462: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:24:06.371465: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:06.371470: | TSr[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:06.371476: | match address end->client=192.0.1.0/24 == TSr[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:24:06.371479: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:24:06.371482: | TSr[0] port match: YES fitness 65536 Aug 26 13:24:06.371484: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:24:06.371487: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:06.371490: | best fit so far: TSi[0] TSr[0] Aug 26 13:24:06.371493: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:24:06.371495: | printing contents struct traffic_selector Aug 26 13:24:06.371498: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:06.371500: | ipprotoid: 0 Aug 26 13:24:06.371502: | port range: 0-65535 Aug 26 13:24:06.371506: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:06.371509: | printing contents struct traffic_selector Aug 26 13:24:06.371511: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:06.371514: | ipprotoid: 0 Aug 26 13:24:06.371516: | port range: 0-65535 Aug 26 13:24:06.371520: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:06.371525: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:24:06.371651: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:24:06.371655: | could_route called for east (kind=CK_PERMANENT) Aug 26 13:24:06.371657: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:06.371659: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:24:06.371661: | conn east mark 0/00000000, 0/00000000 Aug 26 13:24:06.371663: | route owner of "east" erouted: self; eroute owner: self Aug 26 13:24:06.371666: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:06.371668: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:06.371670: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:06.371671: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:06.371674: | setting IPsec SA replay-window to 32 Aug 26 13:24:06.371676: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:24:06.371678: | netlink: enabling tunnel mode Aug 26 13:24:06.371680: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:06.371681: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:06.371736: | netlink response for Add SA esp.bfdcbc36@192.1.2.45 included non-error error Aug 26 13:24:06.371739: | set up outgoing SA, ref=0/0 Aug 26 13:24:06.371741: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:06.371744: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:06.371749: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:06.371754: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:06.371759: | setting IPsec SA replay-window to 32 Aug 26 13:24:06.371778: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:24:06.371781: | netlink: enabling tunnel mode Aug 26 13:24:06.371784: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:06.371787: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:06.371837: | netlink response for Add SA esp.3c6bc9ad@192.1.2.23 included non-error error Aug 26 13:24:06.371843: | set up incoming SA, ref=0/0 Aug 26 13:24:06.371846: | sr for #3: erouted Aug 26 13:24:06.371850: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:24:06.371854: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:06.371857: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:24:06.371861: | conn east mark 0/00000000, 0/00000000 Aug 26 13:24:06.371864: | route owner of "east" erouted: self; eroute owner: self Aug 26 13:24:06.371881: | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #3 Aug 26 13:24:06.371885: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:06.371895: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) Aug 26 13:24:06.371899: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:06.371912: | raw_eroute result=success Aug 26 13:24:06.371928: | route_and_eroute: firewall_notified: true Aug 26 13:24:06.371931: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55d8a674e678,sr=0x55d8a674e678} to #3 (was #2) (newest_ipsec_sa=#2) Aug 26 13:24:06.371997: | #1 spent 0.343 milliseconds in install_ipsec_sa() Aug 26 13:24:06.372004: | inR2: instance east[0], setting IKEv2 newest_ipsec_sa to #3 (was #2) (spd.eroute=#3) cloned from #1 Aug 26 13:24:06.372008: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:06.372013: | libevent_free: release ptr-libevent@0x7f01d0000f48 Aug 26 13:24:06.372016: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:06.372021: "east" #3: rekeyed #2 STATE_V2_REKEY_CHILD_I and expire it remaining life 1s Aug 26 13:24:06.372028: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:06.372034: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_OK Aug 26 13:24:06.372038: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:24:06.372042: | child state #3: V2_REKEY_CHILD_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:24:06.372046: | Message ID: updating counters for #3 to 0 after switching state Aug 26 13:24:06.372053: | Message ID: recv #1.#3 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:24:06.372059: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=0 initiator.recv=0 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:06.372063: | pstats #3 ikev2.child established Aug 26 13:24:06.372070: "east" #3: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 13:24:06.372073: | NAT-T: encaps is 'auto' Aug 26 13:24:06.372076: "east" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xbfdcbc36 <0x3c6bc9ad xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:24:06.372078: | releasing whack for #3 (sock=fd@-1) Aug 26 13:24:06.372080: | releasing whack and unpending for parent #1 Aug 26 13:24:06.372082: | unpending state #1 connection "east" Aug 26 13:24:06.372085: | #3 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:06.372087: | event_schedule: new EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:24:06.372089: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #3 Aug 26 13:24:06.372091: | libevent_malloc: new ptr-libevent@0x55d8a67616d8 size 128 Aug 26 13:24:06.372098: | #3 spent 0.74 milliseconds in resume sending helper answer Aug 26 13:24:06.372101: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:24:06.372103: | libevent_free: release ptr-libevent@0x7f01c8001f78 Aug 26 13:24:08.425278: | timer_event_cb: processing event@0x55d8a6754668 Aug 26 13:24:08.425376: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:24:08.425401: | start processing: state #2 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:08.425414: | picked newest_ipsec_sa #3 for #2 Aug 26 13:24:08.425424: | expiring stale CHILD SA #2; newer #3 will replace? Aug 26 13:24:08.425436: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d8a67632e8 Aug 26 13:24:08.425449: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:24:08.425460: | libevent_malloc: new ptr-libevent@0x7f01c8001f78 size 128 Aug 26 13:24:08.425473: | libevent_free: release ptr-libevent@0x55d8a6752248 Aug 26 13:24:08.425483: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d8a6754668 Aug 26 13:24:08.425502: | #2 spent 0.203 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:24:08.425519: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) Aug 26 13:24:08.425537: | timer_event_cb: processing event@0x55d8a67632e8 Aug 26 13:24:08.425546: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:24:08.425560: | start processing: state #2 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:08.425570: | picked newest_ipsec_sa #3 for #2 Aug 26 13:24:08.425579: | CHILD SA expired (superseded by #3) Aug 26 13:24:08.425588: | pstats #2 ikev2.child deleted completed Aug 26 13:24:08.425598: | #2 spent 0.343 milliseconds in total Aug 26 13:24:08.425612: | [RE]START processing: state #2 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:24:08.425625: "east" #2: deleting state (STATE_V2_IPSEC_R) aged 30.067s and sending notification Aug 26 13:24:08.425635: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:24:08.425651: | get_sa_info esp.e18b2b04@192.1.2.45 Aug 26 13:24:08.425705: | get_sa_info esp.88a33b60@192.1.2.23 Aug 26 13:24:08.425734: "east" #2: ESP traffic information: in=336B out=336B Aug 26 13:24:08.425745: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:24:08.425755: | Opening output PBS informational exchange delete request Aug 26 13:24:08.425764: | **emit ISAKMP Message: Aug 26 13:24:08.425773: | initiator cookie: Aug 26 13:24:08.425781: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:08.425789: | responder cookie: Aug 26 13:24:08.425796: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:08.425805: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:08.425814: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:08.425823: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:08.425832: | flags: none (0x0) Aug 26 13:24:08.425840: | Message ID: 1 (0x1) Aug 26 13:24:08.425849: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:08.425859: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:08.425868: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:08.425875: | flags: none (0x0) Aug 26 13:24:08.425886: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:08.425895: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:08.425906: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:08.425929: | ****emit IKEv2 Delete Payload: Aug 26 13:24:08.425939: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:08.425946: | flags: none (0x0) Aug 26 13:24:08.425955: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:08.425963: | SPI size: 4 (0x4) Aug 26 13:24:08.425984: | number of SPIs: 1 (0x1) Aug 26 13:24:08.425995: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:08.426005: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:08.426015: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:08.426023: | local spis 88 a3 3b 60 Aug 26 13:24:08.426032: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:08.426041: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:08.426051: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:08.426061: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:08.426069: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:08.426077: | emitting length of ISAKMP Message: 69 Aug 26 13:24:08.426130: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Aug 26 13:24:08.426141: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:08.426149: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:24:08.426156: | e3 cd 6b ee 6c bc 3a 6c a6 1f 14 47 fa 75 e9 14 Aug 26 13:24:08.426164: | b0 eb 66 59 b2 48 ba 64 52 af f6 68 cc ce 21 16 Aug 26 13:24:08.426171: | 22 8c d2 fa cc Aug 26 13:24:08.426897: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:24:08.426923: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:24:08.426940: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=1 responder.recv=1 wip.initiator=-1->1 wip.responder=-1 Aug 26 13:24:08.427113: | delete esp.e18b2b04@192.1.2.45 Aug 26 13:24:08.427178: | netlink response for Del SA esp.e18b2b04@192.1.2.45 included non-error error Aug 26 13:24:08.427193: | delete esp.88a33b60@192.1.2.23 Aug 26 13:24:08.427230: | netlink response for Del SA esp.88a33b60@192.1.2.23 included non-error error Aug 26 13:24:08.427244: | in connection_discard for connection east Aug 26 13:24:08.427254: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:24:08.427265: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:08.427314: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:24:08.427346: | State DB: found IKEv2 state #3 in V2_IPSEC_I (v2_expire_unused_ike_sa) Aug 26 13:24:08.427356: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:24:08.427368: | libevent_free: release ptr-libevent@0x7f01c8001f78 Aug 26 13:24:08.427377: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d8a67632e8 Aug 26 13:24:08.427386: | in statetime_stop() and could not find #2 Aug 26 13:24:08.427396: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:08.429185: | spent 0.00824 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:08.429248: | *received 69 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:24:08.429259: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:08.429267: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:24:08.429274: | a7 dd 58 69 b8 17 61 1e 41 9c a8 59 cb 54 8a 49 Aug 26 13:24:08.429282: | 2e e4 48 dc d4 14 80 c8 59 1c 1f 65 d8 e1 1a c9 Aug 26 13:24:08.429308: | d0 38 6f c8 e7 Aug 26 13:24:08.429331: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:24:08.429344: | **parse ISAKMP Message: Aug 26 13:24:08.429353: | initiator cookie: Aug 26 13:24:08.429372: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:08.429398: | responder cookie: Aug 26 13:24:08.429410: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:08.429424: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:08.429449: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:08.429464: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:08.429480: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:08.429494: | Message ID: 1 (0x1) Aug 26 13:24:08.429508: | length: 69 (0x45) Aug 26 13:24:08.429524: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:08.429541: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:08.429559: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:24:08.429592: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:08.429613: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:08.429622: | #1 is idle Aug 26 13:24:08.429630: | #1 idle Aug 26 13:24:08.429637: | unpacking clear payload Aug 26 13:24:08.429646: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:08.429656: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:08.429664: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:08.429672: | flags: none (0x0) Aug 26 13:24:08.429680: | length: 41 (0x29) Aug 26 13:24:08.429689: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:08.429698: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:24:08.429734: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:08.429744: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:08.429753: | **parse IKEv2 Delete Payload: Aug 26 13:24:08.429761: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:08.429769: | flags: none (0x0) Aug 26 13:24:08.429777: | length: 12 (0xc) Aug 26 13:24:08.429785: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:08.429793: | SPI size: 4 (0x4) Aug 26 13:24:08.429801: | number of SPIs: 1 (0x1) Aug 26 13:24:08.429809: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:08.429818: | selected state microcode R2: process INFORMATIONAL Request Aug 26 13:24:08.429826: | Now let's proceed with state specific processing Aug 26 13:24:08.429834: | calling processor R2: process INFORMATIONAL Request Aug 26 13:24:08.429845: | an informational response Aug 26 13:24:08.429854: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:08.429862: | SPI e1 8b 2b 04 Aug 26 13:24:08.429871: | delete PROTO_v2_ESP SA(0xe18b2b04) Aug 26 13:24:08.429881: | State DB: IKEv2 state not found (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:08.429891: "east" #1: received delete request for PROTO_v2_ESP SA(0xe18b2b04) but corresponding state not found Aug 26 13:24:08.429910: | #1 spent 0.0588 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:08.429926: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:08.429937: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 13:24:08.429946: | Message ID: updating counters for #1 to 1 after switching state Aug 26 13:24:08.429962: | Message ID: recv #1 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=1 responder.recv=1 wip.initiator=1->-1 wip.responder=-1 Aug 26 13:24:08.429976: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:08.429985: "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 13:24:08.429999: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:08.430013: | #1 spent 0.776 milliseconds in ikev2_process_packet() Aug 26 13:24:08.430026: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:24:08.430036: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:08.430063: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:08.430077: | spent 0.84 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:17.061423: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:17.061440: | expiring aged bare shunts from shunt table Aug 26 13:24:17.061446: | spent 0.00442 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:31.386360: | timer_event_cb: processing event@0x7f01d8002b78 Aug 26 13:24:31.386384: | handling event EVENT_SA_REKEY for child state #3 Aug 26 13:24:31.386393: | start processing: state #3 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:31.386399: | picked newest_ipsec_sa #3 for #3 Aug 26 13:24:31.386402: | rekeying stale CHILD SA Aug 26 13:24:31.386407: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:31.386410: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:31.386414: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:31.386420: | creating state object #4 at 0x55d8a6756388 Aug 26 13:24:31.386424: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:24:31.386428: | pstats #4 ikev2.child started Aug 26 13:24:31.386432: | duplicating state object #1 "east" as #4 for IPSEC SA Aug 26 13:24:31.386437: | #4 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:31.386444: | Message ID: init_child #1.#4; ike: initiator.sent=1 initiator.recv=1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:31.386450: | suspend processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:31.386454: | start processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:31.386458: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:31.386471: | using existing local ESP/AH proposals for east (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:31.386478: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 13:24:31.386481: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d8a67632e8 Aug 26 13:24:31.386485: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:24:31.386489: | libevent_malloc: new ptr-libevent@0x55d8a6752248 size 128 Aug 26 13:24:31.386495: | RESET processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:31.386498: | scheduling drop-dead replace event for #3 Aug 26 13:24:31.386501: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d8a6754668 Aug 26 13:24:31.386505: | inserting event EVENT_SA_REPLACE, timeout in 4.985686 seconds for #3 Aug 26 13:24:31.386507: | libevent_malloc: new ptr-libevent@0x7f01d4002888 size 128 Aug 26 13:24:31.386511: | libevent_free: release ptr-libevent@0x55d8a67616d8 Aug 26 13:24:31.386514: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:24:31.386521: | #3 spent 0.163 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:31.386524: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:31.386530: | timer_event_cb: processing event@0x55d8a67632e8 Aug 26 13:24:31.386533: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:24:31.386538: | start processing: state #4 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:31.386543: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:24:31.386546: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:31.386553: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:31.386557: | libevent_malloc: new ptr-libevent@0x55d8a67616d8 size 128 Aug 26 13:24:31.386565: | libevent_free: release ptr-libevent@0x55d8a6752248 Aug 26 13:24:31.386568: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d8a67632e8 Aug 26 13:24:31.386573: | #4 spent 0.0414 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:31.386578: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) Aug 26 13:24:31.386580: | crypto helper 4 resuming Aug 26 13:24:31.386598: | crypto helper 4 starting work-order 5 for state #4 Aug 26 13:24:31.386606: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 13:24:31.387690: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001083 seconds Aug 26 13:24:31.387708: | (#4) spent 1.1 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:31.387712: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Aug 26 13:24:31.387715: | scheduling resume sending helper answer for #4 Aug 26 13:24:31.387719: | libevent_malloc: new ptr-libevent@0x7f01cc002888 size 128 Aug 26 13:24:31.387728: | crypto helper 4 waiting (nothing to do) Aug 26 13:24:31.387769: | processing resume sending helper answer for #4 Aug 26 13:24:31.387783: | start processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:24:31.387789: | crypto helper 4 replies to request ID 5 Aug 26 13:24:31.387792: | calling continuation function 0x55d8a52f3b50 Aug 26 13:24:31.387797: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:31.387800: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:31.387804: | libevent_free: release ptr-libevent@0x55d8a67616d8 Aug 26 13:24:31.387807: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:31.387810: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f01d8002b78 Aug 26 13:24:31.387814: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:24:31.387817: | libevent_malloc: new ptr-libevent@0x55d8a67616d8 size 128 Aug 26 13:24:31.387823: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:31.387826: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:31.387829: | libevent_malloc: new ptr-libevent@0x55d8a6752248 size 128 Aug 26 13:24:31.387835: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:31.387839: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:31.387842: | suspending state #4 and saving MD Aug 26 13:24:31.387845: | #4 is busy; has a suspended MD Aug 26 13:24:31.387849: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:31.387853: | "east" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:31.387857: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:24:31.387862: | #4 spent 0.0725 milliseconds in resume sending helper answer Aug 26 13:24:31.387867: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:24:31.387870: | libevent_free: release ptr-libevent@0x7f01cc002888 Aug 26 13:24:31.387875: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:31.387880: | start processing: state #1 connection "east" from 192.1.2.45:500 (in callback_handler() at server.c:904) Aug 26 13:24:31.387885: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:31.387893: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:31.387897: | start processing: state #4 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:31.387905: | **emit ISAKMP Message: Aug 26 13:24:31.387908: | initiator cookie: Aug 26 13:24:31.387911: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:31.387914: | responder cookie: Aug 26 13:24:31.387916: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:31.387919: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:31.387922: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:31.387925: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:31.387928: | flags: none (0x0) Aug 26 13:24:31.387931: | Message ID: 2 (0x2) Aug 26 13:24:31.387934: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:31.387937: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:31.387940: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.387943: | flags: none (0x0) Aug 26 13:24:31.387946: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:31.387949: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.387953: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:31.388261: | netlink_get_spi: allocated 0x4277b24e for esp.0@192.1.2.23 Aug 26 13:24:31.388266: | Emitting ikev2_proposals ... Aug 26 13:24:31.388269: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:31.388272: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388274: | flags: none (0x0) Aug 26 13:24:31.388278: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:31.388281: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388284: | discarding INTEG=NONE Aug 26 13:24:31.388287: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:31.388298: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388301: | prop #: 1 (0x1) Aug 26 13:24:31.388304: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:31.388306: | spi size: 4 (0x4) Aug 26 13:24:31.388309: | # transforms: 3 (0x3) Aug 26 13:24:31.388312: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:31.388316: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:31.388318: | our spi 42 77 b2 4e Aug 26 13:24:31.388321: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388327: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:31.388329: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:31.388333: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388336: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:31.388338: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:31.388341: | length/value: 256 (0x100) Aug 26 13:24:31.388344: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:31.388347: | discarding INTEG=NONE Aug 26 13:24:31.388349: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:31.388357: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.388360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388371: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388374: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:31.388377: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:31.388379: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:31.388382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388388: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388390: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:31.388393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:31.388396: | discarding INTEG=NONE Aug 26 13:24:31.388399: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:31.388401: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388404: | prop #: 2 (0x2) Aug 26 13:24:31.388406: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:31.388409: | spi size: 4 (0x4) Aug 26 13:24:31.388411: | # transforms: 3 (0x3) Aug 26 13:24:31.388414: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388417: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:31.388420: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:31.388423: | our spi 42 77 b2 4e Aug 26 13:24:31.388425: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388431: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:31.388433: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:31.388436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388439: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:31.388443: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:31.388447: | length/value: 128 (0x80) Aug 26 13:24:31.388451: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:31.388455: | discarding INTEG=NONE Aug 26 13:24:31.388459: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388464: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:31.388466: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.388470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388473: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388475: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388478: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388480: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:31.388483: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:31.388485: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:31.388488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388493: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388496: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388499: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:31.388502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:31.388504: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:31.388507: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388509: | prop #: 3 (0x3) Aug 26 13:24:31.388512: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:31.388514: | spi size: 4 (0x4) Aug 26 13:24:31.388517: | # transforms: 5 (0x5) Aug 26 13:24:31.388520: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388523: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:31.388526: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:31.388528: | our spi 42 77 b2 4e Aug 26 13:24:31.388531: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:31.388538: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:31.388541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388544: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:31.388547: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:31.388549: | length/value: 256 (0x100) Aug 26 13:24:31.388552: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:31.388554: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388559: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:31.388562: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:31.388565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388573: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388578: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:31.388581: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:31.388584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388589: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388592: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:31.388599: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.388602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388614: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388617: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:31.388619: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:31.388622: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:31.388625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388630: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388633: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:31.388635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:31.388638: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:31.388641: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:31.388643: | prop #: 4 (0x4) Aug 26 13:24:31.388646: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:31.388648: | spi size: 4 (0x4) Aug 26 13:24:31.388651: | # transforms: 5 (0x5) Aug 26 13:24:31.388654: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:31.388657: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:31.388660: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:31.388662: | our spi 42 77 b2 4e Aug 26 13:24:31.388665: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388670: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:31.388672: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:31.388675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388678: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:31.388680: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:31.388683: | length/value: 128 (0x80) Aug 26 13:24:31.388685: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:31.388688: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388693: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:31.388695: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:31.388698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388706: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388711: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:31.388714: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:31.388717: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388723: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388725: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388732: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:31.388734: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.388737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388743: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388745: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:31.388748: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:31.388750: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:31.388753: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:31.388756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.388759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:31.388761: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:31.388764: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:31.388767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:31.388770: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:31.388773: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:31.388776: | #4 initiate rekey request for "east" #3 SPI 0x3c6bc9ad TSi TSr Aug 26 13:24:31.388779: | printing contents struct traffic_selector Aug 26 13:24:31.388782: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:31.388784: | ipprotoid: 0 Aug 26 13:24:31.388787: | port range: 0-65535 Aug 26 13:24:31.388791: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:31.388793: | printing contents struct traffic_selector Aug 26 13:24:31.388796: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:31.388798: | ipprotoid: 0 Aug 26 13:24:31.388800: | port range: 0-65535 Aug 26 13:24:31.388804: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:31.388807: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:31.388809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388812: | flags: none (0x0) Aug 26 13:24:31.388815: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:31.388818: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388822: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:31.388824: | IKEv2 nonce e8 f1 60 a1 73 65 1d 78 2b 58 7a f1 3d 85 9d 8c Aug 26 13:24:31.388827: | IKEv2 nonce a7 00 92 44 62 19 5c f1 ee ca 51 8e 88 da f9 d8 Aug 26 13:24:31.388830: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:31.388832: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:31.388835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388837: | flags: none (0x0) Aug 26 13:24:31.388840: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.388843: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:31.388846: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388849: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:31.388852: | ikev2 g^x d4 3f 02 9f fa 02 55 0e 06 39 85 a6 4d 24 27 e4 Aug 26 13:24:31.388854: | ikev2 g^x 6e a9 68 7d 7f 82 a8 e7 a5 df 87 af 95 07 97 8e Aug 26 13:24:31.388858: | ikev2 g^x b3 9f 47 27 e8 d1 35 f9 e1 72 af 83 9e 14 d8 b6 Aug 26 13:24:31.388861: | ikev2 g^x 99 da 27 8f d2 9d be 3d 10 a7 a2 33 40 bb 13 ae Aug 26 13:24:31.388863: | ikev2 g^x 5e 1c 45 42 1f 8b aa 8a 35 ad d1 43 e2 07 ff 5d Aug 26 13:24:31.388866: | ikev2 g^x 21 22 22 21 b9 af c0 79 9d 13 a7 00 dd 1a d2 59 Aug 26 13:24:31.388868: | ikev2 g^x ea 01 c4 ac 83 ff 3c 2b d1 90 e7 a4 aa 0b b9 bd Aug 26 13:24:31.388871: | ikev2 g^x f1 6a bb b5 9e 8c 0a 2e f8 62 32 d1 4a be 4b d8 Aug 26 13:24:31.388873: | ikev2 g^x cb 2c 75 96 c5 eb 97 f8 10 0a e5 b1 0a 42 a1 9d Aug 26 13:24:31.388876: | ikev2 g^x a5 68 cb 52 f0 d5 cd 4b f5 9d e7 b2 2e 06 c0 6c Aug 26 13:24:31.388878: | ikev2 g^x df 82 9a c5 56 9b 68 1f a3 bb 0f 3c 04 79 ac ee Aug 26 13:24:31.388880: | ikev2 g^x d3 02 7f 58 5a fb f8 5a f4 6c f2 4a af 0a 14 75 Aug 26 13:24:31.388883: | ikev2 g^x 78 48 37 de ba 34 10 65 2e b6 e9 b3 87 0b 79 e3 Aug 26 13:24:31.388885: | ikev2 g^x 37 96 54 be eb a2 75 b6 43 85 28 b7 74 d2 38 a0 Aug 26 13:24:31.388888: | ikev2 g^x a7 cc 9a 3f d2 11 c6 1f 41 4f 01 6a 18 fd e4 54 Aug 26 13:24:31.388890: | ikev2 g^x fe ab 1f 7d 93 c9 19 7a 80 d1 62 65 a4 18 62 53 Aug 26 13:24:31.388893: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:31.388895: | Adding a v2N Payload Aug 26 13:24:31.388898: | ****emit IKEv2 Notify Payload: Aug 26 13:24:31.388901: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388903: | flags: none (0x0) Aug 26 13:24:31.388906: | Protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:31.388908: | SPI size: 4 (0x4) Aug 26 13:24:31.388911: | Notify Message Type: v2N_REKEY_SA (0x4009) Aug 26 13:24:31.388914: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:31.388917: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388920: | emitting 4 raw bytes of SPI into IKEv2 Notify Payload Aug 26 13:24:31.388923: | SPI 3c 6b c9 ad Aug 26 13:24:31.388925: | emitting length of IKEv2 Notify Payload: 12 Aug 26 13:24:31.388928: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:31.388931: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388933: | flags: none (0x0) Aug 26 13:24:31.388936: | number of TS: 1 (0x1) Aug 26 13:24:31.388939: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:24:31.388942: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388945: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:31.388947: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:31.388950: | IP Protocol ID: 0 (0x0) Aug 26 13:24:31.388952: | start port: 0 (0x0) Aug 26 13:24:31.388955: | end port: 65535 (0xffff) Aug 26 13:24:31.388958: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:31.388961: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:31.388963: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:31.388966: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:31.388969: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:31.388971: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 48 Aug 26 13:24:31.388974: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:31.388976: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.388979: | flags: none (0x0) Aug 26 13:24:31.388981: | number of TS: 1 (0x1) Aug 26 13:24:31.388985: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:24:31.388990: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:31.388996: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:31.389001: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:31.389006: | IP Protocol ID: 0 (0x0) Aug 26 13:24:31.389010: | start port: 0 (0x0) Aug 26 13:24:31.389014: | end port: 65535 (0xffff) Aug 26 13:24:31.389019: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:31.389024: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:31.389029: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:31.389033: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:31.389037: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:31.389041: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 48 Aug 26 13:24:31.389046: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:24:31.389051: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:31.389057: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:31.389062: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:31.389067: | emitting length of IKEv2 Encryption Payload: 633 Aug 26 13:24:31.389071: | emitting length of ISAKMP Message: 661 Aug 26 13:24:31.389098: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:31.389105: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_OK Aug 26 13:24:31.389110: | IKEv2: transition from state STATE_V2_REKEY_CHILD_I0 to state STATE_V2_REKEY_CHILD_I Aug 26 13:24:31.389115: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => V2_REKEY_CHILD_I(established IKE SA) Aug 26 13:24:31.389120: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:24:31.389125: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:31.389133: | Message ID: sent #1.#4 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=1 responder.recv=1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:24:31.389139: "east" #4: STATE_V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:31.389147: | sending V2 reply packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:24:31.389157: | sending 661 bytes for STATE_V2_REKEY_CHILD_I0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:24:31.389162: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:31.389166: | 2e 20 24 00 00 00 00 02 00 00 02 95 21 00 02 79 Aug 26 13:24:31.389170: | ef fb 0d a9 ad 2a ca 6a fb 22 6f 20 f9 d3 0b a5 Aug 26 13:24:31.389174: | b4 6b 15 56 76 b0 31 81 4f 59 72 dd a8 0a 56 ee Aug 26 13:24:31.389178: | 6d 36 38 a2 06 6d 2c 1a 88 5f e1 ea 0f a5 c4 53 Aug 26 13:24:31.389181: | ee 05 f0 5f a0 0f 57 af 76 5c 15 24 8f bc 4d 0c Aug 26 13:24:31.389185: | 9b ec 8c b0 16 94 5c de 19 16 16 aa 20 23 9e f7 Aug 26 13:24:31.389187: | e5 bc 41 6e b7 15 33 0b c9 22 d3 59 18 d9 6c 44 Aug 26 13:24:31.389189: | 78 c0 bc 74 3b 1a 85 79 ad ea 58 f9 b2 f4 73 b2 Aug 26 13:24:31.389192: | db 79 e6 fa 0d 24 de 6c 25 a2 29 84 6c 94 7b 77 Aug 26 13:24:31.389194: | ba 0d 05 90 54 18 3d f9 74 63 23 7a 19 29 28 f0 Aug 26 13:24:31.389196: | 93 7f e9 01 ae 8f c3 10 19 7c 18 b8 62 a6 0c e6 Aug 26 13:24:31.389199: | e3 a5 1b 48 03 d4 3e 8e b7 52 81 43 b1 b7 ea 99 Aug 26 13:24:31.389201: | 4a f1 f5 6b b2 4f ee ce 1c b3 6f 65 67 bd 75 bb Aug 26 13:24:31.389204: | c7 48 4b 56 94 e4 c5 2a e6 e2 bc 8b 34 14 13 03 Aug 26 13:24:31.389206: | e0 2a 2e ef c9 68 a5 82 47 6c 27 63 99 7d 68 5b Aug 26 13:24:31.389208: | 36 96 ae b5 37 26 e9 e6 59 75 50 98 32 77 dd 62 Aug 26 13:24:31.389211: | dd a9 b8 ca 47 f8 5c 67 5c 2c df 69 95 21 3a 73 Aug 26 13:24:31.389213: | 93 66 26 61 51 a3 f1 10 3a 05 f7 f3 df d3 9e 49 Aug 26 13:24:31.389218: | 40 74 f8 ce 8e 1e 31 60 dc c5 b3 88 a3 44 b2 6b Aug 26 13:24:31.389220: | 18 d5 75 c7 f6 ef 93 65 c3 d4 9f 86 8b 3d 9c e4 Aug 26 13:24:31.389223: | a8 bd 75 8c a7 8c a0 8e 02 99 00 99 ea e9 8b ca Aug 26 13:24:31.389225: | ee fb d2 ce c8 bd 54 cc 13 f5 88 7c d5 cd fa d5 Aug 26 13:24:31.389227: | 2e 53 59 5a ed 09 c8 28 1d c4 0b d2 e4 6f 98 24 Aug 26 13:24:31.389230: | f5 87 0b 48 76 9f c3 f4 2f c2 8e 86 4c 06 f9 2f Aug 26 13:24:31.389232: | 0e a7 d5 4e 3b 0c ae 10 53 79 43 9b df 0c 20 53 Aug 26 13:24:31.389235: | 50 26 89 04 c1 ea 84 dd 75 0d 35 db 8a a7 be 55 Aug 26 13:24:31.389237: | a7 d5 87 42 17 d4 f3 4e b0 e6 1d 76 0f 6c 1a e4 Aug 26 13:24:31.389239: | de a7 c7 4e f2 2b 26 f5 5c ba 26 a1 2b f1 1b 14 Aug 26 13:24:31.389242: | 6c a7 86 a8 09 c7 de ba 10 00 05 19 81 c2 37 a3 Aug 26 13:24:31.389244: | d8 8b 0f 08 d5 f1 2b ba bc c4 cf 6c dc 11 d7 3c Aug 26 13:24:31.389246: | 8d 4b b9 f5 fd 61 76 7a c6 e7 ed a8 eb 90 50 e8 Aug 26 13:24:31.389249: | 4a 75 91 47 b6 98 c7 33 eb 9d 95 6b 62 f6 84 f3 Aug 26 13:24:31.389251: | 40 90 3f 06 e9 7c c2 a0 9d 39 0f 3d f1 ea f4 9a Aug 26 13:24:31.389254: | 7e 30 1c 4a b7 28 24 03 f9 42 77 fb 3c db a6 87 Aug 26 13:24:31.389256: | 50 55 d2 39 65 2a 1b ab 51 8b b2 77 00 ee ac 8f Aug 26 13:24:31.389258: | 7f a7 79 6f 91 09 e2 36 14 45 74 ad 43 20 f8 78 Aug 26 13:24:31.389261: | 2d 5c c5 ae ef bc be 52 b9 17 4c d6 3e 82 e9 bb Aug 26 13:24:31.389263: | 2d d3 4b 2b 9c 63 95 2c 4a 75 7d 63 8a b0 48 f8 Aug 26 13:24:31.389265: | a9 64 e5 4e 7a 5d 6b 85 b5 37 9c 38 ac 06 76 61 Aug 26 13:24:31.389268: | af bb d9 71 de ae 31 26 6b 31 04 b6 d5 6b 53 ae Aug 26 13:24:31.389270: | 99 ab 30 8f 9d Aug 26 13:24:31.389320: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:31.389329: | libevent_free: release ptr-libevent@0x55d8a67616d8 Aug 26 13:24:31.389333: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f01d8002b78 Aug 26 13:24:31.389336: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:24:31.389340: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f01d8002b78 Aug 26 13:24:31.389345: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:24:31.389348: | libevent_malloc: new ptr-libevent@0x55d8a6755bd8 size 128 Aug 26 13:24:31.389353: | #4 STATE_V2_REKEY_CHILD_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11157.131806 Aug 26 13:24:31.389359: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:31.389363: | resume processing: state #1 connection "east" from 192.1.2.45:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:31.389369: | #1 spent 1.46 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:31.389373: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in callback_handler() at server.c:908) Aug 26 13:24:31.389376: | libevent_free: release ptr-libevent@0x55d8a6752248 Aug 26 13:24:31.394725: | spent 0.00468 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:31.394756: | *received 449 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:24:31.394764: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:31.394770: | 2e 20 24 28 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:24:31.394775: | c3 75 60 d1 71 4d 44 5c a6 2a 9c 0c a0 a6 df 02 Aug 26 13:24:31.394780: | 86 a6 3f 74 6b eb 8c 97 5d 90 9b 18 02 bd 10 d0 Aug 26 13:24:31.394784: | 05 57 ff ea 8c 92 c8 8f 4f 79 dd 55 f9 13 d3 f8 Aug 26 13:24:31.394789: | 89 7f eb b6 6a 87 14 30 a2 3c c5 6f b2 ff 32 7f Aug 26 13:24:31.394794: | 31 87 e1 30 59 8e 40 50 8e 88 d8 38 d6 0e ed 7a Aug 26 13:24:31.394798: | a9 8e 48 48 d3 d1 d6 01 d4 65 8d 5d 28 c4 d5 be Aug 26 13:24:31.394803: | 55 0a 90 f8 59 d7 61 e1 49 a3 bc 18 77 74 dc b2 Aug 26 13:24:31.394808: | b4 e6 28 33 96 e0 5d fd 2b 15 57 99 92 93 be e3 Aug 26 13:24:31.394818: | 48 4a dc b0 f7 ca 92 ea 7a 85 f3 d2 80 bd c9 9a Aug 26 13:24:31.394823: | 3d 5a 95 7d 03 4b ef cd f5 0e 3a f4 d6 d1 5a 33 Aug 26 13:24:31.394828: | f6 f6 1d 82 77 7a cf fd af 59 20 60 90 8a 0f e1 Aug 26 13:24:31.394833: | 01 59 82 08 48 4d 81 ef 5b 1a 06 f2 4f 1b e3 a3 Aug 26 13:24:31.394837: | c8 58 20 d4 bf 6b 7e 63 d8 56 8e 81 60 48 9a ac Aug 26 13:24:31.394841: | 6b 1d 3d 7b 8b 46 84 5a 70 08 a0 ee 61 89 f2 01 Aug 26 13:24:31.394844: | 44 38 03 5c 0d 59 f4 69 13 c3 9f 62 68 18 48 00 Aug 26 13:24:31.394848: | 46 80 67 22 eb 1f 0e 11 04 c7 dc c5 a4 10 a1 95 Aug 26 13:24:31.394852: | 28 64 26 90 77 f5 17 12 83 b6 6d 36 5a 91 2e e3 Aug 26 13:24:31.394856: | a2 fa 8c d3 6d 6c 46 ac 84 bc a9 fc dd a1 14 0a Aug 26 13:24:31.394860: | 48 31 3d d2 dd 4d 13 1f 4b eb ed 47 5f 7a 91 37 Aug 26 13:24:31.394864: | 99 2d 2e 03 41 26 46 85 eb 33 9b 30 63 ee 16 d5 Aug 26 13:24:31.394868: | 3a 41 c2 a0 18 a5 2c 0c 7e 09 77 79 90 7a df 20 Aug 26 13:24:31.394872: | 97 12 d5 65 51 41 f8 00 55 14 63 b2 6f 00 de 40 Aug 26 13:24:31.394877: | a7 d6 7d 8d 0f 3f e4 db b6 3a 10 19 ba c1 86 78 Aug 26 13:24:31.394882: | 03 29 1f c2 66 a7 71 d3 e8 2d 54 30 30 dc ad 92 Aug 26 13:24:31.394887: | 5a 67 dd 53 34 ce 93 b2 09 4a 20 ad ec 01 fd a5 Aug 26 13:24:31.394891: | ee 25 e7 a2 22 8b 76 10 4e 8b 96 70 21 89 e8 a9 Aug 26 13:24:31.394896: | 17 Aug 26 13:24:31.394906: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:24:31.394914: | **parse ISAKMP Message: Aug 26 13:24:31.394919: | initiator cookie: Aug 26 13:24:31.394924: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:31.394929: | responder cookie: Aug 26 13:24:31.394933: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:31.394938: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:31.394943: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:31.394947: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:31.394952: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:31.394956: | Message ID: 2 (0x2) Aug 26 13:24:31.394960: | length: 449 (0x1c1) Aug 26 13:24:31.394965: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:31.394970: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:31.394977: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:24:31.394990: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:31.394996: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:31.395006: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:31.395015: | start processing: state #4 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:31.395020: | #4 is idle Aug 26 13:24:31.395025: | #4 idle Aug 26 13:24:31.395029: | unpacking clear payload Aug 26 13:24:31.395035: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:31.395041: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:31.395046: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:31.395050: | flags: none (0x0) Aug 26 13:24:31.395054: | length: 421 (0x1a5) Aug 26 13:24:31.395058: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:24:31.395063: | #4 in state V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:31.395082: | #4 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:31.395088: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:31.395092: | **parse IKEv2 Security Association Payload: Aug 26 13:24:31.395098: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:31.395103: | flags: none (0x0) Aug 26 13:24:31.395108: | length: 44 (0x2c) Aug 26 13:24:31.395113: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:24:31.395122: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:31.395127: | **parse IKEv2 Nonce Payload: Aug 26 13:24:31.395132: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:31.395137: | flags: none (0x0) Aug 26 13:24:31.395142: | length: 36 (0x24) Aug 26 13:24:31.395147: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:31.395152: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:31.395157: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:31.395162: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:24:31.395167: | flags: none (0x0) Aug 26 13:24:31.395171: | length: 264 (0x108) Aug 26 13:24:31.395175: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.395179: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:31.395183: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:24:31.395188: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:31.395192: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:24:31.395196: | flags: none (0x0) Aug 26 13:24:31.395200: | length: 24 (0x18) Aug 26 13:24:31.395204: | number of TS: 1 (0x1) Aug 26 13:24:31.395208: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:24:31.395212: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:24:31.395216: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:31.395220: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:31.395224: | flags: none (0x0) Aug 26 13:24:31.395228: | length: 24 (0x18) Aug 26 13:24:31.395232: | number of TS: 1 (0x1) Aug 26 13:24:31.395236: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:24:31.395241: | state #4 forced to match CREATE_CHILD_SA from V2_CREATE_I->V2_IPSEC_I by ignoring from state Aug 26 13:24:31.395245: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:31.395254: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:31.395258: | forcing ST #4 to CHILD #1.#4 in FSM processor Aug 26 13:24:31.395262: | Now let's proceed with state specific processing Aug 26 13:24:31.395265: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:31.395284: | using existing local ESP/AH proposals for east (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:31.395295: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:24:31.395301: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:31.395306: | local proposal 1 type PRF has 0 transforms Aug 26 13:24:31.395310: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:31.395314: | local proposal 1 type DH has 1 transforms Aug 26 13:24:31.395321: | local proposal 1 type ESN has 1 transforms Aug 26 13:24:31.395327: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:31.395331: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:31.395336: | local proposal 2 type PRF has 0 transforms Aug 26 13:24:31.395340: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:31.395344: | local proposal 2 type DH has 1 transforms Aug 26 13:24:31.395348: | local proposal 2 type ESN has 1 transforms Aug 26 13:24:31.395353: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:31.395357: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:31.395361: | local proposal 3 type PRF has 0 transforms Aug 26 13:24:31.395365: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:31.395369: | local proposal 3 type DH has 1 transforms Aug 26 13:24:31.395373: | local proposal 3 type ESN has 1 transforms Aug 26 13:24:31.395384: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:31.395389: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:31.395394: | local proposal 4 type PRF has 0 transforms Aug 26 13:24:31.395399: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:31.395404: | local proposal 4 type DH has 1 transforms Aug 26 13:24:31.395409: | local proposal 4 type ESN has 1 transforms Aug 26 13:24:31.395415: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:31.395422: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:31.395427: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:31.395432: | length: 40 (0x28) Aug 26 13:24:31.395437: | prop #: 1 (0x1) Aug 26 13:24:31.395442: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:31.395447: | spi size: 4 (0x4) Aug 26 13:24:31.395451: | # transforms: 3 (0x3) Aug 26 13:24:31.395458: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:31.395463: | remote SPI a9 22 b7 9a Aug 26 13:24:31.395468: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:31.395472: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:31.395477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.395481: | length: 12 (0xc) Aug 26 13:24:31.395485: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:31.395489: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:31.395494: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:31.395498: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:31.395503: | length/value: 256 (0x100) Aug 26 13:24:31.395509: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:31.395514: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:31.395518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:31.395523: | length: 8 (0x8) Aug 26 13:24:31.395529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:31.395534: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:31.395542: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:31.395547: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:31.395552: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:31.395557: | length: 8 (0x8) Aug 26 13:24:31.395562: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:31.395567: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:31.395575: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:24:31.395582: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:24:31.395590: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:24:31.395595: | remote proposal 1 matches local proposal 1 Aug 26 13:24:31.395600: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:24:31.395608: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=a922b79a;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:24:31.395613: | converting proposal to internal trans attrs Aug 26 13:24:31.395620: | updating #4's .st_oakley with preserved PRF, but why update? Aug 26 13:24:31.395627: | adding ikev2 Child Rekey SA initiator pfs=yes work-order 6 for state #4 Aug 26 13:24:31.395632: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:31.395638: | #4 STATE_V2_REKEY_CHILD_I: retransmits: cleared Aug 26 13:24:31.395646: | libevent_free: release ptr-libevent@0x55d8a6755bd8 Aug 26 13:24:31.395652: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f01d8002b78 Aug 26 13:24:31.395659: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:31.395670: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:31.395676: | libevent_malloc: new ptr-libevent@0x55d8a6752248 size 128 Aug 26 13:24:31.395694: | #4 spent 0.416 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:24:31.395706: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:31.395701: | crypto helper 6 resuming Aug 26 13:24:31.395715: | #4 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:24:31.395727: | crypto helper 6 starting work-order 6 for state #4 Aug 26 13:24:31.395737: | suspending state #4 and saving MD Aug 26 13:24:31.395747: | crypto helper 6 doing crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 6 Aug 26 13:24:31.395755: | #4 is busy; has a suspended MD Aug 26 13:24:31.395775: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:31.395783: | "east" #4 complete v2 state STATE_V2_REKEY_CHILD_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:31.395792: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:31.395801: | #1 spent 1.04 milliseconds in ikev2_process_packet() Aug 26 13:24:31.395810: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:24:31.395816: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:31.395822: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:31.395829: | spent 1.07 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:31.396909: | crypto helper 6 finished crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 6 time elapsed 0.001162 seconds Aug 26 13:24:31.396926: | (#4) spent 1.17 milliseconds in crypto helper computing work-order 6: ikev2 Child Rekey SA initiator pfs=yes (dh) Aug 26 13:24:31.396930: | crypto helper 6 sending results from work-order 6 for state #4 to event queue Aug 26 13:24:31.396933: | scheduling resume sending helper answer for #4 Aug 26 13:24:31.396937: | libevent_malloc: new ptr-libevent@0x7f01c0001f78 size 128 Aug 26 13:24:31.396946: | crypto helper 6 waiting (nothing to do) Aug 26 13:24:31.396988: | processing resume sending helper answer for #4 Aug 26 13:24:31.397003: | start processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:24:31.397009: | crypto helper 6 replies to request ID 6 Aug 26 13:24:31.397012: | calling continuation function 0x55d8a52f49d0 Aug 26 13:24:31.397016: | ikev2_child_inR_continue for #4 STATE_V2_REKEY_CHILD_I Aug 26 13:24:31.397019: | TSi: parsing 1 traffic selectors Aug 26 13:24:31.397023: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:31.397025: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:31.397028: | IP Protocol ID: 0 (0x0) Aug 26 13:24:31.397031: | length: 16 (0x10) Aug 26 13:24:31.397033: | start port: 0 (0x0) Aug 26 13:24:31.397036: | end port: 65535 (0xffff) Aug 26 13:24:31.397039: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:31.397041: | TS low c0 00 02 00 Aug 26 13:24:31.397044: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:31.397047: | TS high c0 00 02 ff Aug 26 13:24:31.397049: | TSi: parsed 1 traffic selectors Aug 26 13:24:31.397052: | TSr: parsing 1 traffic selectors Aug 26 13:24:31.397054: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:31.397057: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:31.397059: | IP Protocol ID: 0 (0x0) Aug 26 13:24:31.397062: | length: 16 (0x10) Aug 26 13:24:31.397064: | start port: 0 (0x0) Aug 26 13:24:31.397067: | end port: 65535 (0xffff) Aug 26 13:24:31.397069: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:31.397075: | TS low c0 00 01 00 Aug 26 13:24:31.397078: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:31.397080: | TS high c0 00 01 ff Aug 26 13:24:31.397083: | TSr: parsed 1 traffic selectors Aug 26 13:24:31.397089: | evaluating our conn="east" I=192.0.2.0/24:0/0 R=192.0.1.0/24:0/0 to their: Aug 26 13:24:31.397094: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:31.397100: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:24:31.397103: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:24:31.397106: | TSi[0] port match: YES fitness 65536 Aug 26 13:24:31.397109: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:24:31.397112: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:31.397116: | TSr[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:31.397121: | match address end->client=192.0.1.0/24 == TSr[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:24:31.397124: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:24:31.397127: | TSr[0] port match: YES fitness 65536 Aug 26 13:24:31.397130: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:24:31.397133: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:31.397135: | best fit so far: TSi[0] TSr[0] Aug 26 13:24:31.397138: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:24:31.397140: | printing contents struct traffic_selector Aug 26 13:24:31.397143: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:31.397145: | ipprotoid: 0 Aug 26 13:24:31.397147: | port range: 0-65535 Aug 26 13:24:31.397151: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:31.397154: | printing contents struct traffic_selector Aug 26 13:24:31.397156: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:31.397158: | ipprotoid: 0 Aug 26 13:24:31.397161: | port range: 0-65535 Aug 26 13:24:31.397164: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:31.397169: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:24:31.397360: | install_ipsec_sa() for #4: inbound and outbound Aug 26 13:24:31.397370: | could_route called for east (kind=CK_PERMANENT) Aug 26 13:24:31.397374: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:31.397377: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:24:31.397380: | conn east mark 0/00000000, 0/00000000 Aug 26 13:24:31.397384: | route owner of "east" erouted: self; eroute owner: self Aug 26 13:24:31.397388: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:31.397391: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:31.397394: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:31.397397: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:31.397401: | setting IPsec SA replay-window to 32 Aug 26 13:24:31.397404: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:24:31.397407: | netlink: enabling tunnel mode Aug 26 13:24:31.397411: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:31.397413: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:31.397484: | netlink response for Add SA esp.a922b79a@192.1.2.45 included non-error error Aug 26 13:24:31.397489: | set up outgoing SA, ref=0/0 Aug 26 13:24:31.397492: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:31.397495: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:31.397497: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:31.397500: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:31.397504: | setting IPsec SA replay-window to 32 Aug 26 13:24:31.397507: | NIC esp-hw-offload not for connection 'east' not available on interface eth1 Aug 26 13:24:31.397509: | netlink: enabling tunnel mode Aug 26 13:24:31.397515: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:31.397518: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:31.397554: | netlink response for Add SA esp.4277b24e@192.1.2.23 included non-error error Aug 26 13:24:31.397559: | set up incoming SA, ref=0/0 Aug 26 13:24:31.397562: | sr for #4: erouted Aug 26 13:24:31.397565: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:24:31.397567: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:31.397570: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:24:31.397573: | conn east mark 0/00000000, 0/00000000 Aug 26 13:24:31.397576: | route owner of "east" erouted: self; eroute owner: self Aug 26 13:24:31.397580: | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #4 Aug 26 13:24:31.397583: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:31.397591: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) Aug 26 13:24:31.397594: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:31.397612: | raw_eroute result=success Aug 26 13:24:31.397616: | route_and_eroute: firewall_notified: true Aug 26 13:24:31.397620: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55d8a674e678,sr=0x55d8a674e678} to #4 (was #3) (newest_ipsec_sa=#3) Aug 26 13:24:31.397683: | #1 spent 0.322 milliseconds in install_ipsec_sa() Aug 26 13:24:31.397689: | inR2: instance east[0], setting IKEv2 newest_ipsec_sa to #4 (was #3) (spd.eroute=#4) cloned from #1 Aug 26 13:24:31.397693: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:31.397696: | libevent_free: release ptr-libevent@0x55d8a6752248 Aug 26 13:24:31.397700: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f01d8002b78 Aug 26 13:24:31.397705: "east" #4: rekeyed #3 STATE_V2_REKEY_CHILD_I and expire it remaining life 3s Aug 26 13:24:31.397708: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:31.397711: | libevent_free: release ptr-libevent@0x7f01d4002888 Aug 26 13:24:31.397714: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d8a6754668 Aug 26 13:24:31.397717: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d8a6754668 Aug 26 13:24:31.397720: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #3 Aug 26 13:24:31.397723: | libevent_malloc: new ptr-libevent@0x55d8a6755bd8 size 128 Aug 26 13:24:31.397730: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:31.397734: | #4 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_OK Aug 26 13:24:31.397737: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:24:31.397741: | child state #4: V2_REKEY_CHILD_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:24:31.397744: | Message ID: updating counters for #4 to 2 after switching state Aug 26 13:24:31.397750: | Message ID: recv #1.#4 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=1 responder.recv=1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:24:31.397754: | Message ID: #1.#4 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:31.397757: | pstats #4 ikev2.child established Aug 26 13:24:31.397764: "east" #4: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 13:24:31.397767: | NAT-T: encaps is 'auto' Aug 26 13:24:31.397772: "east" #4: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xa922b79a <0x4277b24e xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:24:31.397775: | releasing whack for #4 (sock=fd@-1) Aug 26 13:24:31.397777: | releasing whack and unpending for parent #1 Aug 26 13:24:31.397780: | unpending state #1 connection "east" Aug 26 13:24:31.397788: | #4 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:31.397791: | event_schedule: new EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:24:31.397795: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #4 Aug 26 13:24:31.397798: | libevent_malloc: new ptr-libevent@0x7f01cc002888 size 128 Aug 26 13:24:31.397804: | #4 spent 0.784 milliseconds in resume sending helper answer Aug 26 13:24:31.397808: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:24:31.397811: | libevent_free: release ptr-libevent@0x7f01c0001f78 Aug 26 13:24:32.398343: | timer_event_cb: processing event@0x55d8a6754668 Aug 26 13:24:32.398373: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 13:24:32.398380: | start processing: state #3 connection "east" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:32.398383: | picked newest_ipsec_sa #4 for #3 Aug 26 13:24:32.398385: | CHILD SA expired (superseded by #4) Aug 26 13:24:32.398387: | pstats #3 ikev2.child deleted completed Aug 26 13:24:32.398391: | #3 spent 2.28 milliseconds in total Aug 26 13:24:32.398394: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:24:32.398398: "east" #3: deleting state (STATE_V2_IPSEC_I) aged 26.033s and sending notification Aug 26 13:24:32.398400: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:32.398403: | get_sa_info esp.bfdcbc36@192.1.2.45 Aug 26 13:24:32.398636: | get_sa_info esp.3c6bc9ad@192.1.2.23 Aug 26 13:24:32.398642: "east" #3: ESP traffic information: in=336B out=336B Aug 26 13:24:32.398645: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:24:32.398647: | Opening output PBS informational exchange delete request Aug 26 13:24:32.398649: | **emit ISAKMP Message: Aug 26 13:24:32.398651: | initiator cookie: Aug 26 13:24:32.398653: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:32.398655: | responder cookie: Aug 26 13:24:32.398656: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:32.398658: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:32.398660: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:32.398662: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:32.398664: | flags: none (0x0) Aug 26 13:24:32.398665: | Message ID: 3 (0x3) Aug 26 13:24:32.398667: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:32.398669: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:32.398671: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:32.398673: | flags: none (0x0) Aug 26 13:24:32.398675: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:32.398677: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:32.398679: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:32.398688: | ****emit IKEv2 Delete Payload: Aug 26 13:24:32.398689: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:32.398691: | flags: none (0x0) Aug 26 13:24:32.398693: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:32.398694: | SPI size: 4 (0x4) Aug 26 13:24:32.398696: | number of SPIs: 1 (0x1) Aug 26 13:24:32.398698: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:32.398700: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:32.398702: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:32.398704: | local spis 3c 6b c9 ad Aug 26 13:24:32.398705: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:32.398707: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:32.398710: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:32.398716: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:32.398719: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:32.398721: | emitting length of ISAKMP Message: 69 Aug 26 13:24:32.398742: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #3) Aug 26 13:24:32.398745: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:32.398748: | 2e 20 25 00 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:32.398750: | aa db b0 59 73 b7 44 88 9e 87 36 5a 78 f6 35 a7 Aug 26 13:24:32.398752: | 24 cc 87 52 89 3b 9f 09 02 02 4d a2 18 78 0c a1 Aug 26 13:24:32.398754: | dd 09 1b 53 40 Aug 26 13:24:32.398793: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:24:32.398811: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 13:24:32.398815: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:24:32.399092: | delete esp.bfdcbc36@192.1.2.45 Aug 26 13:24:32.399111: | netlink response for Del SA esp.bfdcbc36@192.1.2.45 included non-error error Aug 26 13:24:32.399114: | delete esp.3c6bc9ad@192.1.2.23 Aug 26 13:24:32.399122: | netlink response for Del SA esp.3c6bc9ad@192.1.2.23 included non-error error Aug 26 13:24:32.399125: | in connection_discard for connection east Aug 26 13:24:32.399127: | State DB: deleting IKEv2 state #3 in V2_IPSEC_I Aug 26 13:24:32.399130: | child state #3: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:32.399151: | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:24:32.399158: | State DB: found IKEv2 state #4 in V2_IPSEC_I (v2_expire_unused_ike_sa) Aug 26 13:24:32.399160: | can't expire unused IKE SA #1; it has the child #4 Aug 26 13:24:32.399163: | libevent_free: release ptr-libevent@0x55d8a6755bd8 Aug 26 13:24:32.399166: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d8a6754668 Aug 26 13:24:32.399168: | in statetime_stop() and could not find #3 Aug 26 13:24:32.399170: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:32.399247: | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:32.399260: | *received 69 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:24:32.399264: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:32.399266: | 2e 20 25 28 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:32.399268: | 34 79 5a 1e 3e 45 b6 b9 74 8a 00 b8 66 8c 88 14 Aug 26 13:24:32.399270: | cf 62 72 24 0b 11 28 9f bd a6 cc 1a 60 6f 90 64 Aug 26 13:24:32.399272: | 06 fa 6d 94 22 Aug 26 13:24:32.399276: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:24:32.399279: | **parse ISAKMP Message: Aug 26 13:24:32.399281: | initiator cookie: Aug 26 13:24:32.399283: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:32.399286: | responder cookie: Aug 26 13:24:32.399294: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:32.399301: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:32.399304: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:32.399306: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:32.399321: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:32.399324: | Message ID: 3 (0x3) Aug 26 13:24:32.399326: | length: 69 (0x45) Aug 26 13:24:32.399328: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:32.399346: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:32.399349: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:24:32.399354: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:32.399360: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:32.399363: | #1 is idle Aug 26 13:24:32.399366: | #1 idle Aug 26 13:24:32.399368: | unpacking clear payload Aug 26 13:24:32.399383: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:32.399386: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:32.399389: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:32.399391: | flags: none (0x0) Aug 26 13:24:32.399394: | length: 41 (0x29) Aug 26 13:24:32.399396: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:32.399399: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:24:32.399410: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:32.399413: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:32.399416: | **parse IKEv2 Delete Payload: Aug 26 13:24:32.399418: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:32.399421: | flags: none (0x0) Aug 26 13:24:32.399423: | length: 12 (0xc) Aug 26 13:24:32.399425: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:32.399428: | SPI size: 4 (0x4) Aug 26 13:24:32.399430: | number of SPIs: 1 (0x1) Aug 26 13:24:32.399432: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:32.399435: | selected state microcode R2: process INFORMATIONAL Request Aug 26 13:24:32.399438: | Now let's proceed with state specific processing Aug 26 13:24:32.399440: | calling processor R2: process INFORMATIONAL Request Aug 26 13:24:32.399443: | an informational response Aug 26 13:24:32.399446: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:32.399449: | SPI bf dc bc 36 Aug 26 13:24:32.399452: | delete PROTO_v2_ESP SA(0xbfdcbc36) Aug 26 13:24:32.399455: | State DB: IKEv2 state not found (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:32.399458: "east" #1: received delete request for PROTO_v2_ESP SA(0xbfdcbc36) but corresponding state not found Aug 26 13:24:32.399464: | #1 spent 0.0186 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:32.399469: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:32.399473: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 13:24:32.399477: | Message ID: updating counters for #1 to 3 after switching state Aug 26 13:24:32.399482: | Message ID: recv #1 response 3; ike: initiator.sent=3 initiator.recv=2->3 responder.sent=1 responder.recv=1 wip.initiator=3->-1 wip.responder=-1 Aug 26 13:24:32.399487: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=3 initiator.recv=3 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:32.399490: "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 13:24:32.399495: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:32.399499: | #1 spent 0.239 milliseconds in ikev2_process_packet() Aug 26 13:24:32.399504: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:24:32.399507: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:32.399510: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:32.399515: | spent 0.255 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:37.052346: | processing global timer EVENT_PENDING_DDNS Aug 26 13:24:37.052365: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:24:37.052368: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:24:37.052373: | elapsed time in connection_check_ddns for hostname lookup 0.000007 Aug 26 13:24:37.052378: | spent 0.0124 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:24:37.052381: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:37.052384: | expiring aged bare shunts from shunt table Aug 26 13:24:37.052391: | spent 0.00674 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:38.408826: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:38.409523: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:24:38.409553: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:38.409576: | get_sa_info esp.4277b24e@192.1.2.23 Aug 26 13:24:38.409624: | get_sa_info esp.a922b79a@192.1.2.45 Aug 26 13:24:38.409694: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:38.409726: | spent 0.909 milliseconds in whack Aug 26 13:24:38.479125: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:38.480316: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:38.480357: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:38.480654: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:24:38.480673: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:38.480732: | get_sa_info esp.4277b24e@192.1.2.23 Aug 26 13:24:38.480786: | get_sa_info esp.a922b79a@192.1.2.45 Aug 26 13:24:38.480881: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:38.480911: | spent 1.78 milliseconds in whack Aug 26 13:24:38.626323: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:38.627159: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:38.627186: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:38.627467: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:24:38.627502: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:38.627563: | get_sa_info esp.4277b24e@192.1.2.23 Aug 26 13:24:38.627626: | get_sa_info esp.a922b79a@192.1.2.45 Aug 26 13:24:38.627741: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:38.627775: | spent 1.47 milliseconds in whack Aug 26 13:24:39.393359: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:39.393375: shutting down Aug 26 13:24:39.393381: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:24:39.393383: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:24:39.393385: forgetting secrets Aug 26 13:24:39.393390: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:24:39.393392: | unreference key: 0x55d8a6750698 @east cnt 1-- Aug 26 13:24:39.393396: | unreference key: 0x55d8a66a7c48 @west cnt 1-- Aug 26 13:24:39.393399: | start processing: connection "east" (in delete_connection() at connections.c:189) Aug 26 13:24:39.393401: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:24:39.393403: | pass 0 Aug 26 13:24:39.393404: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:24:39.393406: | state #4 Aug 26 13:24:39.393408: | suspend processing: connection "east" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:24:39.393427: | start processing: state #4 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:24:39.393429: | pstats #4 ikev2.child deleted completed Aug 26 13:24:39.393431: | #4 spent 3.58 milliseconds in total Aug 26 13:24:39.393434: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:24:39.393437: "east" #4: deleting state (STATE_V2_IPSEC_I) aged 8.007s and sending notification Aug 26 13:24:39.393439: | child state #4: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:39.393442: | get_sa_info esp.a922b79a@192.1.2.45 Aug 26 13:24:39.393452: | get_sa_info esp.4277b24e@192.1.2.23 Aug 26 13:24:39.393457: "east" #4: ESP traffic information: in=336B out=336B Aug 26 13:24:39.393460: | #4 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:24:39.393461: | Opening output PBS informational exchange delete request Aug 26 13:24:39.393466: | **emit ISAKMP Message: Aug 26 13:24:39.393468: | initiator cookie: Aug 26 13:24:39.393469: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:39.393471: | responder cookie: Aug 26 13:24:39.393472: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:39.393474: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.393477: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.393479: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.393480: | flags: none (0x0) Aug 26 13:24:39.393482: | Message ID: 4 (0x4) Aug 26 13:24:39.393484: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.393486: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.393488: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.393502: | flags: none (0x0) Aug 26 13:24:39.393505: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.393507: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.393509: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.393528: | ****emit IKEv2 Delete Payload: Aug 26 13:24:39.393530: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.393532: | flags: none (0x0) Aug 26 13:24:39.393534: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:39.393535: | SPI size: 4 (0x4) Aug 26 13:24:39.393537: | number of SPIs: 1 (0x1) Aug 26 13:24:39.393539: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:39.393541: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.393543: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:39.393545: | local spis 42 77 b2 4e Aug 26 13:24:39.393546: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:39.393549: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:39.393551: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:39.393553: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:39.393555: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:39.393556: | emitting length of ISAKMP Message: 69 Aug 26 13:24:39.393572: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #4) Aug 26 13:24:39.393575: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:39.393576: | 2e 20 25 00 00 00 00 04 00 00 00 45 2a 00 00 29 Aug 26 13:24:39.393578: | b1 78 53 ce 78 a9 43 e0 6f c4 98 c0 f9 d2 f4 df Aug 26 13:24:39.393579: | 06 bd af ba 55 33 47 16 e5 29 b7 db 7a f8 60 73 Aug 26 13:24:39.393581: | e1 49 39 1a 4a Aug 26 13:24:39.393609: | Message ID: IKE #1 sender #4 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=0->2 Aug 26 13:24:39.393612: | Message ID: IKE #1 sender #4 in send_delete hacking around record ' send Aug 26 13:24:39.393615: | Message ID: sent #1 request 4; ike: initiator.sent=3->4 initiator.recv=3 responder.sent=1 responder.recv=1 wip.initiator=-1->4 wip.responder=-1 Aug 26 13:24:39.393617: | state #4 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:39.393620: | libevent_free: release ptr-libevent@0x7f01cc002888 Aug 26 13:24:39.393622: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f01d8002b78 Aug 26 13:24:39.393659: | running updown command "ipsec _updown" for verb down Aug 26 13:24:39.393664: | command executing down-client Aug 26 13:24:39.393683: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825871' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa922b79a Aug 26 13:24:39.393688: | popen cmd is 1031 chars long Aug 26 13:24:39.393690: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: Aug 26 13:24:39.393692: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: Aug 26 13:24:39.393693: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: Aug 26 13:24:39.393695: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: Aug 26 13:24:39.393697: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: Aug 26 13:24:39.393699: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: Aug 26 13:24:39.393700: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: Aug 26 13:24:39.393702: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825871' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: Aug 26 13:24:39.393704: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: Aug 26 13:24:39.393705: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: Aug 26 13:24:39.393707: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: Aug 26 13:24:39.393709: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : Aug 26 13:24:39.393711: | cmd( 960):VTI_SHARED='no' SPI_IN=0xa922b79a SPI_OUT=0x4277b24e ipsec _updown 2>&1: Aug 26 13:24:39.404582: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:24:39.404595: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:24:39.404598: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:39.404601: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:39.404625: | delete esp.a922b79a@192.1.2.45 Aug 26 13:24:39.404634: | netlink response for Del SA esp.a922b79a@192.1.2.45 included non-error error Aug 26 13:24:39.404638: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:39.404642: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:24:39.404656: | raw_eroute result=success Aug 26 13:24:39.404658: | delete esp.4277b24e@192.1.2.23 Aug 26 13:24:39.404665: | netlink response for Del SA esp.4277b24e@192.1.2.23 included non-error error Aug 26 13:24:39.404673: | stop processing: connection "east" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:24:39.404676: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:24:39.404678: | in connection_discard for connection east Aug 26 13:24:39.404680: | State DB: deleting IKEv2 state #4 in V2_IPSEC_I Aug 26 13:24:39.404685: | child state #4: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:39.404731: | stop processing: state #4 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.404751: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:24:39.404755: | state #1 Aug 26 13:24:39.404757: | pass 1 Aug 26 13:24:39.404758: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:24:39.404760: | state #1 Aug 26 13:24:39.404763: | start processing: state #1 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:24:39.404765: | pstats #1 ikev2.ike deleted completed Aug 26 13:24:39.404769: | #1 spent 29.9 milliseconds in total Aug 26 13:24:39.404772: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:24:39.404775: "east" #1: deleting state (STATE_PARENT_R2) aged 61.075s and sending notification Aug 26 13:24:39.404777: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:24:39.404807: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:24:39.404810: | Opening output PBS informational exchange delete request Aug 26 13:24:39.404812: | **emit ISAKMP Message: Aug 26 13:24:39.404814: | initiator cookie: Aug 26 13:24:39.404816: | 4f 2c 70 31 f8 84 a1 b5 Aug 26 13:24:39.404817: | responder cookie: Aug 26 13:24:39.404819: | 3b c3 08 46 be aa a5 54 Aug 26 13:24:39.404821: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.404823: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.404825: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.404827: | flags: none (0x0) Aug 26 13:24:39.404829: | Message ID: 5 (0x5) Aug 26 13:24:39.404831: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.404833: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.404835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.404837: | flags: none (0x0) Aug 26 13:24:39.404839: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.404841: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.404843: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.404852: | ****emit IKEv2 Delete Payload: Aug 26 13:24:39.404854: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.404855: | flags: none (0x0) Aug 26 13:24:39.404857: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:24:39.404858: | SPI size: 0 (0x0) Aug 26 13:24:39.404860: | number of SPIs: 0 (0x0) Aug 26 13:24:39.404862: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:39.404864: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.404866: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:24:39.404868: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:39.404870: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:39.404872: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:39.404874: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:24:39.404875: | emitting length of ISAKMP Message: 65 Aug 26 13:24:39.404892: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:24:39.404894: | 4f 2c 70 31 f8 84 a1 b5 3b c3 08 46 be aa a5 54 Aug 26 13:24:39.404896: | 2e 20 25 00 00 00 00 05 00 00 00 41 2a 00 00 25 Aug 26 13:24:39.404897: | 2c 37 e2 ce 35 95 74 2b fc 6c 30 67 85 90 ad 0f Aug 26 13:24:39.404899: | 8f 07 27 8a 31 ab 5c a9 b1 d9 35 c4 0f dc 6b a9 Aug 26 13:24:39.404900: | b2 Aug 26 13:24:39.404927: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=3->4 and sender msgid=2->3 Aug 26 13:24:39.404930: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:24:39.404935: | Message ID: #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?); initiator.sent=5 initiator.recv=3 responder.sent=1 responder.recv=1 wip.initiator=5 wip.responder=-1 Aug 26 13:24:39.404938: | Message ID: sent #1 request 5; ike: initiator.sent=4->5 initiator.recv=3 responder.sent=1 responder.recv=1 wip.initiator=4->5 wip.responder=-1 Aug 26 13:24:39.404940: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:39.404946: | libevent_free: release ptr-libevent@0x55d8a6755668 Aug 26 13:24:39.404948: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d8a6750338 Aug 26 13:24:39.404952: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:24:39.404954: | in connection_discard for connection east Aug 26 13:24:39.404956: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:24:39.404958: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:24:39.404973: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.404997: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:24:39.404999: | shunt_eroute() called for connection 'east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:24:39.405001: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:24:39.405004: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:39.405015: | priority calculation of connection "east" is 0xfe7e7 Aug 26 13:24:39.405022: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:39.405030: | conn east mark 0/00000000, 0/00000000 vs Aug 26 13:24:39.405034: | conn east mark 0/00000000, 0/00000000 Aug 26 13:24:39.405038: | route owner of "east" unrouted: NULL Aug 26 13:24:39.405042: | running updown command "ipsec _updown" for verb unroute Aug 26 13:24:39.405045: | command executing unroute-client Aug 26 13:24:39.405080: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 Aug 26 13:24:39.405086: | popen cmd is 1012 chars long Aug 26 13:24:39.405089: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: Aug 26 13:24:39.405092: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: Aug 26 13:24:39.405094: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: Aug 26 13:24:39.405096: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:24:39.405098: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO: Aug 26 13:24:39.405099: | cmd( 400):_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_: Aug 26 13:24:39.405101: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': Aug 26 13:24:39.405103: | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: Aug 26 13:24:39.405104: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Aug 26 13:24:39.405108: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Aug 26 13:24:39.405110: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Aug 26 13:24:39.405112: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Aug 26 13:24:39.405113: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:24:39.417002: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417016: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417018: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417021: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417023: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417025: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417071: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417073: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417075: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417077: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417087: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417102: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417115: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417130: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417143: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417156: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417170: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417183: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417196: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417208: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417220: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417234: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417246: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417411: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417436: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417447: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.417462: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:39.421879: | free hp@0x55d8a6750258 Aug 26 13:24:39.421890: | flush revival: connection 'east' wasn't on the list Aug 26 13:24:39.421894: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:24:39.421915: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:24:39.421918: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:24:39.421926: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:24:39.421929: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:24:39.421931: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:24:39.421933: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:24:39.421935: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:24:39.421937: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:24:39.421939: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:24:39.421947: | libevent_free: release ptr-libevent@0x55d8a6741d88 Aug 26 13:24:39.421950: | free_event_entry: release EVENT_NULL-pe@0x55d8a674da28 Aug 26 13:24:39.421959: | libevent_free: release ptr-libevent@0x55d8a66d4b08 Aug 26 13:24:39.421962: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dad8 Aug 26 13:24:39.421970: | libevent_free: release ptr-libevent@0x55d8a66d7f98 Aug 26 13:24:39.421976: | free_event_entry: release EVENT_NULL-pe@0x55d8a674db88 Aug 26 13:24:39.421983: | libevent_free: release ptr-libevent@0x55d8a66d89a8 Aug 26 13:24:39.421985: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dc38 Aug 26 13:24:39.421991: | libevent_free: release ptr-libevent@0x55d8a66ac4e8 Aug 26 13:24:39.421994: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dce8 Aug 26 13:24:39.422000: | libevent_free: release ptr-libevent@0x55d8a66ac1d8 Aug 26 13:24:39.422002: | free_event_entry: release EVENT_NULL-pe@0x55d8a674dd98 Aug 26 13:24:39.422007: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:24:39.422364: | libevent_free: release ptr-libevent@0x55d8a6741e38 Aug 26 13:24:39.422371: | free_event_entry: release EVENT_NULL-pe@0x55d8a6735ba8 Aug 26 13:24:39.422375: | libevent_free: release ptr-libevent@0x55d8a66d7968 Aug 26 13:24:39.422377: | free_event_entry: release EVENT_NULL-pe@0x55d8a6735b38 Aug 26 13:24:39.422380: | libevent_free: release ptr-libevent@0x55d8a67195f8 Aug 26 13:24:39.422383: | free_event_entry: release EVENT_NULL-pe@0x55d8a6734ff8 Aug 26 13:24:39.422386: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:24:39.422388: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:24:39.422389: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:24:39.422391: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:24:39.422393: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:24:39.422394: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:24:39.422396: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:24:39.422398: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:24:39.422399: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:24:39.422403: | libevent_free: release ptr-libevent@0x55d8a66d8e38 Aug 26 13:24:39.422405: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:24:39.422407: | libevent_free: release ptr-libevent@0x55d8a674d208 Aug 26 13:24:39.422408: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:24:39.422410: | libevent_free: release ptr-libevent@0x55d8a674d318 Aug 26 13:24:39.422412: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:24:39.422414: | libevent_free: release ptr-libevent@0x55d8a674d558 Aug 26 13:24:39.422416: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:24:39.422417: | releasing event base Aug 26 13:24:39.422426: | libevent_free: release ptr-libevent@0x55d8a674d428 Aug 26 13:24:39.422428: | libevent_free: release ptr-libevent@0x55d8a67304a8 Aug 26 13:24:39.422431: | libevent_free: release ptr-libevent@0x55d8a6730458 Aug 26 13:24:39.422433: | libevent_free: release ptr-libevent@0x7f01d40027d8 Aug 26 13:24:39.422436: | libevent_free: release ptr-libevent@0x55d8a67303a8 Aug 26 13:24:39.422438: | libevent_free: release ptr-libevent@0x55d8a674d108 Aug 26 13:24:39.422439: | libevent_free: release ptr-libevent@0x55d8a674d188 Aug 26 13:24:39.422441: | libevent_free: release ptr-libevent@0x55d8a6730658 Aug 26 13:24:39.422443: | libevent_free: release ptr-libevent@0x55d8a6735108 Aug 26 13:24:39.422444: | libevent_free: release ptr-libevent@0x55d8a6735af8 Aug 26 13:24:39.422446: | libevent_free: release ptr-libevent@0x55d8a674de08 Aug 26 13:24:39.422447: | libevent_free: release ptr-libevent@0x55d8a674dd58 Aug 26 13:24:39.422449: | libevent_free: release ptr-libevent@0x55d8a674dca8 Aug 26 13:24:39.422451: | libevent_free: release ptr-libevent@0x55d8a674dbf8 Aug 26 13:24:39.422452: | libevent_free: release ptr-libevent@0x55d8a674db48 Aug 26 13:24:39.422454: | libevent_free: release ptr-libevent@0x55d8a674da98 Aug 26 13:24:39.422455: | libevent_free: release ptr-libevent@0x55d8a66d7838 Aug 26 13:24:39.422457: | libevent_free: release ptr-libevent@0x55d8a674d2d8 Aug 26 13:24:39.422459: | libevent_free: release ptr-libevent@0x55d8a674d1c8 Aug 26 13:24:39.422460: | libevent_free: release ptr-libevent@0x55d8a674d148 Aug 26 13:24:39.422462: | libevent_free: release ptr-libevent@0x55d8a674d3e8 Aug 26 13:24:39.422463: | libevent_free: release ptr-libevent@0x55d8a66d43a8 Aug 26 13:24:39.422467: | libevent_free: release ptr-libevent@0x55d8a66ab908 Aug 26 13:24:39.422469: | libevent_free: release ptr-libevent@0x55d8a66abd38 Aug 26 13:24:39.422471: | libevent_free: release ptr-libevent@0x55d8a66d4718 Aug 26 13:24:39.422472: | releasing global libevent data Aug 26 13:24:39.422474: | libevent_free: release ptr-libevent@0x55d8a66aba08 Aug 26 13:24:39.422476: | libevent_free: release ptr-libevent@0x55d8a66abcd8 Aug 26 13:24:39.422478: | libevent_free: release ptr-libevent@0x55d8a66abdd8 Aug 26 13:24:39.422499: leak detective found no leaks