Aug 26 13:23:37.195302: FIPS Product: YES Aug 26 13:23:37.195417: FIPS Kernel: NO Aug 26 13:23:37.195420: FIPS Mode: NO Aug 26 13:23:37.195422: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:23:37.195528: Initializing NSS Aug 26 13:23:37.195533: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:23:37.219979: NSS initialized Aug 26 13:23:37.219992: NSS crypto library initialized Aug 26 13:23:37.219995: FIPS HMAC integrity support [enabled] Aug 26 13:23:37.219996: FIPS mode disabled for pluto daemon Aug 26 13:23:37.245005: FIPS HMAC integrity verification self-test FAILED Aug 26 13:23:37.245141: libcap-ng support [enabled] Aug 26 13:23:37.245152: Linux audit support [enabled] Aug 26 13:23:37.245194: Linux audit activated Aug 26 13:23:37.245199: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:14360 Aug 26 13:23:37.245202: core dump dir: /tmp Aug 26 13:23:37.245204: secrets file: /etc/ipsec.secrets Aug 26 13:23:37.245207: leak-detective enabled Aug 26 13:23:37.245209: NSS crypto [enabled] Aug 26 13:23:37.245211: XAUTH PAM support [enabled] Aug 26 13:23:37.245280: | libevent is using pluto's memory allocator Aug 26 13:23:37.245294: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:23:37.245327: | libevent_malloc: new ptr-libevent@0x56327f88ef78 size 40 Aug 26 13:23:37.245334: | libevent_malloc: new ptr-libevent@0x56327f889cd8 size 40 Aug 26 13:23:37.245338: | libevent_malloc: new ptr-libevent@0x56327f889dd8 size 40 Aug 26 13:23:37.245341: | creating event base Aug 26 13:23:37.245345: | libevent_malloc: new ptr-libevent@0x56327f90e5b8 size 56 Aug 26 13:23:37.245362: | libevent_malloc: new ptr-libevent@0x56327f8b2688 size 664 Aug 26 13:23:37.245373: | libevent_malloc: new ptr-libevent@0x56327f90e628 size 24 Aug 26 13:23:37.245377: | libevent_malloc: new ptr-libevent@0x56327f90e678 size 384 Aug 26 13:23:37.245387: | libevent_malloc: new ptr-libevent@0x56327f90e578 size 16 Aug 26 13:23:37.245391: | libevent_malloc: new ptr-libevent@0x56327f889908 size 40 Aug 26 13:23:37.245394: | libevent_malloc: new ptr-libevent@0x56327f889d38 size 48 Aug 26 13:23:37.245399: | libevent_realloc: new ptr-libevent@0x56327f8b2318 size 256 Aug 26 13:23:37.245405: | libevent_malloc: new ptr-libevent@0x56327f90e828 size 16 Aug 26 13:23:37.245412: | libevent_free: release ptr-libevent@0x56327f90e5b8 Aug 26 13:23:37.245416: | libevent initialized Aug 26 13:23:37.245420: | libevent_realloc: new ptr-libevent@0x56327f90e5b8 size 64 Aug 26 13:23:37.245424: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:23:37.245440: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:23:37.245444: NAT-Traversal support [enabled] Aug 26 13:23:37.245447: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:23:37.245453: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:23:37.245457: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:23:37.245492: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:23:37.245496: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:23:37.245500: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:23:37.245547: Encryption algorithms: Aug 26 13:23:37.245556: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:23:37.245561: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:23:37.245565: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:23:37.245569: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:23:37.245572: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:23:37.245582: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:23:37.245586: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:23:37.245590: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:23:37.245594: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:23:37.245598: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:23:37.245602: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:23:37.245605: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:23:37.245609: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:23:37.245613: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:23:37.245617: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:23:37.245620: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:23:37.245624: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:23:37.245631: Hash algorithms: Aug 26 13:23:37.245634: MD5 IKEv1: IKE IKEv2: Aug 26 13:23:37.245637: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:23:37.245641: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:23:37.245644: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:23:37.245647: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:23:37.245660: PRF algorithms: Aug 26 13:23:37.245664: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:23:37.245668: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:23:37.245671: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:23:37.245675: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:23:37.245679: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:23:37.245682: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:23:37.245708: Integrity algorithms: Aug 26 13:23:37.245712: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:23:37.245717: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:23:37.245721: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:23:37.245725: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:23:37.245730: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:23:37.245733: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:23:37.245737: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:23:37.245740: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:23:37.245743: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:23:37.245755: DH algorithms: Aug 26 13:23:37.245759: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:23:37.245763: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:23:37.245766: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:23:37.245772: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:23:37.245775: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:23:37.245779: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:23:37.245782: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:23:37.245785: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:23:37.245788: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:23:37.245792: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:23:37.245795: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:23:37.245797: testing CAMELLIA_CBC: Aug 26 13:23:37.245800: Camellia: 16 bytes with 128-bit key Aug 26 13:23:37.245926: Camellia: 16 bytes with 128-bit key Aug 26 13:23:37.245966: Camellia: 16 bytes with 256-bit key Aug 26 13:23:37.245997: Camellia: 16 bytes with 256-bit key Aug 26 13:23:37.246029: testing AES_GCM_16: Aug 26 13:23:37.246034: empty string Aug 26 13:23:37.246066: one block Aug 26 13:23:37.246095: two blocks Aug 26 13:23:37.246124: two blocks with associated data Aug 26 13:23:37.246152: testing AES_CTR: Aug 26 13:23:37.246156: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:23:37.246184: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:23:37.246213: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:23:37.246244: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:23:37.246272: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:23:37.246328: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:23:37.246374: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:23:37.246404: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:23:37.246437: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:23:37.246468: testing AES_CBC: Aug 26 13:23:37.246473: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:23:37.246502: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.246533: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.246566: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:23:37.246602: testing AES_XCBC: Aug 26 13:23:37.246607: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:23:37.246729: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:23:37.246865: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:23:37.247012: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:23:37.247146: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:23:37.247284: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:23:37.247470: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:23:37.247795: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:23:37.247932: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:23:37.248075: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:23:37.248333: testing HMAC_MD5: Aug 26 13:23:37.248342: RFC 2104: MD5_HMAC test 1 Aug 26 13:23:37.248533: RFC 2104: MD5_HMAC test 2 Aug 26 13:23:37.248698: RFC 2104: MD5_HMAC test 3 Aug 26 13:23:37.248900: 8 CPU cores online Aug 26 13:23:37.248906: starting up 7 crypto helpers Aug 26 13:23:37.248941: started thread for crypto helper 0 Aug 26 13:23:37.248947: | starting up helper thread 0 Aug 26 13:23:37.248969: started thread for crypto helper 1 Aug 26 13:23:37.248970: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:23:37.248973: | starting up helper thread 1 Aug 26 13:23:37.249007: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:23:37.249019: started thread for crypto helper 2 Aug 26 13:23:37.249046: started thread for crypto helper 3 Aug 26 13:23:37.249049: | starting up helper thread 3 Aug 26 13:23:37.248981: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:37.249066: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:23:37.249079: started thread for crypto helper 4 Aug 26 13:23:37.249077: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:37.249091: | crypto helper 3 waiting (nothing to do) Aug 26 13:23:37.249105: started thread for crypto helper 5 Aug 26 13:23:37.249107: | starting up helper thread 5 Aug 26 13:23:37.249114: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:23:37.249117: | crypto helper 5 waiting (nothing to do) Aug 26 13:23:37.249131: started thread for crypto helper 6 Aug 26 13:23:37.249133: | starting up helper thread 6 Aug 26 13:23:37.249136: | checking IKEv1 state table Aug 26 13:23:37.249142: | starting up helper thread 4 Aug 26 13:23:37.249143: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:23:37.249151: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:23:37.249153: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249151: | crypto helper 6 waiting (nothing to do) Aug 26 13:23:37.249158: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:23:37.249162: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249165: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:23:37.249166: | crypto helper 4 waiting (nothing to do) Aug 26 13:23:37.249174: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:23:37.249184: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:23:37.249187: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.249189: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.249192: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:23:37.249195: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:23:37.249197: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.249199: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:37.249202: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:23:37.249205: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.249207: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.249209: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:37.249212: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:23:37.249215: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.249217: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.249219: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:37.249222: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:23:37.249224: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249227: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:23:37.249230: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249232: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249235: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:23:37.249238: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249240: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:37.249242: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:37.249245: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:23:37.249248: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:37.249250: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:37.249253: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:23:37.249255: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249258: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.249260: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249263: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:23:37.249266: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:23:37.249268: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:23:37.249271: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:23:37.249274: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:23:37.249280: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:23:37.249283: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:23:37.249285: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249302: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:23:37.249310: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249313: | INFO: category: informational flags: 0: Aug 26 13:23:37.249315: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249318: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:23:37.249321: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249324: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:23:37.249326: | -> XAUTH_R1 EVENT_NULL Aug 26 13:23:37.249329: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:23:37.249332: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:37.249335: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:23:37.249337: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:23:37.249340: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:23:37.249343: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:23:37.249346: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.249348: | -> UNDEFINED EVENT_NULL Aug 26 13:23:37.249351: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:23:37.249353: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:37.249356: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.249359: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:23:37.249362: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:23:37.249365: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:23:37.249371: | checking IKEv2 state table Aug 26 13:23:37.249377: | PARENT_I0: category: ignore flags: 0: Aug 26 13:23:37.249381: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:23:37.249384: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249387: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:23:37.249390: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:23:37.249394: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:23:37.249397: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:23:37.249400: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:23:37.249403: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:23:37.249405: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:23:37.249408: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:23:37.249411: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:23:37.249414: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:23:37.249417: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:23:37.249420: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:23:37.249423: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:23:37.249426: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249428: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:23:37.249431: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:23:37.249434: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:23:37.249437: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:23:37.249440: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:23:37.249443: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:23:37.249446: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:23:37.249448: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:23:37.249456: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:23:37.249459: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.249462: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:23:37.249466: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:23:37.249468: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:23:37.249472: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.249474: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:37.249478: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:23:37.249480: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:23:37.249484: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:23:37.249486: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:23:37.249490: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:23:37.249493: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:23:37.249496: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:23:37.249499: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:23:37.249501: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:37.249504: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:23:37.249508: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:23:37.249511: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:23:37.249514: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:23:37.249516: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:23:37.249519: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:23:37.249565: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:23:37.249637: | Hard-wiring algorithms Aug 26 13:23:37.249642: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:23:37.249647: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:23:37.249662: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:23:37.249664: | adding 3DES_CBC to kernel algorithm db Aug 26 13:23:37.249667: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:23:37.249669: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:23:37.249686: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:23:37.249689: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:23:37.249691: | adding AES_CTR to kernel algorithm db Aug 26 13:23:37.249694: | adding AES_CBC to kernel algorithm db Aug 26 13:23:37.249696: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:23:37.249699: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:23:37.249701: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:23:37.249704: | adding NULL to kernel algorithm db Aug 26 13:23:37.249707: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:23:37.249709: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:23:37.249710: | starting up helper thread 2 Aug 26 13:23:37.249712: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:23:37.249721: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:23:37.249724: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:23:37.249736: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:23:37.249742: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:23:37.249746: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:23:37.249751: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:23:37.249725: | crypto helper 2 waiting (nothing to do) Aug 26 13:23:37.249755: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:23:37.249765: | adding NONE to kernel algorithm db Aug 26 13:23:37.249791: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:23:37.249797: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:23:37.249800: | setup kernel fd callback Aug 26 13:23:37.249804: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56327f9131c8 Aug 26 13:23:37.249809: | libevent_malloc: new ptr-libevent@0x56327f8f7648 size 128 Aug 26 13:23:37.249812: | libevent_malloc: new ptr-libevent@0x56327f9132d8 size 16 Aug 26 13:23:37.249819: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56327f913d08 Aug 26 13:23:37.249822: | libevent_malloc: new ptr-libevent@0x56327f8b5888 size 128 Aug 26 13:23:37.249824: | libevent_malloc: new ptr-libevent@0x56327f913cc8 size 16 Aug 26 13:23:37.250073: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:23:37.250082: selinux support is enabled. Aug 26 13:23:37.250342: | unbound context created - setting debug level to 5 Aug 26 13:23:37.250373: | /etc/hosts lookups activated Aug 26 13:23:37.250386: | /etc/resolv.conf usage activated Aug 26 13:23:37.250456: | outgoing-port-avoid set 0-65535 Aug 26 13:23:37.250488: | outgoing-port-permit set 32768-60999 Aug 26 13:23:37.250492: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:23:37.250495: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:23:37.250498: | Setting up events, loop start Aug 26 13:23:37.250502: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56327f913d78 Aug 26 13:23:37.250505: | libevent_malloc: new ptr-libevent@0x56327f920008 size 128 Aug 26 13:23:37.250509: | libevent_malloc: new ptr-libevent@0x56327f92b2d8 size 16 Aug 26 13:23:37.250515: | libevent_realloc: new ptr-libevent@0x56327f92b318 size 256 Aug 26 13:23:37.250518: | libevent_malloc: new ptr-libevent@0x56327f92b448 size 8 Aug 26 13:23:37.250523: | libevent_realloc: new ptr-libevent@0x56327f8b3148 size 144 Aug 26 13:23:37.250526: | libevent_malloc: new ptr-libevent@0x56327f8b6eb8 size 152 Aug 26 13:23:37.250530: | libevent_malloc: new ptr-libevent@0x56327f92b488 size 16 Aug 26 13:23:37.250534: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:23:37.250538: | libevent_malloc: new ptr-libevent@0x56327f92b4c8 size 8 Aug 26 13:23:37.250541: | libevent_malloc: new ptr-libevent@0x56327f92b508 size 152 Aug 26 13:23:37.250544: | signal event handler PLUTO_SIGTERM installed Aug 26 13:23:37.250547: | libevent_malloc: new ptr-libevent@0x56327f92b5d8 size 8 Aug 26 13:23:37.250550: | libevent_malloc: new ptr-libevent@0x56327f92b618 size 152 Aug 26 13:23:37.250553: | signal event handler PLUTO_SIGHUP installed Aug 26 13:23:37.250556: | libevent_malloc: new ptr-libevent@0x56327f92b6e8 size 8 Aug 26 13:23:37.250559: | libevent_realloc: release ptr-libevent@0x56327f8b3148 Aug 26 13:23:37.250562: | libevent_realloc: new ptr-libevent@0x56327f92b728 size 256 Aug 26 13:23:37.250565: | libevent_malloc: new ptr-libevent@0x56327f92b858 size 152 Aug 26 13:23:37.250568: | signal event handler PLUTO_SIGSYS installed Aug 26 13:23:37.250921: | created addconn helper (pid:14386) using fork+execve Aug 26 13:23:37.250938: | forked child 14386 Aug 26 13:23:37.253197: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.253217: listening for IKE messages Aug 26 13:23:37.253250: | Inspecting interface lo Aug 26 13:23:37.253255: | found lo with address 127.0.0.1 Aug 26 13:23:37.253258: | Inspecting interface eth0 Aug 26 13:23:37.253261: | found eth0 with address 192.0.1.254 Aug 26 13:23:37.253262: | Inspecting interface eth1 Aug 26 13:23:37.253265: | found eth1 with address 192.1.2.45 Aug 26 13:23:37.253358: Kernel supports NIC esp-hw-offload Aug 26 13:23:37.253370: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:23:37.253389: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.253392: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.253395: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:23:37.253417: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:23:37.253432: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.253435: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.253438: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:23:37.253458: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:23:37.253480: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:37.253484: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:37.253488: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:23:37.253543: | no interfaces to sort Aug 26 13:23:37.253548: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:23:37.253557: | add_fd_read_event_handler: new ethX-pe@0x56327f92bda8 Aug 26 13:23:37.253561: | libevent_malloc: new ptr-libevent@0x56327f91ff58 size 128 Aug 26 13:23:37.253565: | libevent_malloc: new ptr-libevent@0x56327f92be18 size 16 Aug 26 13:23:37.253573: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:37.253576: | add_fd_read_event_handler: new ethX-pe@0x56327f92be58 Aug 26 13:23:37.253578: | libevent_malloc: new ptr-libevent@0x56327f8b2a78 size 128 Aug 26 13:23:37.253581: | libevent_malloc: new ptr-libevent@0x56327f92bec8 size 16 Aug 26 13:23:37.253586: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:37.253589: | add_fd_read_event_handler: new ethX-pe@0x56327f92bf08 Aug 26 13:23:37.253592: | libevent_malloc: new ptr-libevent@0x56327f8b5f08 size 128 Aug 26 13:23:37.253595: | libevent_malloc: new ptr-libevent@0x56327f92bf78 size 16 Aug 26 13:23:37.253600: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:37.253603: | add_fd_read_event_handler: new ethX-pe@0x56327f92bfb8 Aug 26 13:23:37.253608: | libevent_malloc: new ptr-libevent@0x56327f8b6a28 size 128 Aug 26 13:23:37.253611: | libevent_malloc: new ptr-libevent@0x56327f92c028 size 16 Aug 26 13:23:37.253616: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:37.253619: | add_fd_read_event_handler: new ethX-pe@0x56327f92c068 Aug 26 13:23:37.253623: | libevent_malloc: new ptr-libevent@0x56327f88a4e8 size 128 Aug 26 13:23:37.253626: | libevent_malloc: new ptr-libevent@0x56327f92c0d8 size 16 Aug 26 13:23:37.253631: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:37.253634: | add_fd_read_event_handler: new ethX-pe@0x56327f92c118 Aug 26 13:23:37.253637: | libevent_malloc: new ptr-libevent@0x56327f88a1d8 size 128 Aug 26 13:23:37.253640: | libevent_malloc: new ptr-libevent@0x56327f92c188 size 16 Aug 26 13:23:37.253645: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:37.253650: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:37.253653: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:37.253673: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:37.253689: | id type added to secret(0x56327f885b58) PKK_PSK: @west Aug 26 13:23:37.253694: | id type added to secret(0x56327f885b58) PKK_PSK: @east Aug 26 13:23:37.253698: | Processing PSK at line 1: passed Aug 26 13:23:37.253701: | certs and keys locked by 'process_secret' Aug 26 13:23:37.253705: | certs and keys unlocked by 'process_secret' Aug 26 13:23:37.253715: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.253721: | spent 0.513 milliseconds in whack Aug 26 13:23:37.268531: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.268551: listening for IKE messages Aug 26 13:23:37.268580: | Inspecting interface lo Aug 26 13:23:37.268585: | found lo with address 127.0.0.1 Aug 26 13:23:37.268587: | Inspecting interface eth0 Aug 26 13:23:37.268590: | found eth0 with address 192.0.1.254 Aug 26 13:23:37.268592: | Inspecting interface eth1 Aug 26 13:23:37.268594: | found eth1 with address 192.1.2.45 Aug 26 13:23:37.268638: | no interfaces to sort Aug 26 13:23:37.268648: | libevent_free: release ptr-libevent@0x56327f91ff58 Aug 26 13:23:37.268651: | free_event_entry: release EVENT_NULL-pe@0x56327f92bda8 Aug 26 13:23:37.268653: | add_fd_read_event_handler: new ethX-pe@0x56327f92bda8 Aug 26 13:23:37.268656: | libevent_malloc: new ptr-libevent@0x56327f91ff58 size 128 Aug 26 13:23:37.268661: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:37.268664: | libevent_free: release ptr-libevent@0x56327f8b2a78 Aug 26 13:23:37.268666: | free_event_entry: release EVENT_NULL-pe@0x56327f92be58 Aug 26 13:23:37.268667: | add_fd_read_event_handler: new ethX-pe@0x56327f92be58 Aug 26 13:23:37.268669: | libevent_malloc: new ptr-libevent@0x56327f8b2a78 size 128 Aug 26 13:23:37.268672: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:37.268675: | libevent_free: release ptr-libevent@0x56327f8b5f08 Aug 26 13:23:37.268677: | free_event_entry: release EVENT_NULL-pe@0x56327f92bf08 Aug 26 13:23:37.268678: | add_fd_read_event_handler: new ethX-pe@0x56327f92bf08 Aug 26 13:23:37.268680: | libevent_malloc: new ptr-libevent@0x56327f8b5f08 size 128 Aug 26 13:23:37.268684: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:37.268686: | libevent_free: release ptr-libevent@0x56327f8b6a28 Aug 26 13:23:37.268688: | free_event_entry: release EVENT_NULL-pe@0x56327f92bfb8 Aug 26 13:23:37.268690: | add_fd_read_event_handler: new ethX-pe@0x56327f92bfb8 Aug 26 13:23:37.268692: | libevent_malloc: new ptr-libevent@0x56327f8b6a28 size 128 Aug 26 13:23:37.268695: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:37.268697: | libevent_free: release ptr-libevent@0x56327f88a4e8 Aug 26 13:23:37.268699: | free_event_entry: release EVENT_NULL-pe@0x56327f92c068 Aug 26 13:23:37.268701: | add_fd_read_event_handler: new ethX-pe@0x56327f92c068 Aug 26 13:23:37.268702: | libevent_malloc: new ptr-libevent@0x56327f88a4e8 size 128 Aug 26 13:23:37.268706: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:37.268708: | libevent_free: release ptr-libevent@0x56327f88a1d8 Aug 26 13:23:37.268710: | free_event_entry: release EVENT_NULL-pe@0x56327f92c118 Aug 26 13:23:37.268712: | add_fd_read_event_handler: new ethX-pe@0x56327f92c118 Aug 26 13:23:37.268714: | libevent_malloc: new ptr-libevent@0x56327f88a1d8 size 128 Aug 26 13:23:37.268717: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:37.268719: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:37.268721: forgetting secrets Aug 26 13:23:37.268727: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:37.268737: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:37.268743: | id type added to secret(0x56327f885b58) PKK_PSK: @west Aug 26 13:23:37.268746: | id type added to secret(0x56327f885b58) PKK_PSK: @east Aug 26 13:23:37.268748: | Processing PSK at line 1: passed Aug 26 13:23:37.268750: | certs and keys locked by 'process_secret' Aug 26 13:23:37.268752: | certs and keys unlocked by 'process_secret' Aug 26 13:23:37.268759: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.268765: | spent 0.241 milliseconds in whack Aug 26 13:23:37.269199: | processing signal PLUTO_SIGCHLD Aug 26 13:23:37.269211: | waitpid returned pid 14386 (exited with status 0) Aug 26 13:23:37.269215: | reaped addconn helper child (status 0) Aug 26 13:23:37.269219: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:37.269222: | spent 0.0144 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:37.337550: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.337577: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.337582: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:37.337585: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.337588: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:37.337593: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.337599: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:37.337664: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:23:37.337669: | from whack: got --esp= Aug 26 13:23:37.337709: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:23:37.337715: | counting wild cards for @west is 0 Aug 26 13:23:37.337719: | counting wild cards for @east is 0 Aug 26 13:23:37.337729: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:23:37.337733: | new hp@0x56327f92e468 Aug 26 13:23:37.337738: added connection description "west" Aug 26 13:23:37.337749: | ike_life: 3600s; ipsec_life: 30s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:37.337760: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:23:37.337769: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.337776: | spent 0.234 milliseconds in whack Aug 26 13:23:37.337833: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.337843: add keyid @west Aug 26 13:23:37.337847: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:23:37.337850: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:23:37.337852: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:23:37.337855: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:23:37.337858: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:23:37.337860: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:23:37.337862: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:23:37.337865: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:23:37.337867: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:23:37.337870: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:23:37.337872: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:23:37.337875: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:23:37.337877: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:23:37.337879: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:23:37.337881: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:23:37.337884: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:23:37.337886: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:23:37.337889: | add pubkey 15 04 37 f9 Aug 26 13:23:37.337930: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:23:37.337934: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:23:37.337945: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.337950: | spent 0.135 milliseconds in whack Aug 26 13:23:37.337977: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.337987: add keyid @east Aug 26 13:23:37.337991: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:23:37.337994: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:23:37.337997: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:23:37.337999: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:23:37.338005: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:23:37.338009: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:23:37.338011: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:23:37.338014: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:23:37.338017: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:23:37.338019: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:23:37.338022: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:23:37.338025: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:23:37.338027: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:23:37.338030: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:23:37.338033: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:23:37.338035: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:23:37.338038: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:23:37.338041: | add pubkey 51 51 48 ef Aug 26 13:23:37.338052: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:23:37.338055: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:23:37.338065: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.338071: | spent 0.0971 milliseconds in whack Aug 26 13:23:37.448790: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:37.448812: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:23:37.448815: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:37.448819: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Aug 26 13:23:37.448821: | connection 'west' +POLICY_UP Aug 26 13:23:37.448824: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:23:37.448826: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:23:37.448844: | creating state object #1 at 0x56327f92ec18 Aug 26 13:23:37.448846: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:23:37.448852: | pstats #1 ikev2.ike started Aug 26 13:23:37.448854: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:23:37.448857: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:23:37.448860: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:37.448866: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:37.448869: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:37.448871: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:23:37.448874: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Aug 26 13:23:37.448878: "west" #1: initiating v2 parent SA Aug 26 13:23:37.448886: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Aug 26 13:23:37.448895: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:37.448901: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.448904: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:37.448907: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.448910: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:37.448917: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.448920: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:37.448923: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.448944: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.448951: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:23:37.448954: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56327f92e548 Aug 26 13:23:37.448956: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:37.448959: | libevent_malloc: new ptr-libevent@0x56327f92ea68 size 128 Aug 26 13:23:37.448984: | #1 spent 0.163 milliseconds in ikev2_parent_outI1() Aug 26 13:23:37.449000: | crypto helper 0 resuming Aug 26 13:23:37.449001: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:37.449014: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:23:37.449019: | RESET processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:37.449020: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:23:37.449026: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:37.449046: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:23:37.449050: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:23:37.449054: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:37.449058: | spent 0.26 milliseconds in whack Aug 26 13:23:37.449655: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000635 seconds Aug 26 13:23:37.449664: | (#1) spent 0.621 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:23:37.449667: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:23:37.449669: | scheduling resume sending helper answer for #1 Aug 26 13:23:37.449671: | libevent_malloc: new ptr-libevent@0x7f6188002888 size 128 Aug 26 13:23:37.449677: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:37.449683: | processing resume sending helper answer for #1 Aug 26 13:23:37.449689: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:37.449692: | crypto helper 0 replies to request ID 1 Aug 26 13:23:37.449708: | calling continuation function 0x56327dd4db50 Aug 26 13:23:37.449710: | ikev2_parent_outI1_continue for #1 Aug 26 13:23:37.449748: | **emit ISAKMP Message: Aug 26 13:23:37.449750: | initiator cookie: Aug 26 13:23:37.449752: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.449753: | responder cookie: Aug 26 13:23:37.449755: | 00 00 00 00 00 00 00 00 Aug 26 13:23:37.449757: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:37.449759: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:37.449778: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:37.449780: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:37.449782: | Message ID: 0 (0x0) Aug 26 13:23:37.449784: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:37.449794: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.449796: | Emitting ikev2_proposals ... Aug 26 13:23:37.449798: | ***emit IKEv2 Security Association Payload: Aug 26 13:23:37.449800: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.449801: | flags: none (0x0) Aug 26 13:23:37.449804: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:37.449806: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.449807: | discarding INTEG=NONE Aug 26 13:23:37.449822: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.449824: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.449826: | prop #: 1 (0x1) Aug 26 13:23:37.449827: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:37.449829: | spi size: 0 (0x0) Aug 26 13:23:37.449830: | # transforms: 11 (0xb) Aug 26 13:23:37.449832: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.449834: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449837: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.449839: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.449841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449856: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.449858: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.449860: | length/value: 256 (0x100) Aug 26 13:23:37.449862: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.449863: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449867: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.449868: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:37.449870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449874: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449876: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449879: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.449881: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:37.449882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449888: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449889: | discarding INTEG=NONE Aug 26 13:23:37.449891: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449892: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449896: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.449897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449914: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449915: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449918: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449920: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:37.449922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449925: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449927: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449930: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449931: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:37.449933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449935: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449937: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449938: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449943: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:37.449945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449948: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449950: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449953: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449954: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:37.449956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449958: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449960: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449961: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449964: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449967: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:37.449969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449972: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449974: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449976: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449979: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:37.449981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449984: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449986: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.449987: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.449989: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.449990: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:37.449992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.449994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.449996: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.449997: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:37.450015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.450016: | discarding INTEG=NONE Aug 26 13:23:37.450018: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.450020: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.450021: | prop #: 2 (0x2) Aug 26 13:23:37.450035: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:37.450037: | spi size: 0 (0x0) Aug 26 13:23:37.450039: | # transforms: 11 (0xb) Aug 26 13:23:37.450041: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.450043: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.450044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450047: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.450049: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.450051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450052: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.450054: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.450056: | length/value: 128 (0x80) Aug 26 13:23:37.450057: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.450059: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450062: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450064: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:37.450065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450070: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450072: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450075: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450076: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:37.450078: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450082: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450083: | discarding INTEG=NONE Aug 26 13:23:37.450085: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450088: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450089: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.450091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450095: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450096: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450101: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:37.450103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450108: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450111: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450112: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:37.450114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450119: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450122: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450124: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:37.450126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450129: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450131: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450135: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:37.450140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450145: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450149: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450150: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:37.450152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450154: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450155: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450157: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450162: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:37.450164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450169: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450170: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.450172: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450173: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:37.450175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450177: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450179: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450180: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:37.450182: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.450184: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.450185: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.450187: | prop #: 3 (0x3) Aug 26 13:23:37.450188: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:37.450190: | spi size: 0 (0x0) Aug 26 13:23:37.450191: | # transforms: 13 (0xd) Aug 26 13:23:37.450193: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.450195: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.450197: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450200: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.450202: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:37.450203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450205: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.450207: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.450209: | length/value: 256 (0x100) Aug 26 13:23:37.450211: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.450212: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450214: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450215: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450217: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:37.450219: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450222: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450224: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450227: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450229: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:37.450230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450235: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450239: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.450240: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:37.450242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450245: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450247: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450250: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.450252: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:37.450254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450257: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450259: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450273: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450275: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450276: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.450278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450282: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450283: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450287: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450292: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:37.450298: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450302: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450305: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450307: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450309: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450310: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450312: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:37.450314: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450330: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450332: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450337: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:37.450338: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450342: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450343: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450346: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450348: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:37.450350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450353: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450355: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450358: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450360: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:37.450361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450363: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450365: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450366: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450369: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450371: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:37.450373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450376: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450378: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450379: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.450381: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450384: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:37.450386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450387: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450389: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450391: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:37.450392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.450394: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.450396: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:37.450397: | prop #: 4 (0x4) Aug 26 13:23:37.450399: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:37.450400: | spi size: 0 (0x0) Aug 26 13:23:37.450402: | # transforms: 13 (0xd) Aug 26 13:23:37.450404: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.450406: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.450407: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450409: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450410: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.450412: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:37.450414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450415: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.450417: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.450419: | length/value: 128 (0x80) Aug 26 13:23:37.450420: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.450422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450425: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450426: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:37.450428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450433: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450436: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.450438: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:37.450440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450442: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450443: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450445: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450448: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.450449: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:37.450451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450456: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450458: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450461: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.450462: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:37.450464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450468: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450469: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450474: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.450476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450479: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450481: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450484: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450485: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:37.450487: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450490: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450492: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450497: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:37.450498: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450500: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450502: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450503: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450506: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450508: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:37.450510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450513: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450515: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450519: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:37.450521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450526: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450527: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450531: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450532: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:37.450534: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450536: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450537: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450539: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450540: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450542: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450544: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:37.450545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450550: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.450552: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.450554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.450555: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:37.450557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.450559: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.450560: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.450562: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:37.450564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.450565: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:23:37.450567: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:37.450569: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:23:37.450570: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.450572: | flags: none (0x0) Aug 26 13:23:37.450574: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.450576: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:23:37.450578: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.450580: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:23:37.450582: | ikev2 g^x 19 46 de e4 06 33 a2 86 54 89 5b 97 8a f7 58 8d Aug 26 13:23:37.450583: | ikev2 g^x b5 98 f5 cf 14 fb e3 bf 06 04 f7 07 d2 8c 42 05 Aug 26 13:23:37.450585: | ikev2 g^x 78 08 e1 89 e9 ae b4 0e b4 51 e4 2a 3e ba cd dc Aug 26 13:23:37.450587: | ikev2 g^x b7 9f 99 63 b5 37 07 ed 59 41 cc 5a d1 7a 88 9f Aug 26 13:23:37.450588: | ikev2 g^x 87 4c e6 94 45 cd e4 e7 75 4b 5a df c1 63 58 98 Aug 26 13:23:37.450590: | ikev2 g^x c6 4d 85 80 ec 45 f3 c3 a0 bb a9 bc be b7 53 b0 Aug 26 13:23:37.450592: | ikev2 g^x cc 13 28 47 e8 e9 ba f5 9a 0d ec ef 59 84 a2 4b Aug 26 13:23:37.450593: | ikev2 g^x 98 80 b6 e3 44 1f 66 46 d6 22 61 f2 cb 6a 31 90 Aug 26 13:23:37.450595: | ikev2 g^x dc 83 92 c0 54 10 6b 69 1b e3 7a a1 a5 f7 3b 79 Aug 26 13:23:37.450596: | ikev2 g^x ce 7c d6 12 44 09 47 25 45 ca e9 71 cc 89 0d c8 Aug 26 13:23:37.450598: | ikev2 g^x 0e 44 06 05 bf 53 2c 29 59 83 a6 9b 5f bc 84 d7 Aug 26 13:23:37.450599: | ikev2 g^x d4 93 3a ac b0 78 59 46 b2 7b ed d8 68 dc 7c eb Aug 26 13:23:37.450601: | ikev2 g^x f3 4a 7d ec bb 78 27 99 5a b1 f8 42 a8 3a 64 19 Aug 26 13:23:37.450603: | ikev2 g^x 54 ad 9e 13 16 4e 00 98 e4 85 29 43 84 23 40 61 Aug 26 13:23:37.450604: | ikev2 g^x 45 cb 19 21 54 f9 18 48 df ff 68 61 a9 65 b5 b0 Aug 26 13:23:37.450606: | ikev2 g^x 47 21 51 18 54 9b bc 00 aa da 9d 72 dd c4 a3 e4 Aug 26 13:23:37.450607: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:23:37.450609: | ***emit IKEv2 Nonce Payload: Aug 26 13:23:37.450610: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:37.450612: | flags: none (0x0) Aug 26 13:23:37.450614: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:23:37.450616: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:23:37.450618: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.450620: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:23:37.450621: | IKEv2 nonce a3 7a 86 ad 87 7f 9d 47 ff 50 6f f7 ea 10 c6 9a Aug 26 13:23:37.450623: | IKEv2 nonce c6 70 32 65 5f 8d 7d 94 86 b5 25 76 75 38 1e e2 Aug 26 13:23:37.450624: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:23:37.450626: | Adding a v2N Payload Aug 26 13:23:37.450628: | ***emit IKEv2 Notify Payload: Aug 26 13:23:37.450630: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.450631: | flags: none (0x0) Aug 26 13:23:37.450633: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.450634: | SPI size: 0 (0x0) Aug 26 13:23:37.450636: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:37.450638: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:37.450640: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.450642: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:23:37.450644: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:23:37.450645: | natd_hash: rcookie is zero Aug 26 13:23:37.450655: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:23:37.450656: | natd_hash: icookie= 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.450658: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:37.450659: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:37.450661: | natd_hash: port=500 Aug 26 13:23:37.450663: | natd_hash: hash= b6 35 97 e8 c2 30 2a c9 c7 ab d6 79 e3 97 05 43 Aug 26 13:23:37.450664: | natd_hash: hash= 20 51 53 64 Aug 26 13:23:37.450666: | Adding a v2N Payload Aug 26 13:23:37.450667: | ***emit IKEv2 Notify Payload: Aug 26 13:23:37.450669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.450670: | flags: none (0x0) Aug 26 13:23:37.450672: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.450673: | SPI size: 0 (0x0) Aug 26 13:23:37.450675: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:37.450677: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:37.450679: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.450681: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:37.450683: | Notify data b6 35 97 e8 c2 30 2a c9 c7 ab d6 79 e3 97 05 43 Aug 26 13:23:37.450685: | Notify data 20 51 53 64 Aug 26 13:23:37.450687: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:37.450688: | natd_hash: rcookie is zero Aug 26 13:23:37.450692: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:23:37.450693: | natd_hash: icookie= 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.450695: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:37.450696: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:37.450698: | natd_hash: port=500 Aug 26 13:23:37.450699: | natd_hash: hash= 01 04 5d fa ed 5a d1 3b 29 f0 60 3e 1e 65 8d 0b Aug 26 13:23:37.450701: | natd_hash: hash= 1d 98 5e bc Aug 26 13:23:37.450702: | Adding a v2N Payload Aug 26 13:23:37.450704: | ***emit IKEv2 Notify Payload: Aug 26 13:23:37.450705: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.450707: | flags: none (0x0) Aug 26 13:23:37.450708: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.450710: | SPI size: 0 (0x0) Aug 26 13:23:37.450711: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:37.450713: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:37.450715: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.450717: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:37.450718: | Notify data 01 04 5d fa ed 5a d1 3b 29 f0 60 3e 1e 65 8d 0b Aug 26 13:23:37.450720: | Notify data 1d 98 5e bc Aug 26 13:23:37.450721: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:37.450723: | emitting length of ISAKMP Message: 828 Aug 26 13:23:37.450728: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:23:37.450736: | start processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:37.450739: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:23:37.450742: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:23:37.450744: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:23:37.450746: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:23:37.450748: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:23:37.450751: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:37.450753: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:37.450761: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:37.450769: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:37.450771: | 34 f5 76 a9 3e 8c 98 bc 00 00 00 00 00 00 00 00 Aug 26 13:23:37.450772: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:23:37.450774: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:23:37.450775: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:23:37.450777: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:23:37.450778: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:23:37.450780: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:23:37.450781: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:23:37.450783: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:23:37.450784: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:23:37.450786: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:23:37.450787: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:23:37.450789: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:23:37.450790: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:23:37.450793: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:23:37.450794: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:23:37.450796: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:23:37.450797: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:23:37.450799: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:23:37.450815: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:23:37.450817: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:23:37.450818: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:23:37.450820: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:23:37.450821: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:23:37.450823: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:23:37.450824: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:23:37.450826: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:23:37.450827: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:23:37.450829: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:23:37.450830: | 28 00 01 08 00 0e 00 00 19 46 de e4 06 33 a2 86 Aug 26 13:23:37.450832: | 54 89 5b 97 8a f7 58 8d b5 98 f5 cf 14 fb e3 bf Aug 26 13:23:37.450833: | 06 04 f7 07 d2 8c 42 05 78 08 e1 89 e9 ae b4 0e Aug 26 13:23:37.450847: | b4 51 e4 2a 3e ba cd dc b7 9f 99 63 b5 37 07 ed Aug 26 13:23:37.450849: | 59 41 cc 5a d1 7a 88 9f 87 4c e6 94 45 cd e4 e7 Aug 26 13:23:37.450851: | 75 4b 5a df c1 63 58 98 c6 4d 85 80 ec 45 f3 c3 Aug 26 13:23:37.450852: | a0 bb a9 bc be b7 53 b0 cc 13 28 47 e8 e9 ba f5 Aug 26 13:23:37.450853: | 9a 0d ec ef 59 84 a2 4b 98 80 b6 e3 44 1f 66 46 Aug 26 13:23:37.450855: | d6 22 61 f2 cb 6a 31 90 dc 83 92 c0 54 10 6b 69 Aug 26 13:23:37.450856: | 1b e3 7a a1 a5 f7 3b 79 ce 7c d6 12 44 09 47 25 Aug 26 13:23:37.450858: | 45 ca e9 71 cc 89 0d c8 0e 44 06 05 bf 53 2c 29 Aug 26 13:23:37.450860: | 59 83 a6 9b 5f bc 84 d7 d4 93 3a ac b0 78 59 46 Aug 26 13:23:37.450861: | b2 7b ed d8 68 dc 7c eb f3 4a 7d ec bb 78 27 99 Aug 26 13:23:37.450863: | 5a b1 f8 42 a8 3a 64 19 54 ad 9e 13 16 4e 00 98 Aug 26 13:23:37.450864: | e4 85 29 43 84 23 40 61 45 cb 19 21 54 f9 18 48 Aug 26 13:23:37.450866: | df ff 68 61 a9 65 b5 b0 47 21 51 18 54 9b bc 00 Aug 26 13:23:37.450867: | aa da 9d 72 dd c4 a3 e4 29 00 00 24 a3 7a 86 ad Aug 26 13:23:37.450868: | 87 7f 9d 47 ff 50 6f f7 ea 10 c6 9a c6 70 32 65 Aug 26 13:23:37.450870: | 5f 8d 7d 94 86 b5 25 76 75 38 1e e2 29 00 00 08 Aug 26 13:23:37.450871: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 35 97 e8 Aug 26 13:23:37.450873: | c2 30 2a c9 c7 ab d6 79 e3 97 05 43 20 51 53 64 Aug 26 13:23:37.450874: | 00 00 00 1c 00 00 40 05 01 04 5d fa ed 5a d1 3b Aug 26 13:23:37.450876: | 29 f0 60 3e 1e 65 8d 0b 1d 98 5e bc Aug 26 13:23:37.451163: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:37.451168: | libevent_free: release ptr-libevent@0x56327f92ea68 Aug 26 13:23:37.451170: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56327f92e548 Aug 26 13:23:37.451172: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:23:37.451175: | event_schedule: new EVENT_RETRANSMIT-pe@0x56327f92e548 Aug 26 13:23:37.451178: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:23:37.451180: | libevent_malloc: new ptr-libevent@0x56327f9316a8 size 128 Aug 26 13:23:37.451183: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11103.193641 Aug 26 13:23:37.451186: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:23:37.451190: | #1 spent 1.47 milliseconds in resume sending helper answer Aug 26 13:23:37.451193: | stop processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:37.451197: | libevent_free: release ptr-libevent@0x7f6188002888 Aug 26 13:23:37.453983: | spent 0.0022 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:37.454004: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:37.454007: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.454009: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:23:37.454010: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:23:37.454012: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:23:37.454013: | 04 00 00 0e 28 00 01 08 00 0e 00 00 a4 fb c5 7c Aug 26 13:23:37.454015: | 21 9e 70 59 4e 5a 9d 72 f1 4d 54 4f 5a f0 f6 0e Aug 26 13:23:37.454016: | 27 40 26 90 8c 00 0c 9c 70 48 f8 e7 24 d7 d4 e3 Aug 26 13:23:37.454018: | 8c 3f 39 7b 5e b0 a2 84 d4 eb 3c 35 fc 17 fe f5 Aug 26 13:23:37.454019: | 36 8d 4f ad af 07 57 5e d7 e9 db 2a d7 ef 1c bf Aug 26 13:23:37.454021: | a1 b2 63 eb ae 1f c9 a8 88 16 2c 6f 5f 63 de 99 Aug 26 13:23:37.454022: | bf 38 ea a3 8c 85 d1 fe cd f2 74 f8 e1 d7 62 91 Aug 26 13:23:37.454024: | ad 03 3d 09 34 74 6a eb 03 57 f9 a3 14 43 65 9f Aug 26 13:23:37.454025: | 75 3b 75 51 b1 48 5a bc 9f 97 56 28 c0 9b ff ef Aug 26 13:23:37.454027: | 6a 7c 54 06 77 f6 9e ce dd 55 49 f3 d7 b5 d1 b4 Aug 26 13:23:37.454028: | 28 6b 07 41 3a 98 55 f7 4e 4f a2 82 e6 eb f8 0c Aug 26 13:23:37.454030: | 4d 6b 15 d2 cb 4c 3a ad 6a d6 d9 a0 7c 09 1c 68 Aug 26 13:23:37.454031: | da 32 f5 91 31 14 5f 26 4e c3 f5 00 1b 46 a5 58 Aug 26 13:23:37.454032: | 08 e0 2f 00 47 63 d1 ae f4 f7 00 8d 31 1f 09 d2 Aug 26 13:23:37.454034: | e6 8a 35 f9 b7 aa 1b 9a db 83 22 79 c1 4d 12 a3 Aug 26 13:23:37.454035: | 8f 9b d4 83 41 c8 81 b0 ff 8d 68 42 e6 e6 4d cf Aug 26 13:23:37.454037: | 21 52 89 4a 62 c3 a1 4e 34 53 90 48 29 00 00 24 Aug 26 13:23:37.454038: | a3 a8 c7 63 2d eb f7 45 47 72 bd 06 17 7b 11 04 Aug 26 13:23:37.454040: | 64 bc 1f 9c f9 51 fe ce 48 65 d0 de 11 1c 69 54 Aug 26 13:23:37.454041: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:23:37.454043: | da a6 8a 83 a7 02 dd 68 02 c1 da a1 09 57 ed 45 Aug 26 13:23:37.454044: | 19 78 98 68 00 00 00 1c 00 00 40 05 f7 05 20 18 Aug 26 13:23:37.454046: | 0c b8 6a 47 9a 1f 4d ba 4c 86 39 5f ee 8f 37 41 Aug 26 13:23:37.454049: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:37.454051: | **parse ISAKMP Message: Aug 26 13:23:37.454053: | initiator cookie: Aug 26 13:23:37.454055: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.454056: | responder cookie: Aug 26 13:23:37.454058: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.454060: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:37.454061: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:37.454063: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:37.454065: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:37.454066: | Message ID: 0 (0x0) Aug 26 13:23:37.454068: | length: 432 (0x1b0) Aug 26 13:23:37.454070: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:23:37.454072: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:23:37.454075: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:23:37.454079: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:37.454081: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:37.454083: | #1 is idle Aug 26 13:23:37.454085: | #1 idle Aug 26 13:23:37.454086: | unpacking clear payload Aug 26 13:23:37.454088: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:37.454090: | ***parse IKEv2 Security Association Payload: Aug 26 13:23:37.454091: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:23:37.454095: | flags: none (0x0) Aug 26 13:23:37.454097: | length: 40 (0x28) Aug 26 13:23:37.454098: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:23:37.454100: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:23:37.454102: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:23:37.454103: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:23:37.454105: | flags: none (0x0) Aug 26 13:23:37.454106: | length: 264 (0x108) Aug 26 13:23:37.454108: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.454110: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:23:37.454111: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:23:37.454113: | ***parse IKEv2 Nonce Payload: Aug 26 13:23:37.454114: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:37.454116: | flags: none (0x0) Aug 26 13:23:37.454117: | length: 36 (0x24) Aug 26 13:23:37.454119: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:23:37.454120: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:37.454122: | ***parse IKEv2 Notify Payload: Aug 26 13:23:37.454124: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:37.454125: | flags: none (0x0) Aug 26 13:23:37.454127: | length: 8 (0x8) Aug 26 13:23:37.454128: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.454130: | SPI size: 0 (0x0) Aug 26 13:23:37.454132: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:37.454133: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:23:37.454135: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:37.454136: | ***parse IKEv2 Notify Payload: Aug 26 13:23:37.454138: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:37.454139: | flags: none (0x0) Aug 26 13:23:37.454141: | length: 28 (0x1c) Aug 26 13:23:37.454142: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.454144: | SPI size: 0 (0x0) Aug 26 13:23:37.454146: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:37.454147: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:37.454149: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:37.454150: | ***parse IKEv2 Notify Payload: Aug 26 13:23:37.454152: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.454153: | flags: none (0x0) Aug 26 13:23:37.454155: | length: 28 (0x1c) Aug 26 13:23:37.454156: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:37.454158: | SPI size: 0 (0x0) Aug 26 13:23:37.454159: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:37.454161: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:37.454163: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:23:37.454167: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:37.454169: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:37.454170: | Now let's proceed with state specific processing Aug 26 13:23:37.454172: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:37.454175: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:23:37.454211: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:37.454217: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:23:37.454223: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:37.454225: | local proposal 1 type PRF has 2 transforms Aug 26 13:23:37.454227: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:37.454229: | local proposal 1 type DH has 8 transforms Aug 26 13:23:37.454231: | local proposal 1 type ESN has 0 transforms Aug 26 13:23:37.454233: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:37.454235: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:37.454236: | local proposal 2 type PRF has 2 transforms Aug 26 13:23:37.454238: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:37.454240: | local proposal 2 type DH has 8 transforms Aug 26 13:23:37.454241: | local proposal 2 type ESN has 0 transforms Aug 26 13:23:37.454243: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:37.454245: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:37.454246: | local proposal 3 type PRF has 2 transforms Aug 26 13:23:37.454248: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:37.454250: | local proposal 3 type DH has 8 transforms Aug 26 13:23:37.454251: | local proposal 3 type ESN has 0 transforms Aug 26 13:23:37.454253: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:37.454255: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:37.454256: | local proposal 4 type PRF has 2 transforms Aug 26 13:23:37.454258: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:37.454260: | local proposal 4 type DH has 8 transforms Aug 26 13:23:37.454261: | local proposal 4 type ESN has 0 transforms Aug 26 13:23:37.454263: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:37.454265: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.454267: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:37.454269: | length: 36 (0x24) Aug 26 13:23:37.454270: | prop #: 1 (0x1) Aug 26 13:23:37.454272: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:37.454273: | spi size: 0 (0x0) Aug 26 13:23:37.454275: | # transforms: 3 (0x3) Aug 26 13:23:37.454277: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:37.454279: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:37.454281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.454282: | length: 12 (0xc) Aug 26 13:23:37.454284: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.454286: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.454292: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.454296: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.454299: | length/value: 256 (0x100) Aug 26 13:23:37.454303: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:37.454306: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:37.454308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.454309: | length: 8 (0x8) Aug 26 13:23:37.454311: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:37.454326: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:37.454328: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:23:37.454330: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:37.454331: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.454333: | length: 8 (0x8) Aug 26 13:23:37.454334: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:37.454336: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:37.454338: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:23:37.454340: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:23:37.454343: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:23:37.454346: | remote proposal 1 matches local proposal 1 Aug 26 13:23:37.454348: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:23:37.454350: | converting proposal to internal trans attrs Aug 26 13:23:37.454360: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:23:37.454362: | natd_hash: icookie= 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.454364: | natd_hash: rcookie= 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.454365: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:37.454367: | natd_hash: port=500 Aug 26 13:23:37.454369: | natd_hash: hash= f7 05 20 18 0c b8 6a 47 9a 1f 4d ba 4c 86 39 5f Aug 26 13:23:37.454370: | natd_hash: hash= ee 8f 37 41 Aug 26 13:23:37.454373: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:23:37.454375: | natd_hash: icookie= 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.454377: | natd_hash: rcookie= 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.454378: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:37.454380: | natd_hash: port=500 Aug 26 13:23:37.454381: | natd_hash: hash= da a6 8a 83 a7 02 dd 68 02 c1 da a1 09 57 ed 45 Aug 26 13:23:37.454383: | natd_hash: hash= 19 78 98 68 Aug 26 13:23:37.454384: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:23:37.454386: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:23:37.454387: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:23:37.454389: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:23:37.454392: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:23:37.454394: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:23:37.454396: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:37.454398: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:23:37.454400: | libevent_free: release ptr-libevent@0x56327f9316a8 Aug 26 13:23:37.454402: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56327f92e548 Aug 26 13:23:37.454404: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56327f92e548 Aug 26 13:23:37.454407: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:37.454409: | libevent_malloc: new ptr-libevent@0x7f6188002888 size 128 Aug 26 13:23:37.454421: | #1 spent 0.239 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:23:37.454424: | crypto helper 1 resuming Aug 26 13:23:37.454429: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:37.454431: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:23:37.454433: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:23:37.454436: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:23:37.454436: | suspending state #1 and saving MD Aug 26 13:23:37.454445: | #1 is busy; has a suspended MD Aug 26 13:23:37.454450: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:23:37.454454: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:23:37.454459: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:37.454464: | #1 spent 0.464 milliseconds in ikev2_process_packet() Aug 26 13:23:37.454469: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:37.454472: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:37.454475: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:37.454479: | spent 0.48 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:37.454972: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:23:37.455237: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000802 seconds Aug 26 13:23:37.455245: | (#1) spent 0.808 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:23:37.455247: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:23:37.455249: | scheduling resume sending helper answer for #1 Aug 26 13:23:37.455251: | libevent_malloc: new ptr-libevent@0x7f6180000f48 size 128 Aug 26 13:23:37.455257: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:37.455263: | processing resume sending helper answer for #1 Aug 26 13:23:37.455268: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:37.455271: | crypto helper 1 replies to request ID 2 Aug 26 13:23:37.455273: | calling continuation function 0x56327dd4db50 Aug 26 13:23:37.455275: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:23:37.455281: | creating state object #2 at 0x56327f933e18 Aug 26 13:23:37.455283: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:23:37.455285: | pstats #2 ikev2.child started Aug 26 13:23:37.455291: | duplicating state object #1 "west" as #2 for IPSEC SA Aug 26 13:23:37.455297: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:23:37.455302: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:37.455322: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:37.455325: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:37.455327: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:37.455329: | libevent_free: release ptr-libevent@0x7f6188002888 Aug 26 13:23:37.455331: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56327f92e548 Aug 26 13:23:37.455333: | event_schedule: new EVENT_SA_REPLACE-pe@0x56327f92e548 Aug 26 13:23:37.455336: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:23:37.455337: | libevent_malloc: new ptr-libevent@0x7f6188002888 size 128 Aug 26 13:23:37.455340: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:23:37.455344: | **emit ISAKMP Message: Aug 26 13:23:37.455346: | initiator cookie: Aug 26 13:23:37.455361: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.455362: | responder cookie: Aug 26 13:23:37.455364: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.455366: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:37.455367: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:37.455369: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:37.455371: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:37.455372: | Message ID: 1 (0x1) Aug 26 13:23:37.455374: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:37.455376: | ***emit IKEv2 Encryption Payload: Aug 26 13:23:37.455378: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455380: | flags: none (0x0) Aug 26 13:23:37.455382: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:23:37.455384: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455386: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:23:37.455391: | IKEv2 CERT: send a certificate? Aug 26 13:23:37.455393: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:23:37.455395: | IDr payload will be sent Aug 26 13:23:37.455405: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:23:37.455407: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455408: | flags: none (0x0) Aug 26 13:23:37.455412: | ID type: ID_FQDN (0x2) Aug 26 13:23:37.455414: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:23:37.455416: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455418: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:23:37.455420: | my identity 77 65 73 74 Aug 26 13:23:37.455422: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:23:37.455427: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:23:37.455429: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:37.455431: | flags: none (0x0) Aug 26 13:23:37.455432: | ID type: ID_FQDN (0x2) Aug 26 13:23:37.455434: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:23:37.455436: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:23:37.455438: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455440: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:23:37.455442: | IDr 65 61 73 74 Aug 26 13:23:37.455443: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:23:37.455445: | not sending INITIAL_CONTACT Aug 26 13:23:37.455447: | ****emit IKEv2 Authentication Payload: Aug 26 13:23:37.455449: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455450: | flags: none (0x0) Aug 26 13:23:37.455452: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:37.455454: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:23:37.455456: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455458: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:23:37.455461: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:37.455463: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:37.455465: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:37.455468: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:37.455470: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:37.455472: | line 1: match=014 Aug 26 13:23:37.455474: | match 014 beats previous best_match 000 match=0x56327f885b58 (line=1) Aug 26 13:23:37.455475: | concluding with best_match=014 best=0x56327f885b58 (lineno=1) Aug 26 13:23:37.455515: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:23:37.455518: | PSK auth 10 16 ed f5 dd 13 24 06 df d3 f5 a4 77 1c 5a ad Aug 26 13:23:37.455519: | PSK auth 0c 80 22 f5 27 d4 e9 53 06 c5 8f 8a 19 c6 c9 77 Aug 26 13:23:37.455521: | PSK auth 4d cf 7e 68 73 da fa f2 c1 d5 42 f4 8c bc 2e b9 Aug 26 13:23:37.455522: | PSK auth 07 4b 1f fa 44 88 dc 11 22 03 53 6a 6e 80 f9 f2 Aug 26 13:23:37.455524: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:23:37.455526: | getting first pending from state #1 Aug 26 13:23:37.455542: | netlink_get_spi: allocated 0x60a9462c for esp.0@192.1.2.45 Aug 26 13:23:37.455545: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:23:37.455548: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:23:37.455551: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:37.455553: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:23:37.455556: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:37.455560: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:37.455563: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:37.455565: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:37.455567: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:37.455572: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:37.455579: | Emitting ikev2_proposals ... Aug 26 13:23:37.455582: | ****emit IKEv2 Security Association Payload: Aug 26 13:23:37.455583: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455585: | flags: none (0x0) Aug 26 13:23:37.455587: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:37.455589: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455591: | discarding INTEG=NONE Aug 26 13:23:37.455592: | discarding DH=NONE Aug 26 13:23:37.455594: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.455595: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455597: | prop #: 1 (0x1) Aug 26 13:23:37.455599: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:37.455600: | spi size: 4 (0x4) Aug 26 13:23:37.455602: | # transforms: 2 (0x2) Aug 26 13:23:37.455604: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.455606: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:37.455607: | our spi 60 a9 46 2c Aug 26 13:23:37.455609: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455612: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.455614: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.455616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455618: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.455619: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.455621: | length/value: 256 (0x100) Aug 26 13:23:37.455623: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.455624: | discarding INTEG=NONE Aug 26 13:23:37.455626: | discarding DH=NONE Aug 26 13:23:37.455627: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455629: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.455631: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:37.455632: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:37.455649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455655: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:37.455657: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.455671: | discarding INTEG=NONE Aug 26 13:23:37.455673: | discarding DH=NONE Aug 26 13:23:37.455676: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.455678: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455679: | prop #: 2 (0x2) Aug 26 13:23:37.455681: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:37.455682: | spi size: 4 (0x4) Aug 26 13:23:37.455684: | # transforms: 2 (0x2) Aug 26 13:23:37.455686: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.455690: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:37.455691: | our spi 60 a9 46 2c Aug 26 13:23:37.455693: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455696: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.455697: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.455699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455701: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.455703: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.455704: | length/value: 128 (0x80) Aug 26 13:23:37.455706: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.455707: | discarding INTEG=NONE Aug 26 13:23:37.455709: | discarding DH=NONE Aug 26 13:23:37.455710: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455712: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.455713: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:37.455715: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:37.455717: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455720: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455722: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:37.455724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.455725: | discarding DH=NONE Aug 26 13:23:37.455727: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.455728: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455730: | prop #: 3 (0x3) Aug 26 13:23:37.455731: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:37.455733: | spi size: 4 (0x4) Aug 26 13:23:37.455734: | # transforms: 4 (0x4) Aug 26 13:23:37.455736: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455738: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.455740: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:37.455741: | our spi 60 a9 46 2c Aug 26 13:23:37.455743: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455745: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455746: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.455748: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:37.455749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455751: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.455753: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.455754: | length/value: 256 (0x100) Aug 26 13:23:37.455759: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.455760: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455763: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.455765: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:37.455767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455770: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455772: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455775: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.455777: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:37.455779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455782: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455783: | discarding DH=NONE Aug 26 13:23:37.455785: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455786: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.455788: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:37.455790: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:37.455791: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455795: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455796: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:37.455798: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.455800: | discarding DH=NONE Aug 26 13:23:37.455801: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.455803: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:37.455804: | prop #: 4 (0x4) Aug 26 13:23:37.455806: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:37.455807: | spi size: 4 (0x4) Aug 26 13:23:37.455809: | # transforms: 4 (0x4) Aug 26 13:23:37.455811: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:37.455813: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:37.455814: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:37.455816: | our spi 60 a9 46 2c Aug 26 13:23:37.455817: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455820: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.455822: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:37.455824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455825: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.455827: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.455828: | length/value: 128 (0x80) Aug 26 13:23:37.455830: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:37.455833: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455836: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.455837: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:37.455839: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455843: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455844: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455846: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455847: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:37.455849: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:37.455851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455854: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455856: | discarding DH=NONE Aug 26 13:23:37.455857: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:37.455859: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.455860: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:37.455862: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:37.455864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.455865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:37.455867: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:37.455869: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:37.455870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:37.455872: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:23:37.455874: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:37.455876: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:37.455877: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455879: | flags: none (0x0) Aug 26 13:23:37.455881: | number of TS: 1 (0x1) Aug 26 13:23:37.455883: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:23:37.455885: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455886: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:37.455888: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:37.455890: | IP Protocol ID: 0 (0x0) Aug 26 13:23:37.455891: | start port: 0 (0x0) Aug 26 13:23:37.455893: | end port: 65535 (0xffff) Aug 26 13:23:37.455895: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:37.455896: | ipv4 start c0 00 01 00 Aug 26 13:23:37.455898: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:37.455899: | ipv4 end c0 00 01 ff Aug 26 13:23:37.455901: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:37.455903: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:23:37.455904: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:37.455907: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.455908: | flags: none (0x0) Aug 26 13:23:37.455910: | number of TS: 1 (0x1) Aug 26 13:23:37.455912: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:23:37.455914: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:37.455915: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:37.455917: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:37.455919: | IP Protocol ID: 0 (0x0) Aug 26 13:23:37.455920: | start port: 0 (0x0) Aug 26 13:23:37.455922: | end port: 65535 (0xffff) Aug 26 13:23:37.455923: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:37.455925: | ipv4 start c0 00 02 00 Aug 26 13:23:37.455926: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:37.455928: | ipv4 end c0 00 02 ff Aug 26 13:23:37.455929: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:37.455931: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:23:37.455933: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:23:37.455935: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:23:37.455936: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:23:37.455938: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:23:37.455940: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:23:37.455942: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:23:37.455944: | emitting length of ISAKMP Message: 365 Aug 26 13:23:37.455955: | suspend processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:37.455958: | start processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:37.455961: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:23:37.455963: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:23:37.455965: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:23:37.455967: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:23:37.455970: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:37.455973: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:23:37.455976: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:23:37.455982: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:37.456001: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:37.456003: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.456005: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:23:37.456006: | 2a 57 f9 1f 2c dc 16 39 b8 d9 54 e1 fd af 8a 22 Aug 26 13:23:37.456008: | 59 a7 07 01 d3 40 e3 26 81 43 c8 03 69 93 bb d6 Aug 26 13:23:37.456009: | 53 69 e9 10 b1 5b 77 a1 b4 d9 0e fa 67 d6 b1 37 Aug 26 13:23:37.456011: | 54 2c 30 f9 71 be 0f 89 39 1a 56 ee e4 fa ea 74 Aug 26 13:23:37.456012: | a6 d5 c5 d1 9f 07 e0 ea 1c 3a dc 29 0a ac bf f8 Aug 26 13:23:37.456014: | fc 52 d6 e9 82 f3 de 33 3e 9b ab d4 b8 b6 96 2a Aug 26 13:23:37.456015: | 09 08 6e 02 06 64 6d 7d 7d eb 95 f9 bb 19 13 2b Aug 26 13:23:37.456017: | 1d 79 ee 18 ce 35 a0 1f 6c 8d 22 d7 b1 8e 92 a0 Aug 26 13:23:37.456032: | 91 a3 c1 e3 8e 35 ac 2c 67 e7 a4 44 ec 6c 5c 74 Aug 26 13:23:37.456034: | 74 a0 ba 89 87 b1 9a ca 4b f2 8f 40 86 25 97 5b Aug 26 13:23:37.456035: | cd bd ff 9b 22 8e 11 32 4c e1 f2 f4 b3 99 d0 54 Aug 26 13:23:37.456037: | f5 38 fe b6 10 91 2c 96 48 00 6f cf 84 b0 2e 13 Aug 26 13:23:37.456038: | ab 6a 7b 66 09 61 01 bf ce 76 55 87 53 b9 bf 6d Aug 26 13:23:37.456040: | 59 ba ca 06 26 5e ce 79 8c 12 f2 58 23 9b 8c 7d Aug 26 13:23:37.456041: | 9c 6e 7b 74 54 24 af 1c 80 1a bf bd 57 47 8c 3d Aug 26 13:23:37.456043: | 75 47 62 16 c2 68 5e d9 65 77 08 91 3f 0e 0f 65 Aug 26 13:23:37.456044: | 22 19 eb df 1a a4 3a 5a 96 19 48 6a 87 43 d2 e3 Aug 26 13:23:37.456046: | 63 16 d0 4b 62 7c 9f 3f 1d 02 0a 86 4e 3a 91 16 Aug 26 13:23:37.456047: | 7b b3 fb b1 b6 d6 c8 65 2b 03 27 57 f2 7b 8f fc Aug 26 13:23:37.456049: | c5 bf f0 73 b3 ab df b4 7b 22 fa ed 80 ed 30 bf Aug 26 13:23:37.456050: | f1 c3 f3 a6 8b 82 8d 42 f4 89 df 2e 3e Aug 26 13:23:37.456079: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:23:37.456083: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:23:37.456085: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:23:37.456087: | libevent_malloc: new ptr-libevent@0x56327f9316a8 size 128 Aug 26 13:23:37.456091: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11103.198549 Aug 26 13:23:37.456093: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:23:37.456097: | #1 spent 0.809 milliseconds in resume sending helper answer Aug 26 13:23:37.456100: | stop processing: state #2 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:37.456103: | libevent_free: release ptr-libevent@0x7f6180000f48 Aug 26 13:23:37.483712: | spent 0.00335 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:37.483738: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:37.483743: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.483746: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:23:37.483748: | bb 56 51 14 27 13 2b b7 3c 1e ab 4a f6 97 ee 1d Aug 26 13:23:37.483751: | 06 5d f6 80 ae f6 b1 68 b8 4e 1d b7 01 1c 9b 0f Aug 26 13:23:37.483754: | c5 a3 30 10 c0 f2 51 75 03 1b 37 24 52 e4 1f 3e Aug 26 13:23:37.483756: | 7d fd fc 8d a1 3a 2b 05 b0 db 46 46 57 16 02 f6 Aug 26 13:23:37.483772: | 88 4d 71 0f c3 62 d1 0d 72 a4 f7 5e ad 38 93 30 Aug 26 13:23:37.483774: | c6 1e ff 4f 90 92 e0 55 1d f8 a6 b9 bd 7b 5c 0f Aug 26 13:23:37.483776: | a2 26 13 a2 2e 1e 81 e6 86 1e 5c fe b8 ca 79 c2 Aug 26 13:23:37.483778: | ba 34 4e 34 b5 2e da f9 b4 00 df ac 68 ec 52 24 Aug 26 13:23:37.483779: | 57 fb 5f 7d 88 f9 7d 61 98 4d f3 6e f9 8e d0 76 Aug 26 13:23:37.483781: | 04 5d 3a cf df 0c 2a 93 6a 6e 22 10 2a b5 51 e1 Aug 26 13:23:37.483782: | 87 38 40 8c 26 26 51 88 c1 f1 d3 fc dc 0c 80 77 Aug 26 13:23:37.483784: | d5 7b dd 8c 91 0b c7 44 43 a3 c6 d6 db d4 81 5d Aug 26 13:23:37.483785: | ce Aug 26 13:23:37.483788: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:37.483791: | **parse ISAKMP Message: Aug 26 13:23:37.483793: | initiator cookie: Aug 26 13:23:37.483795: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:23:37.483796: | responder cookie: Aug 26 13:23:37.483798: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:23:37.483800: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:23:37.483802: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:37.483803: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:37.483805: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:37.483807: | Message ID: 1 (0x1) Aug 26 13:23:37.483808: | length: 225 (0xe1) Aug 26 13:23:37.483810: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:23:37.483816: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:23:37.483819: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:23:37.483823: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:37.483825: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:23:37.483828: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:37.483830: | start processing: state #2 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:37.483832: | #2 is idle Aug 26 13:23:37.483834: | #2 idle Aug 26 13:23:37.483835: | unpacking clear payload Aug 26 13:23:37.483837: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:23:37.483839: | ***parse IKEv2 Encryption Payload: Aug 26 13:23:37.483841: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:23:37.483842: | flags: none (0x0) Aug 26 13:23:37.483844: | length: 197 (0xc5) Aug 26 13:23:37.483846: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:23:37.483847: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:23:37.483859: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:23:37.483861: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:23:37.483863: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:23:37.483865: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:37.483866: | flags: none (0x0) Aug 26 13:23:37.483868: | length: 12 (0xc) Aug 26 13:23:37.483870: | ID type: ID_FQDN (0x2) Aug 26 13:23:37.483871: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:23:37.483873: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:23:37.483875: | **parse IKEv2 Authentication Payload: Aug 26 13:23:37.483876: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:37.483892: | flags: none (0x0) Aug 26 13:23:37.483894: | length: 72 (0x48) Aug 26 13:23:37.483896: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:37.483897: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:23:37.483899: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:37.483901: | **parse IKEv2 Security Association Payload: Aug 26 13:23:37.483902: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:23:37.483904: | flags: none (0x0) Aug 26 13:23:37.483905: | length: 36 (0x24) Aug 26 13:23:37.483907: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:23:37.483908: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:23:37.483910: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:37.483912: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:23:37.483913: | flags: none (0x0) Aug 26 13:23:37.483915: | length: 24 (0x18) Aug 26 13:23:37.483916: | number of TS: 1 (0x1) Aug 26 13:23:37.483918: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:23:37.483920: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:23:37.483921: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:37.483923: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:37.483924: | flags: none (0x0) Aug 26 13:23:37.483926: | length: 24 (0x18) Aug 26 13:23:37.483927: | number of TS: 1 (0x1) Aug 26 13:23:37.483929: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:23:37.483931: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:23:37.483933: | Now let's proceed with state specific processing Aug 26 13:23:37.483934: | calling processor Initiator: process IKE_AUTH response Aug 26 13:23:37.483951: | offered CA: '%none' Aug 26 13:23:37.483954: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:23:37.483999: | verifying AUTH payload Aug 26 13:23:37.484004: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:23:37.484007: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:37.484012: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:37.484028: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:37.484031: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:37.484033: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:37.484035: | line 1: match=014 Aug 26 13:23:37.484038: | match 014 beats previous best_match 000 match=0x56327f885b58 (line=1) Aug 26 13:23:37.484040: | concluding with best_match=014 best=0x56327f885b58 (lineno=1) Aug 26 13:23:37.484093: "west" #2: Authenticated using authby=secret Aug 26 13:23:37.484103: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:23:37.484121: | #1 will start re-keying in 3595 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:37.484124: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:23:37.484127: | libevent_free: release ptr-libevent@0x7f6188002888 Aug 26 13:23:37.484131: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56327f92e548 Aug 26 13:23:37.484133: | event_schedule: new EVENT_SA_REKEY-pe@0x56327f92e548 Aug 26 13:23:37.484137: | inserting event EVENT_SA_REKEY, timeout in 3595 seconds for #1 Aug 26 13:23:37.484140: | libevent_malloc: new ptr-libevent@0x7f6180000f48 size 128 Aug 26 13:23:37.484214: | pstats #1 ikev2.ike established Aug 26 13:23:37.484222: | TSi: parsing 1 traffic selectors Aug 26 13:23:37.484226: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:37.484230: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:37.484233: | IP Protocol ID: 0 (0x0) Aug 26 13:23:37.484236: | length: 16 (0x10) Aug 26 13:23:37.484239: | start port: 0 (0x0) Aug 26 13:23:37.484242: | end port: 65535 (0xffff) Aug 26 13:23:37.484246: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:37.484249: | TS low c0 00 01 00 Aug 26 13:23:37.484253: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:37.484256: | TS high c0 00 01 ff Aug 26 13:23:37.484258: | TSi: parsed 1 traffic selectors Aug 26 13:23:37.484260: | TSr: parsing 1 traffic selectors Aug 26 13:23:37.484261: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:37.484263: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:37.484265: | IP Protocol ID: 0 (0x0) Aug 26 13:23:37.484266: | length: 16 (0x10) Aug 26 13:23:37.484268: | start port: 0 (0x0) Aug 26 13:23:37.484270: | end port: 65535 (0xffff) Aug 26 13:23:37.484271: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:37.484273: | TS low c0 00 02 00 Aug 26 13:23:37.484275: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:37.484276: | TS high c0 00 02 ff Aug 26 13:23:37.484278: | TSr: parsed 1 traffic selectors Aug 26 13:23:37.484282: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:23:37.484285: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:37.484303: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:23:37.484313: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:23:37.484318: | TSi[0] port match: YES fitness 65536 Aug 26 13:23:37.484321: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:23:37.484325: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:37.484330: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:37.484336: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:23:37.484340: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:23:37.484342: | TSr[0] port match: YES fitness 65536 Aug 26 13:23:37.484345: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:23:37.484349: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:37.484351: | best fit so far: TSi[0] TSr[0] Aug 26 13:23:37.484356: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:23:37.484359: | printing contents struct traffic_selector Aug 26 13:23:37.484361: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:37.484363: | ipprotoid: 0 Aug 26 13:23:37.484378: | port range: 0-65535 Aug 26 13:23:37.484381: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:23:37.484383: | printing contents struct traffic_selector Aug 26 13:23:37.484386: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:37.484388: | ipprotoid: 0 Aug 26 13:23:37.484390: | port range: 0-65535 Aug 26 13:23:37.484393: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:23:37.484405: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:37.484409: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:23:37.484413: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:37.484416: | local proposal 1 type PRF has 0 transforms Aug 26 13:23:37.484419: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:37.484421: | local proposal 1 type DH has 1 transforms Aug 26 13:23:37.484424: | local proposal 1 type ESN has 1 transforms Aug 26 13:23:37.484427: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:37.484430: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:37.484432: | local proposal 2 type PRF has 0 transforms Aug 26 13:23:37.484435: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:37.484437: | local proposal 2 type DH has 1 transforms Aug 26 13:23:37.484439: | local proposal 2 type ESN has 1 transforms Aug 26 13:23:37.484443: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:37.484445: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:37.484448: | local proposal 3 type PRF has 0 transforms Aug 26 13:23:37.484450: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:37.484453: | local proposal 3 type DH has 1 transforms Aug 26 13:23:37.484455: | local proposal 3 type ESN has 1 transforms Aug 26 13:23:37.484458: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:37.484460: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:37.484463: | local proposal 4 type PRF has 0 transforms Aug 26 13:23:37.484465: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:37.484468: | local proposal 4 type DH has 1 transforms Aug 26 13:23:37.484471: | local proposal 4 type ESN has 1 transforms Aug 26 13:23:37.484474: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:37.484477: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:37.484480: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:37.484482: | length: 32 (0x20) Aug 26 13:23:37.484485: | prop #: 1 (0x1) Aug 26 13:23:37.484487: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:37.484490: | spi size: 4 (0x4) Aug 26 13:23:37.484492: | # transforms: 2 (0x2) Aug 26 13:23:37.484495: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:37.484498: | remote SPI ea ac 72 6c Aug 26 13:23:37.484501: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:37.484504: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:37.484507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:37.484509: | length: 12 (0xc) Aug 26 13:23:37.484510: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:37.484512: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:37.484514: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:37.484516: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:37.484519: | length/value: 256 (0x100) Aug 26 13:23:37.484522: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:37.484524: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:37.484526: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:37.484527: | length: 8 (0x8) Aug 26 13:23:37.484529: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:37.484530: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:37.484533: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:23:37.484535: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:23:37.484538: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:23:37.484539: | remote proposal 1 matches local proposal 1 Aug 26 13:23:37.484541: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:23:37.484545: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=eaac726c;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:23:37.484546: | converting proposal to internal trans attrs Aug 26 13:23:37.484551: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:23:37.484654: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:23:37.484659: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:23:37.484662: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:37.484665: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:37.484668: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:37.484672: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:37.484676: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:37.484680: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:37.484683: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:37.484686: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:37.484690: | setting IPsec SA replay-window to 32 Aug 26 13:23:37.484692: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:37.484694: | netlink: enabling tunnel mode Aug 26 13:23:37.484696: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:37.484698: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:37.484766: | netlink response for Add SA esp.eaac726c@192.1.2.23 included non-error error Aug 26 13:23:37.484769: | set up outgoing SA, ref=0/0 Aug 26 13:23:37.484771: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:37.484773: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:37.484777: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:37.484783: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:37.484788: | setting IPsec SA replay-window to 32 Aug 26 13:23:37.484805: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:37.484808: | netlink: enabling tunnel mode Aug 26 13:23:37.484811: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:37.484815: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:37.484861: | netlink response for Add SA esp.60a9462c@192.1.2.45 included non-error error Aug 26 13:23:37.484865: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:37.484871: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:23:37.484875: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:37.484926: | raw_eroute result=success Aug 26 13:23:37.484929: | set up incoming SA, ref=0/0 Aug 26 13:23:37.484931: | sr for #2: unrouted Aug 26 13:23:37.484933: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:23:37.484935: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:37.484943: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:37.484947: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:37.484951: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:37.484968: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:23:37.484973: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:37.484981: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:23:37.484985: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:37.484994: | raw_eroute result=success Aug 26 13:23:37.485010: | running updown command "ipsec _updown" for verb up Aug 26 13:23:37.485012: | command executing up-client Aug 26 13:23:37.485050: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xeaac726c SPI_OUT=0x Aug 26 13:23:37.485054: | popen cmd is 1023 chars long Aug 26 13:23:37.485056: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Aug 26 13:23:37.485057: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Aug 26 13:23:37.485059: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Aug 26 13:23:37.485061: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Aug 26 13:23:37.485062: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Aug 26 13:23:37.485064: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Aug 26 13:23:37.485066: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Aug 26 13:23:37.485067: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Aug 26 13:23:37.485069: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Aug 26 13:23:37.485070: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Aug 26 13:23:37.485072: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Aug 26 13:23:37.485074: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Aug 26 13:23:37.485075: | cmd( 960):ED='no' SPI_IN=0xeaac726c SPI_OUT=0x60a9462c ipsec _updown 2>&1: Aug 26 13:23:37.492123: | route_and_eroute: firewall_notified: true Aug 26 13:23:37.492135: | running updown command "ipsec _updown" for verb prepare Aug 26 13:23:37.492137: | command executing prepare-client Aug 26 13:23:37.492158: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xeaac726c Aug 26 13:23:37.492163: | popen cmd is 1028 chars long Aug 26 13:23:37.492165: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Aug 26 13:23:37.492167: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Aug 26 13:23:37.492168: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Aug 26 13:23:37.492170: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:23:37.492172: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Aug 26 13:23:37.492173: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Aug 26 13:23:37.492175: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Aug 26 13:23:37.492176: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Aug 26 13:23:37.492178: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Aug 26 13:23:37.492180: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Aug 26 13:23:37.492181: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Aug 26 13:23:37.492183: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Aug 26 13:23:37.492185: | cmd( 960):_SHARED='no' SPI_IN=0xeaac726c SPI_OUT=0x60a9462c ipsec _updown 2>&1: Aug 26 13:23:37.498803: | running updown command "ipsec _updown" for verb route Aug 26 13:23:37.498814: | command executing route-client Aug 26 13:23:37.498834: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xeaac726c SPI_ Aug 26 13:23:37.498837: | popen cmd is 1026 chars long Aug 26 13:23:37.498839: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Aug 26 13:23:37.498841: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Aug 26 13:23:37.498842: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Aug 26 13:23:37.498844: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Aug 26 13:23:37.498846: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Aug 26 13:23:37.498847: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Aug 26 13:23:37.498851: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Aug 26 13:23:37.498853: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Aug 26 13:23:37.498855: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Aug 26 13:23:37.498856: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Aug 26 13:23:37.498858: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Aug 26 13:23:37.498860: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Aug 26 13:23:37.498861: | cmd( 960):HARED='no' SPI_IN=0xeaac726c SPI_OUT=0x60a9462c ipsec _updown 2>&1: Aug 26 13:23:37.507665: | route_and_eroute: instance "west", setting eroute_owner {spd=0x56327f92c848,sr=0x56327f92c848} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:23:37.507721: | #1 spent 1.41 milliseconds in install_ipsec_sa() Aug 26 13:23:37.507727: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:23:37.507730: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:37.507733: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:23:37.507740: | libevent_free: release ptr-libevent@0x56327f9316a8 Aug 26 13:23:37.507745: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:23:37.507750: | #2 spent 2.14 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:23:37.507763: | [RE]START processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:37.507769: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:23:37.507772: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:23:37.507777: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:23:37.507781: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:23:37.507788: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:23:37.507795: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:23:37.507799: | pstats #2 ikev2.child established Aug 26 13:23:37.507810: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:23:37.507821: | NAT-T: encaps is 'auto' Aug 26 13:23:37.507825: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xeaac726c <0x60a9462c xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:23:37.507829: | releasing whack for #2 (sock=fd@25) Aug 26 13:23:37.507832: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:23:37.507833: | releasing whack and unpending for parent #1 Aug 26 13:23:37.507835: | unpending state #1 connection "west" Aug 26 13:23:37.507840: | delete from pending Child SA with 192.1.2.23 "west" Aug 26 13:23:37.507842: | removing pending policy for no connection {0x56327f91f3e8} Aug 26 13:23:37.507847: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:23:37.507851: | #2 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:37.507854: | event_schedule: new EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:23:37.507857: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #2 Aug 26 13:23:37.507859: | libevent_malloc: new ptr-libevent@0x56327f933bd8 size 128 Aug 26 13:23:37.507864: | stop processing: state #2 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:37.507868: | #1 spent 2.47 milliseconds in ikev2_process_packet() Aug 26 13:23:37.507873: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:37.507883: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:37.507887: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:37.507891: | spent 2.49 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:37.507904: | processing signal PLUTO_SIGCHLD Aug 26 13:23:37.507910: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:37.507914: | spent 0.00569 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:37.507917: | processing signal PLUTO_SIGCHLD Aug 26 13:23:37.507920: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:37.507923: | spent 0.00341 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:37.507925: | processing signal PLUTO_SIGCHLD Aug 26 13:23:37.507929: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:37.507932: | spent 0.00308 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:40.759394: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:40.759470: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:23:40.759485: | FOR_EACH_STATE_... in sort_states Aug 26 13:23:40.759507: | get_sa_info esp.60a9462c@192.1.2.45 Aug 26 13:23:40.759554: | get_sa_info esp.eaac726c@192.1.2.23 Aug 26 13:23:40.759617: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:40.759639: | spent 0.271 milliseconds in whack Aug 26 13:23:57.266308: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:23:57.266325: | expiring aged bare shunts from shunt table Aug 26 13:23:57.266331: | spent 0.00417 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:02.489618: | timer_event_cb: processing event@0x7f6188002b78 Aug 26 13:24:02.489683: | handling event EVENT_SA_REKEY for child state #2 Aug 26 13:24:02.489707: | start processing: state #2 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:02.489723: | picked newest_ipsec_sa #2 for #2 Aug 26 13:24:02.489732: | rekeying stale CHILD SA Aug 26 13:24:02.489746: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:02.489755: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:02.489766: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:02.489782: | creating state object #3 at 0x56327f939418 Aug 26 13:24:02.489791: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:24:02.489830: | pstats #3 ikev2.child started Aug 26 13:24:02.489840: | duplicating state object #1 "west" as #3 for IPSEC SA Aug 26 13:24:02.489860: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:02.489899: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:02.489915: | suspend processing: state #2 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:02.489928: | start processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:02.489941: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:02.489953: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:24:02.489964: | constructing ESP/AH proposals with default DH MODP2048 for west (ESP/AH initiator emitting proposals) Aug 26 13:24:02.489978: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:24:02.489996: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.490006: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:24:02.490019: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.490029: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:02.490043: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.490066: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:02.490079: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.490102: "west": constructed local ESP/AH proposals for west (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.490121: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:24:02.490132: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56327f9313d8 Aug 26 13:24:02.490144: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:24:02.490155: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:02.490171: | RESET processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:02.490180: | scheduling drop-dead replace event for #2 Aug 26 13:24:02.490194: | event_schedule: new EVENT_SA_REPLACE-pe@0x56327f937808 Aug 26 13:24:02.490207: | inserting event EVENT_SA_REPLACE, timeout in 5.01813 seconds for #2 Aug 26 13:24:02.490216: | libevent_malloc: new ptr-libevent@0x56327f9314f8 size 128 Aug 26 13:24:02.490227: | libevent_free: release ptr-libevent@0x56327f933bd8 Aug 26 13:24:02.490236: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:24:02.490256: | #2 spent 0.644 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:02.490265: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:02.490284: | timer_event_cb: processing event@0x56327f9313d8 Aug 26 13:24:02.490328: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:24:02.490344: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:02.490372: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:24:02.490382: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:02.490394: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:02.490403: | libevent_malloc: new ptr-libevent@0x56327f933bd8 size 128 Aug 26 13:24:02.490432: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:02.490451: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56327f9313d8 Aug 26 13:24:02.490462: | crypto helper 3 resuming Aug 26 13:24:02.490474: | #3 spent 0.158 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:02.490510: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:24:02.490540: | stop processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:24:02.490555: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:24:02.493236: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.002682 seconds Aug 26 13:24:02.493278: | (#3) spent 2.71 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:02.493308: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:24:02.493320: | scheduling resume sending helper answer for #3 Aug 26 13:24:02.493330: | libevent_malloc: new ptr-libevent@0x7f6184002888 size 128 Aug 26 13:24:02.493340: | libevent_realloc: release ptr-libevent@0x56327f90e5b8 Aug 26 13:24:02.493354: | libevent_realloc: new ptr-libevent@0x7f61840027d8 size 128 Aug 26 13:24:02.493380: | crypto helper 3 waiting (nothing to do) Aug 26 13:24:02.493412: | processing resume sending helper answer for #3 Aug 26 13:24:02.493449: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:02.493462: | crypto helper 3 replies to request ID 3 Aug 26 13:24:02.493471: | calling continuation function 0x56327dd4db50 Aug 26 13:24:02.493483: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:02.493492: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:02.493502: | libevent_free: release ptr-libevent@0x56327f933bd8 Aug 26 13:24:02.493512: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:02.493522: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:02.493534: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:24:02.493543: | libevent_malloc: new ptr-libevent@0x56327f933bd8 size 128 Aug 26 13:24:02.493560: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:02.493575: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:02.493585: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:02.493601: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:02.493613: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:02.493622: | suspending state #3 and saving MD Aug 26 13:24:02.493630: | #3 is busy; has a suspended MD Aug 26 13:24:02.493643: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:02.493654: | "west" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:02.493666: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:24:02.493681: | #3 spent 0.216 milliseconds in resume sending helper answer Aug 26 13:24:02.493694: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:02.493704: | libevent_free: release ptr-libevent@0x7f6184002888 Aug 26 13:24:02.493719: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:02.493733: | start processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:24:02.493750: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:02.493764: | suspend processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:02.493776: | start processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:02.493865: | **emit ISAKMP Message: Aug 26 13:24:02.493875: | initiator cookie: Aug 26 13:24:02.493884: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:02.493892: | responder cookie: Aug 26 13:24:02.493899: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:02.493908: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:02.493917: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:02.493926: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:02.493938: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:02.493947: | Message ID: 2 (0x2) Aug 26 13:24:02.493956: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:02.493966: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:02.493975: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.493983: | flags: none (0x0) Aug 26 13:24:02.493993: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:02.494003: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.494018: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:02.494708: | netlink_get_spi: allocated 0x76b1c3bf for esp.0@192.1.2.45 Aug 26 13:24:02.494731: | Emitting ikev2_proposals ... Aug 26 13:24:02.494741: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:02.494750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.494757: | flags: none (0x0) Aug 26 13:24:02.494768: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:02.494777: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.494786: | discarding INTEG=NONE Aug 26 13:24:02.494794: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:02.494803: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.494811: | prop #: 1 (0x1) Aug 26 13:24:02.494819: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:02.494827: | spi size: 4 (0x4) Aug 26 13:24:02.494835: | # transforms: 3 (0x3) Aug 26 13:24:02.494844: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:02.494855: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:02.494863: | our spi 76 b1 c3 bf Aug 26 13:24:02.494872: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.494880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.494888: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:02.494896: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:02.494905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.494915: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:02.494924: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:02.494932: | length/value: 256 (0x100) Aug 26 13:24:02.494941: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:02.494949: | discarding INTEG=NONE Aug 26 13:24:02.494957: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.494965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.494973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:02.494981: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.494991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495009: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495017: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495025: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:02.495033: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:02.495041: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:02.495050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495068: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495076: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:02.495085: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:02.495093: | discarding INTEG=NONE Aug 26 13:24:02.495101: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:02.495109: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.495117: | prop #: 2 (0x2) Aug 26 13:24:02.495125: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:02.495143: | spi size: 4 (0x4) Aug 26 13:24:02.495151: | # transforms: 3 (0x3) Aug 26 13:24:02.495162: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.495171: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:02.495181: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:02.495188: | our spi 76 b1 c3 bf Aug 26 13:24:02.495196: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495212: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:02.495220: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:02.495229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495238: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:02.495246: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:02.495254: | length/value: 128 (0x80) Aug 26 13:24:02.495263: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:02.495270: | discarding INTEG=NONE Aug 26 13:24:02.495278: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495305: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:02.495313: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.495323: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495341: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495349: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495357: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:02.495365: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:02.495372: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:02.495382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495391: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495407: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:02.495416: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:02.495424: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:02.495432: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.495440: | prop #: 3 (0x3) Aug 26 13:24:02.495448: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:02.495455: | spi size: 4 (0x4) Aug 26 13:24:02.495463: | # transforms: 5 (0x5) Aug 26 13:24:02.495472: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.495481: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:02.495491: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:02.495498: | our spi 76 b1 c3 bf Aug 26 13:24:02.495506: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495522: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:02.495534: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:02.495543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495552: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:02.495560: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:02.495568: | length/value: 256 (0x100) Aug 26 13:24:02.495576: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:02.495584: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495600: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:02.495608: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:02.495618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495635: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495643: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495658: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:02.495666: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:02.495676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495693: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495701: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495716: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:02.495724: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.495734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495751: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495759: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495766: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:02.495774: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:02.495782: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:02.495791: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495800: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.495817: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:02.495826: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:02.495834: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:02.495842: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:02.495849: | prop #: 4 (0x4) Aug 26 13:24:02.495857: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:02.495865: | spi size: 4 (0x4) Aug 26 13:24:02.495872: | # transforms: 5 (0x5) Aug 26 13:24:02.495882: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:02.495895: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:02.495905: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:02.495912: | our spi 76 b1 c3 bf Aug 26 13:24:02.495920: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.495928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.495936: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:02.495944: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:02.495952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.495961: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:02.495969: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:02.495976: | length/value: 128 (0x80) Aug 26 13:24:02.495985: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:02.495993: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.496000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496008: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:02.496016: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:02.496026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.496043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.496051: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.496059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496066: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:02.496074: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:02.496084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.496101: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.496109: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.496116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496124: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:02.496132: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.496141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.496159: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.496166: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:02.496174: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:02.496182: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:02.496190: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:02.496199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.496208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:02.496216: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:02.496224: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:02.496233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:02.496245: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:02.496255: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:02.496266: | #3 initiate rekey request for "west" #2 SPI 0x60a9462c TSi TSr Aug 26 13:24:02.496274: | printing contents struct traffic_selector Aug 26 13:24:02.496282: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:02.496299: | ipprotoid: 0 Aug 26 13:24:02.496311: | port range: 0-65535 Aug 26 13:24:02.496325: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:02.496332: | printing contents struct traffic_selector Aug 26 13:24:02.496339: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:02.496347: | ipprotoid: 0 Aug 26 13:24:02.496354: | port range: 0-65535 Aug 26 13:24:02.496365: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:02.496373: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:02.496382: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.496389: | flags: none (0x0) Aug 26 13:24:02.496400: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:02.496409: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.496419: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:02.496428: | IKEv2 nonce 4b 0c 99 59 e7 09 86 ad 63 39 25 52 7c 64 e2 30 Aug 26 13:24:02.496436: | IKEv2 nonce d7 0f 91 74 a2 04 4d cd 12 23 79 a4 63 fb 88 da Aug 26 13:24:02.496444: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:02.496452: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:02.496461: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.496468: | flags: none (0x0) Aug 26 13:24:02.496476: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.496486: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:02.496495: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.496505: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:02.496513: | ikev2 g^x 5b e7 48 05 d8 25 d7 a7 f7 b8 65 66 ca 86 50 9c Aug 26 13:24:02.496521: | ikev2 g^x 48 d8 47 52 15 33 82 1d ee da 8d 79 e2 1a 61 42 Aug 26 13:24:02.496529: | ikev2 g^x 6e d7 ae ba 52 ce 74 09 f6 72 54 a5 06 05 33 63 Aug 26 13:24:02.496536: | ikev2 g^x a5 e9 7c cd c7 9d c1 87 1e 61 72 18 7c 17 56 a6 Aug 26 13:24:02.496544: | ikev2 g^x 69 2a 27 4d 01 16 3d 4a 9f e2 c9 1d 1a 90 28 7b Aug 26 13:24:02.496551: | ikev2 g^x fb f8 34 2f 42 c3 50 cd 18 e7 e3 72 b0 54 00 df Aug 26 13:24:02.496559: | ikev2 g^x 9d 1e ff 8b 3b 94 d7 ff 5e 79 00 5e f5 cf a2 9c Aug 26 13:24:02.496566: | ikev2 g^x 5e 3e 8f 77 10 b2 e0 58 b1 5d 2c ad c6 6c ae 84 Aug 26 13:24:02.496574: | ikev2 g^x cb c6 3f dd bf 40 90 ed 7e 23 68 05 e3 08 e9 06 Aug 26 13:24:02.496581: | ikev2 g^x b0 3e 29 4a 07 78 b2 1d a6 d8 09 fd c2 84 65 63 Aug 26 13:24:02.496589: | ikev2 g^x e5 e6 93 f0 3f 5d e6 7e 20 46 93 5a 75 60 b6 ae Aug 26 13:24:02.496596: | ikev2 g^x ee 05 2e 7d ec fd ae 82 b5 67 d2 b2 a2 e8 32 2d Aug 26 13:24:02.496603: | ikev2 g^x 16 a4 f9 56 42 bc c2 32 69 d9 e9 32 cc aa 24 03 Aug 26 13:24:02.496611: | ikev2 g^x 4c f6 14 e5 69 be a6 b7 ac f5 90 e1 c9 bd 90 4c Aug 26 13:24:02.496618: | ikev2 g^x 11 02 67 a8 dd d0 70 39 fb d8 6a 88 58 4f 01 b9 Aug 26 13:24:02.496626: | ikev2 g^x bc 84 95 37 f2 06 e5 c6 4f c8 f0 ec 73 42 d8 a2 Aug 26 13:24:02.496634: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:02.496642: | Adding a v2N Payload Aug 26 13:24:02.496650: | ****emit IKEv2 Notify Payload: Aug 26 13:24:02.496658: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.496665: | flags: none (0x0) Aug 26 13:24:02.496673: | Protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:02.496685: | SPI size: 4 (0x4) Aug 26 13:24:02.496694: | Notify Message Type: v2N_REKEY_SA (0x4009) Aug 26 13:24:02.496704: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:02.496713: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.496723: | emitting 4 raw bytes of SPI into IKEv2 Notify Payload Aug 26 13:24:02.496730: | SPI 60 a9 46 2c Aug 26 13:24:02.496738: | emitting length of IKEv2 Notify Payload: 12 Aug 26 13:24:02.496747: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:02.496755: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.496763: | flags: none (0x0) Aug 26 13:24:02.496770: | number of TS: 1 (0x1) Aug 26 13:24:02.496781: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:24:02.496790: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.496798: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:02.496807: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:02.496814: | IP Protocol ID: 0 (0x0) Aug 26 13:24:02.496822: | start port: 0 (0x0) Aug 26 13:24:02.496831: | end port: 65535 (0xffff) Aug 26 13:24:02.496840: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:02.496849: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:02.496858: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:02.496865: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:02.496874: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:02.496882: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 48 Aug 26 13:24:02.496890: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:02.496898: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.496905: | flags: none (0x0) Aug 26 13:24:02.496913: | number of TS: 1 (0x1) Aug 26 13:24:02.496923: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:24:02.496932: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:02.496940: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:02.496948: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:02.496955: | IP Protocol ID: 0 (0x0) Aug 26 13:24:02.496963: | start port: 0 (0x0) Aug 26 13:24:02.496970: | end port: 65535 (0xffff) Aug 26 13:24:02.496979: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:02.496987: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:02.496996: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:02.497004: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:02.497011: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:02.497019: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 48 Aug 26 13:24:02.497028: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:24:02.497037: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:02.497047: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:02.497057: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:02.497065: | emitting length of IKEv2 Encryption Payload: 633 Aug 26 13:24:02.497073: | emitting length of ISAKMP Message: 661 Aug 26 13:24:02.497134: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:02.497152: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_OK Aug 26 13:24:02.497163: | IKEv2: transition from state STATE_V2_REKEY_CHILD_I0 to state STATE_V2_REKEY_CHILD_I Aug 26 13:24:02.497173: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => V2_REKEY_CHILD_I(established IKE SA) Aug 26 13:24:02.497183: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:24:02.497191: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:02.497207: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:24:02.497217: "west" #3: STATE_V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:02.497233: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:02.497261: | sending 661 bytes for STATE_V2_REKEY_CHILD_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:02.497270: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:02.497278: | 2e 20 24 08 00 00 00 02 00 00 02 95 21 00 02 79 Aug 26 13:24:02.497285: | 66 6f 92 bc aa a5 4d 52 85 80 5a 6e 81 0d c6 f0 Aug 26 13:24:02.497308: | 76 ae b4 f6 6b 63 47 7e f4 26 8a f3 f4 04 aa 18 Aug 26 13:24:02.497316: | 01 5d bc 69 a4 90 f2 ef e3 1f 98 81 0c d3 92 63 Aug 26 13:24:02.497324: | 40 11 dd 98 d2 32 5f 8f 52 3a 81 65 18 1f 82 34 Aug 26 13:24:02.497331: | 4c 0c f3 1d 20 87 2b ee 1f a4 28 53 2d 3f cb 0e Aug 26 13:24:02.497339: | 07 24 88 07 c9 1f 91 9d 6b a0 ba fa 8f ee 01 03 Aug 26 13:24:02.497346: | 78 3b 4f 1d 04 1a 3f cd 91 a9 e9 1a 6e 3e 9b 0d Aug 26 13:24:02.497353: | eb e0 56 1e cd e2 d8 cc e1 d2 42 44 8f 3e bf 9c Aug 26 13:24:02.497361: | b9 fd 4a 0f 3e e1 b1 17 67 3d 69 68 e7 3a c6 66 Aug 26 13:24:02.497368: | 8c e3 31 78 57 40 ae eb 29 2b 62 9a e8 db fa 5d Aug 26 13:24:02.497375: | 3f 05 fe 1d 8d c3 9e b4 0f bc 99 06 b0 71 d3 e8 Aug 26 13:24:02.497383: | 9e 03 d3 d2 e2 4d d5 e9 58 19 e7 7e c8 39 b9 e4 Aug 26 13:24:02.497390: | dd 6f e7 f6 f8 ec d4 07 b3 40 21 63 51 92 1a fe Aug 26 13:24:02.497397: | 48 6f 57 41 44 a9 b2 48 9a dc e2 37 fd e0 01 33 Aug 26 13:24:02.497405: | f2 ab 98 e1 ba 35 46 c7 09 a8 e5 53 65 18 5b 0c Aug 26 13:24:02.497412: | d3 ce 46 d8 5d b1 98 76 44 14 56 37 92 c8 05 15 Aug 26 13:24:02.497419: | 89 27 7b 48 80 46 d7 1e f2 f9 87 6f 9e 92 73 2e Aug 26 13:24:02.497427: | d1 77 cc b0 99 37 ca 09 e2 74 cc 89 b4 74 41 43 Aug 26 13:24:02.497434: | 00 48 e9 6b e4 1c 2c 12 91 4d ea a6 ac 77 08 39 Aug 26 13:24:02.497441: | 53 ca 8a 33 b7 14 c6 cc b0 0c fc 67 b2 f3 bd cf Aug 26 13:24:02.497449: | f5 2e 4f f4 42 12 84 b8 5d 8c 50 32 ca e2 e6 41 Aug 26 13:24:02.497456: | d0 76 c7 e4 ca c1 da ac 0e 56 7b b5 02 25 92 12 Aug 26 13:24:02.497464: | 94 a9 64 5e 66 a2 b2 dd 2e 27 a8 16 7f f4 24 55 Aug 26 13:24:02.497471: | ba b0 16 07 41 0e 8d 1d db 25 2f 97 5c 38 98 06 Aug 26 13:24:02.497478: | ac 1b ce ff 73 5f 85 1d 43 c9 b6 47 d4 ed c1 a0 Aug 26 13:24:02.497485: | 01 f8 95 08 f7 d3 3e 1e cc d6 f9 6e 06 22 37 12 Aug 26 13:24:02.497493: | 9c 8c 52 01 c7 32 d2 1d 73 26 dc ca 82 ab de f9 Aug 26 13:24:02.497500: | b8 b4 b6 d3 d7 09 20 12 82 bd 48 a0 57 a6 84 57 Aug 26 13:24:02.497507: | 0e a1 ae d2 e4 39 43 c8 ab e7 09 8d d3 7f 41 9e Aug 26 13:24:02.497515: | 55 4f c4 d8 da 5d 69 14 e4 9a 64 0d 16 d9 39 1a Aug 26 13:24:02.497522: | 4e 27 75 78 d7 a8 95 5d 6d e9 21 2a b4 aa ca c0 Aug 26 13:24:02.497529: | da 3f 82 e7 5b 4e dd 92 e7 92 ae 94 4e 39 77 3d Aug 26 13:24:02.497537: | 53 a1 84 d8 a7 d3 d0 ae 5d 2c d9 0a 54 ea 42 73 Aug 26 13:24:02.497544: | 38 f1 6a b6 cb 1a 9c ce 5d 3d 77 af 43 68 b1 14 Aug 26 13:24:02.497551: | e4 30 b1 90 39 bf e3 53 d1 83 3f cf 12 8e 40 15 Aug 26 13:24:02.497559: | d7 88 07 b1 2b bf c8 b8 6f c1 30 17 60 b6 4e 0d Aug 26 13:24:02.497566: | 2c ac d7 d5 03 84 2b ac 6e 78 14 cd 65 d9 65 73 Aug 26 13:24:02.497578: | 33 5e e8 4a da 4f 69 14 e9 4e c4 52 7d ac b7 7c Aug 26 13:24:02.497585: | b6 ba ce 79 33 75 38 75 fe b3 b0 29 12 ea 9b d8 Aug 26 13:24:02.497593: | 92 c4 66 fc 41 Aug 26 13:24:02.497694: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:02.497710: | libevent_free: release ptr-libevent@0x56327f933bd8 Aug 26 13:24:02.497720: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:02.497730: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:24:02.497742: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:02.497754: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:24:02.497764: | libevent_malloc: new ptr-libevent@0x56327f933bd8 size 128 Aug 26 13:24:02.497780: | #3 STATE_V2_REKEY_CHILD_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11128.240205 Aug 26 13:24:02.497796: | stop processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:02.497810: | resume processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:02.497826: | #1 spent 3.99 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:02.497839: | stop processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:24:02.497848: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:02.511567: | spent 0.0104 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:02.511652: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:02.511665: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:02.511674: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:24:02.511681: | 7e 8a cd 47 dd 40 05 a0 a9 d9 7c 4d 7d 65 e0 50 Aug 26 13:24:02.511689: | 28 57 83 49 c6 b5 ce 13 11 ce 40 42 ee c9 3a 4d Aug 26 13:24:02.511696: | 78 fc 93 4b 78 49 33 e9 34 67 dd a1 a7 8d d0 c4 Aug 26 13:24:02.511704: | 62 85 a5 25 ae f4 43 27 e6 ae 5a be 89 0b 3f c9 Aug 26 13:24:02.511711: | 3b ed dc 9c f7 f6 4c f5 e0 74 f2 6d 7d fe d8 0c Aug 26 13:24:02.511718: | 3e 6f 6e 9c 55 57 12 25 6d ab a5 d3 0f f4 c3 1f Aug 26 13:24:02.511726: | a6 00 5f f5 31 4b 20 b2 18 b3 48 f0 c3 42 18 62 Aug 26 13:24:02.511733: | 12 26 7b b9 87 ce 0b f5 7f e5 21 3c c6 c7 00 34 Aug 26 13:24:02.511741: | 21 19 c1 16 10 cd 4e 63 83 a0 c3 3d 52 c4 24 c9 Aug 26 13:24:02.511748: | c5 c1 fa db bf 0a 5e e0 41 60 67 f6 34 1f 29 79 Aug 26 13:24:02.511755: | aa 98 ab b5 d4 59 d1 1d 19 f8 d8 f3 a3 12 ef a0 Aug 26 13:24:02.511763: | f6 79 ce 0b 2a 3a 3d da 40 6e 83 58 12 02 19 04 Aug 26 13:24:02.511770: | 73 e1 28 54 89 20 d0 75 ce 21 a3 4a 8d ca 9f 19 Aug 26 13:24:02.511777: | 48 cf 01 e3 2a 40 5e f1 b2 f4 54 33 a3 b3 a8 3f Aug 26 13:24:02.511785: | 90 33 cd 36 ac 8c 14 8c ec 75 87 1b 4c 70 45 9e Aug 26 13:24:02.511792: | 9e 62 a8 6f b4 88 fe a6 b2 55 b6 a1 ae 83 ec c4 Aug 26 13:24:02.511799: | 27 a2 c4 5d b2 7e 70 46 cf af 9a 7c f5 2f 29 da Aug 26 13:24:02.511807: | e2 c9 24 ca e5 a6 79 8a 38 23 67 ec 5d 5a 80 cc Aug 26 13:24:02.511814: | 3c e1 22 13 90 aa 18 db f3 71 0b fd ae 7b 0e 0c Aug 26 13:24:02.511821: | 2b 1e b9 c9 b3 5c 54 d7 91 0f 74 24 45 f9 cf 57 Aug 26 13:24:02.511829: | 01 f9 72 e4 45 9e 55 79 90 96 be f2 bd d8 dd cf Aug 26 13:24:02.511836: | e0 88 04 aa b8 36 1a 2c e6 9e cc 30 b0 cd 69 ff Aug 26 13:24:02.511843: | d0 a6 6a a0 a1 b9 d9 2c b8 5d 3d 99 4a 83 4b 6a Aug 26 13:24:02.511851: | 09 95 be 0c 2a 7e a9 49 9f f8 4b 7f cf 29 80 d1 Aug 26 13:24:02.511858: | 85 8d 86 9a 9a 09 48 87 8d f9 9a 92 3c 1c 83 28 Aug 26 13:24:02.511865: | 86 0f bd e3 df 48 a8 93 0d bf c1 37 7c cf 0d 93 Aug 26 13:24:02.511872: | 32 Aug 26 13:24:02.511887: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:02.511908: | **parse ISAKMP Message: Aug 26 13:24:02.511918: | initiator cookie: Aug 26 13:24:02.511926: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:02.511934: | responder cookie: Aug 26 13:24:02.511941: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:02.511950: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:02.511959: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:02.511967: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:02.511976: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:02.511984: | Message ID: 2 (0x2) Aug 26 13:24:02.511992: | length: 449 (0x1c1) Aug 26 13:24:02.512002: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:02.512013: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:02.512024: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:02.512043: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:02.512054: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:02.512067: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:02.512079: | start processing: state #3 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:02.512087: | #3 is idle Aug 26 13:24:02.512095: | #3 idle Aug 26 13:24:02.512102: | unpacking clear payload Aug 26 13:24:02.512111: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:02.512120: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:02.512128: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:02.512136: | flags: none (0x0) Aug 26 13:24:02.512144: | length: 421 (0x1a5) Aug 26 13:24:02.512153: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:24:02.512162: | #3 in state V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:02.512204: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:02.512215: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:02.512224: | **parse IKEv2 Security Association Payload: Aug 26 13:24:02.512232: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:02.512240: | flags: none (0x0) Aug 26 13:24:02.512248: | length: 44 (0x2c) Aug 26 13:24:02.512256: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:24:02.512264: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:02.512272: | **parse IKEv2 Nonce Payload: Aug 26 13:24:02.512280: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:02.512287: | flags: none (0x0) Aug 26 13:24:02.512319: | length: 36 (0x24) Aug 26 13:24:02.512328: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:02.512336: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:02.512344: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:02.512358: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:24:02.512366: | flags: none (0x0) Aug 26 13:24:02.512374: | length: 264 (0x108) Aug 26 13:24:02.512382: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.512390: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:02.512398: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:24:02.512406: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:02.512414: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:24:02.512422: | flags: none (0x0) Aug 26 13:24:02.512429: | length: 24 (0x18) Aug 26 13:24:02.512437: | number of TS: 1 (0x1) Aug 26 13:24:02.512445: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:24:02.512452: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:24:02.512460: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:02.512468: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:02.512476: | flags: none (0x0) Aug 26 13:24:02.512483: | length: 24 (0x18) Aug 26 13:24:02.512503: | number of TS: 1 (0x1) Aug 26 13:24:02.512511: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:24:02.512522: | state #3 forced to match CREATE_CHILD_SA from V2_CREATE_I->V2_IPSEC_I by ignoring from state Aug 26 13:24:02.512531: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:02.512548: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:02.512557: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:24:02.512564: | Now let's proceed with state specific processing Aug 26 13:24:02.512572: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:02.512608: | using existing local ESP/AH proposals for west (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.512620: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:24:02.512637: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:02.512645: | local proposal 1 type PRF has 0 transforms Aug 26 13:24:02.512654: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:02.512662: | local proposal 1 type DH has 1 transforms Aug 26 13:24:02.512669: | local proposal 1 type ESN has 1 transforms Aug 26 13:24:02.512680: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:02.512688: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:02.512696: | local proposal 2 type PRF has 0 transforms Aug 26 13:24:02.512704: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:02.512711: | local proposal 2 type DH has 1 transforms Aug 26 13:24:02.512719: | local proposal 2 type ESN has 1 transforms Aug 26 13:24:02.512729: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:02.512736: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:02.512744: | local proposal 3 type PRF has 0 transforms Aug 26 13:24:02.512752: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:02.512760: | local proposal 3 type DH has 1 transforms Aug 26 13:24:02.512768: | local proposal 3 type ESN has 1 transforms Aug 26 13:24:02.512777: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:02.512785: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:02.512793: | local proposal 4 type PRF has 0 transforms Aug 26 13:24:02.512800: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:02.512808: | local proposal 4 type DH has 1 transforms Aug 26 13:24:02.512816: | local proposal 4 type ESN has 1 transforms Aug 26 13:24:02.512825: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:02.512834: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:02.512842: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:02.512850: | length: 40 (0x28) Aug 26 13:24:02.512858: | prop #: 1 (0x1) Aug 26 13:24:02.512866: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:02.512874: | spi size: 4 (0x4) Aug 26 13:24:02.512881: | # transforms: 3 (0x3) Aug 26 13:24:02.512892: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:02.512900: | remote SPI 95 f4 fb ca Aug 26 13:24:02.512910: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:02.512919: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:02.512928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.512935: | length: 12 (0xc) Aug 26 13:24:02.512944: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:02.512952: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:02.512960: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:02.512974: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:02.512982: | length/value: 256 (0x100) Aug 26 13:24:02.512995: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:02.513004: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:02.513012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:02.513020: | length: 8 (0x8) Aug 26 13:24:02.513028: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:02.513036: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:02.513047: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:02.513055: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:02.513063: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:02.513070: | length: 8 (0x8) Aug 26 13:24:02.513078: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:02.513086: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:02.513096: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:24:02.513108: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:24:02.513122: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:24:02.513130: | remote proposal 1 matches local proposal 1 Aug 26 13:24:02.513140: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:24:02.513156: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=95f4fbca;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:24:02.513165: | converting proposal to internal trans attrs Aug 26 13:24:02.513179: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:24:02.513200: | adding ikev2 Child Rekey SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:24:02.513210: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:02.513219: | #3 STATE_V2_REKEY_CHILD_I: retransmits: cleared Aug 26 13:24:02.513231: | libevent_free: release ptr-libevent@0x56327f933bd8 Aug 26 13:24:02.513241: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:02.513251: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:02.513263: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:02.513273: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:02.513402: | crypto helper 5 resuming Aug 26 13:24:02.513406: | #3 spent 0.73 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:24:02.513467: | crypto helper 5 starting work-order 4 for state #3 Aug 26 13:24:02.513499: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:02.513505: | crypto helper 5 doing crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 Aug 26 13:24:02.513528: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:24:02.513542: | suspending state #3 and saving MD Aug 26 13:24:02.513555: | #3 is busy; has a suspended MD Aug 26 13:24:02.513577: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:02.513596: | "west" #3 complete v2 state STATE_V2_REKEY_CHILD_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:02.513620: | stop processing: state #3 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:02.513644: | #1 spent 1.9 milliseconds in ikev2_process_packet() Aug 26 13:24:02.513665: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:02.513680: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:02.513701: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:02.513721: | spent 1.98 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:02.516764: | crypto helper 5 finished crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 time elapsed 0.003258 seconds Aug 26 13:24:02.516805: | (#3) spent 3.25 milliseconds in crypto helper computing work-order 4: ikev2 Child Rekey SA initiator pfs=yes (dh) Aug 26 13:24:02.516817: | crypto helper 5 sending results from work-order 4 for state #3 to event queue Aug 26 13:24:02.516828: | scheduling resume sending helper answer for #3 Aug 26 13:24:02.516840: | libevent_malloc: new ptr-libevent@0x7f6178001f78 size 128 Aug 26 13:24:02.516868: | crypto helper 5 waiting (nothing to do) Aug 26 13:24:02.516900: | processing resume sending helper answer for #3 Aug 26 13:24:02.516933: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:02.516946: | crypto helper 5 replies to request ID 4 Aug 26 13:24:02.516955: | calling continuation function 0x56327dd4e9d0 Aug 26 13:24:02.516966: | ikev2_child_inR_continue for #3 STATE_V2_REKEY_CHILD_I Aug 26 13:24:02.516976: | TSi: parsing 1 traffic selectors Aug 26 13:24:02.516985: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:02.516995: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:02.517003: | IP Protocol ID: 0 (0x0) Aug 26 13:24:02.517012: | length: 16 (0x10) Aug 26 13:24:02.517019: | start port: 0 (0x0) Aug 26 13:24:02.517027: | end port: 65535 (0xffff) Aug 26 13:24:02.517037: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:02.517045: | TS low c0 00 01 00 Aug 26 13:24:02.517053: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:02.517061: | TS high c0 00 01 ff Aug 26 13:24:02.517069: | TSi: parsed 1 traffic selectors Aug 26 13:24:02.517077: | TSr: parsing 1 traffic selectors Aug 26 13:24:02.517085: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:02.517093: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:02.517100: | IP Protocol ID: 0 (0x0) Aug 26 13:24:02.517108: | length: 16 (0x10) Aug 26 13:24:02.517115: | start port: 0 (0x0) Aug 26 13:24:02.517123: | end port: 65535 (0xffff) Aug 26 13:24:02.517131: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:02.517138: | TS low c0 00 02 00 Aug 26 13:24:02.517146: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:02.517154: | TS high c0 00 02 ff Aug 26 13:24:02.517161: | TSr: parsed 1 traffic selectors Aug 26 13:24:02.517178: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:24:02.517193: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:02.517212: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:24:02.517222: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:24:02.517230: | TSi[0] port match: YES fitness 65536 Aug 26 13:24:02.517239: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:24:02.517249: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:02.517262: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:02.517278: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:24:02.517287: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:24:02.517322: | TSr[0] port match: YES fitness 65536 Aug 26 13:24:02.517331: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:24:02.517340: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:02.517349: | best fit so far: TSi[0] TSr[0] Aug 26 13:24:02.517356: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:24:02.517364: | printing contents struct traffic_selector Aug 26 13:24:02.517380: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:02.517388: | ipprotoid: 0 Aug 26 13:24:02.517396: | port range: 0-65535 Aug 26 13:24:02.517408: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:02.517415: | printing contents struct traffic_selector Aug 26 13:24:02.517423: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:02.517430: | ipprotoid: 0 Aug 26 13:24:02.517437: | port range: 0-65535 Aug 26 13:24:02.517448: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:02.517461: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:24:02.518018: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:24:02.518034: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:24:02.518043: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:02.518053: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:02.518062: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:02.518074: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:02.518084: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:02.518094: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:02.518103: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:02.518111: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:02.518125: | setting IPsec SA replay-window to 32 Aug 26 13:24:02.518134: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:02.518143: | netlink: enabling tunnel mode Aug 26 13:24:02.518152: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:02.518160: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:02.518328: | netlink response for Add SA esp.95f4fbca@192.1.2.23 included non-error error Aug 26 13:24:02.518361: | set up outgoing SA, ref=0/0 Aug 26 13:24:02.518373: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:02.518383: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:02.518390: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:02.518399: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:02.518410: | setting IPsec SA replay-window to 32 Aug 26 13:24:02.518419: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:02.518427: | netlink: enabling tunnel mode Aug 26 13:24:02.518435: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:02.518443: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:02.518559: | netlink response for Add SA esp.76b1c3bf@192.1.2.45 included non-error error Aug 26 13:24:02.518579: | set up incoming SA, ref=0/0 Aug 26 13:24:02.518593: | sr for #3: erouted Aug 26 13:24:02.518602: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:24:02.518611: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:02.518620: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:02.518628: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:02.518639: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:02.518650: | route_and_eroute with c: west (next: none) ero:west esr:{(nil)} ro:west rosr:{(nil)} and state: #3 Aug 26 13:24:02.518659: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:02.518683: | eroute_connection replace eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:24:02.518693: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:02.518746: | raw_eroute result=success Aug 26 13:24:02.518763: | route_and_eroute: firewall_notified: true Aug 26 13:24:02.518780: | route_and_eroute: instance "west", setting eroute_owner {spd=0x56327f92c848,sr=0x56327f92c848} to #3 (was #2) (newest_ipsec_sa=#2) Aug 26 13:24:02.518933: | #1 spent 0.899 milliseconds in install_ipsec_sa() Aug 26 13:24:02.518953: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #3 (was #2) (spd.eroute=#3) cloned from #1 Aug 26 13:24:02.518971: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:02.518982: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:02.518993: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:02.519008: "west" #3: rekeyed #2 STATE_V2_REKEY_CHILD_I and expire it remaining life 4s Aug 26 13:24:02.519017: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:02.519026: | libevent_free: release ptr-libevent@0x56327f9314f8 Aug 26 13:24:02.519034: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56327f937808 Aug 26 13:24:02.519044: | event_schedule: new EVENT_SA_EXPIRE-pe@0x56327f937808 Aug 26 13:24:02.519056: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #2 Aug 26 13:24:02.519066: | libevent_malloc: new ptr-libevent@0x56327f93f958 size 128 Aug 26 13:24:02.519086: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:02.519099: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_OK Aug 26 13:24:02.519109: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:24:02.519119: | child state #3: V2_REKEY_CHILD_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:24:02.519129: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:24:02.519145: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:24:02.519160: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:02.519169: | pstats #3 ikev2.child established Aug 26 13:24:02.519189: "west" #3: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:24:02.519200: | NAT-T: encaps is 'auto' Aug 26 13:24:02.519214: "west" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x95f4fbca <0x76b1c3bf xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:24:02.519223: | releasing whack for #3 (sock=fd@-1) Aug 26 13:24:02.519231: | releasing whack and unpending for parent #1 Aug 26 13:24:02.519240: | unpending state #1 connection "west" Aug 26 13:24:02.519253: | #3 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:02.519263: | event_schedule: new EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:24:02.519274: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #3 Aug 26 13:24:02.519282: | libevent_malloc: new ptr-libevent@0x56327f9316a8 size 128 Aug 26 13:24:02.519314: | #3 spent 2.33 milliseconds in resume sending helper answer Aug 26 13:24:02.519336: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:02.519347: | libevent_free: release ptr-libevent@0x7f6178001f78 Aug 26 13:24:03.520422: | timer_event_cb: processing event@0x56327f937808 Aug 26 13:24:03.520464: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:24:03.520484: | start processing: state #2 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:03.520495: | picked newest_ipsec_sa #3 for #2 Aug 26 13:24:03.520502: | CHILD SA expired (superseded by #3) Aug 26 13:24:03.520511: | pstats #2 ikev2.child deleted completed Aug 26 13:24:03.520523: | #2 spent 2.79 milliseconds in total Aug 26 13:24:03.520535: | [RE]START processing: state #2 connection "west" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:24:03.520546: "west" #2: deleting state (STATE_V2_IPSEC_I) aged 26.065s and sending notification Aug 26 13:24:03.520555: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:03.520568: | get_sa_info esp.eaac726c@192.1.2.23 Aug 26 13:24:03.520609: | get_sa_info esp.60a9462c@192.1.2.45 Aug 26 13:24:03.520629: "west" #2: ESP traffic information: in=336B out=336B Aug 26 13:24:03.520648: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:24:03.520656: | Opening output PBS informational exchange delete request Aug 26 13:24:03.520665: | **emit ISAKMP Message: Aug 26 13:24:03.520672: | initiator cookie: Aug 26 13:24:03.520679: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:03.520685: | responder cookie: Aug 26 13:24:03.520691: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:03.520699: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:03.520706: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:03.520713: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:03.520721: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:03.520727: | Message ID: 3 (0x3) Aug 26 13:24:03.520735: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:03.520743: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:03.520751: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:03.520757: | flags: none (0x0) Aug 26 13:24:03.520766: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:03.520773: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:03.520782: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:03.520802: | ****emit IKEv2 Delete Payload: Aug 26 13:24:03.520809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:03.520815: | flags: none (0x0) Aug 26 13:24:03.520821: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:03.520828: | SPI size: 4 (0x4) Aug 26 13:24:03.520834: | number of SPIs: 1 (0x1) Aug 26 13:24:03.520842: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:03.520850: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:03.520858: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:03.520864: | local spis 60 a9 46 2c Aug 26 13:24:03.520871: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:03.520878: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:03.520886: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:03.520894: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:03.520901: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:03.520907: | emitting length of ISAKMP Message: 69 Aug 26 13:24:03.520954: | sending 69 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) Aug 26 13:24:03.520962: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:03.520969: | 2e 20 25 08 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:03.520975: | d3 62 ae 30 a3 eb 58 2a c6 2c 14 b4 af 28 39 4c Aug 26 13:24:03.520981: | a7 b4 9f 97 64 0d 76 97 0d 61 94 82 e0 60 0f 2a Aug 26 13:24:03.520986: | 5e 0f 0c 0f 40 Aug 26 13:24:03.521595: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:24:03.521615: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:24:03.521628: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:24:03.521760: | delete esp.eaac726c@192.1.2.23 Aug 26 13:24:03.521815: | netlink response for Del SA esp.eaac726c@192.1.2.23 included non-error error Aug 26 13:24:03.521827: | delete esp.60a9462c@192.1.2.45 Aug 26 13:24:03.521892: | netlink response for Del SA esp.60a9462c@192.1.2.45 included non-error error Aug 26 13:24:03.521904: | in connection_discard for connection west Aug 26 13:24:03.521919: | State DB: deleting IKEv2 state #2 in V2_IPSEC_I Aug 26 13:24:03.521929: | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:03.521943: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:24:03.521969: | State DB: found IKEv2 state #3 in V2_IPSEC_I (v2_expire_unused_ike_sa) Aug 26 13:24:03.521976: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:24:03.521987: | libevent_free: release ptr-libevent@0x56327f93f958 Aug 26 13:24:03.521996: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x56327f937808 Aug 26 13:24:03.522003: | in statetime_stop() and could not find #2 Aug 26 13:24:03.522011: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:03.524556: | spent 0.00882 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:03.524620: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:03.524632: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:03.524640: | 2e 20 25 20 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:03.524647: | c7 fe fa 60 88 3d cd c4 7c 3e 44 9b 33 36 73 57 Aug 26 13:24:03.524653: | e6 5f c6 9f 8d f5 7b 84 9f 38 9d 85 bf 6b de 41 Aug 26 13:24:03.524660: | b6 16 f5 13 ab Aug 26 13:24:03.524672: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:03.524682: | **parse ISAKMP Message: Aug 26 13:24:03.524690: | initiator cookie: Aug 26 13:24:03.524696: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:03.524703: | responder cookie: Aug 26 13:24:03.524709: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:03.524717: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:03.524724: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:03.524731: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:03.524739: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:03.524746: | Message ID: 3 (0x3) Aug 26 13:24:03.524753: | length: 69 (0x45) Aug 26 13:24:03.524761: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:03.524770: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:03.524780: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:03.524796: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:03.524809: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:03.524816: | #1 is idle Aug 26 13:24:03.524822: | #1 idle Aug 26 13:24:03.524829: | unpacking clear payload Aug 26 13:24:03.524836: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:03.524843: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:03.524851: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:03.524857: | flags: none (0x0) Aug 26 13:24:03.524864: | length: 41 (0x29) Aug 26 13:24:03.524871: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:03.524879: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:24:03.524912: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:03.524921: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:03.524929: | **parse IKEv2 Delete Payload: Aug 26 13:24:03.524936: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:03.524943: | flags: none (0x0) Aug 26 13:24:03.524950: | length: 12 (0xc) Aug 26 13:24:03.524956: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:03.524963: | SPI size: 4 (0x4) Aug 26 13:24:03.524969: | number of SPIs: 1 (0x1) Aug 26 13:24:03.524976: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:03.524983: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:24:03.524990: | Now let's proceed with state specific processing Aug 26 13:24:03.524996: | calling processor I3: INFORMATIONAL Request Aug 26 13:24:03.525006: | an informational response Aug 26 13:24:03.525022: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:03.525029: | SPI ea ac 72 6c Aug 26 13:24:03.525037: | delete PROTO_v2_ESP SA(0xeaac726c) Aug 26 13:24:03.525044: | State DB: IKEv2 state not found (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:03.525054: "west" #1: received delete request for PROTO_v2_ESP SA(0xeaac726c) but corresponding state not found Aug 26 13:24:03.525069: | #1 spent 0.0592 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:03.525083: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:03.525092: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:24:03.525100: | Message ID: updating counters for #1 to 3 after switching state Aug 26 13:24:03.525113: | Message ID: recv #1 response 3; ike: initiator.sent=3 initiator.recv=2->3 responder.sent=-1 responder.recv=-1 wip.initiator=3->-1 wip.responder=-1 Aug 26 13:24:03.525125: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:03.525133: "west" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:03.525145: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:03.525157: | #1 spent 0.56 milliseconds in ikev2_process_packet() Aug 26 13:24:03.525169: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:03.525178: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:03.525186: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:03.525197: | spent 0.6 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:15.124616: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:15.124712: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:24:15.124734: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:15.124767: | get_sa_info esp.76b1c3bf@192.1.2.45 Aug 26 13:24:15.124833: | get_sa_info esp.95f4fbca@192.1.2.23 Aug 26 13:24:15.124926: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:15.124958: | spent 0.366 milliseconds in whack Aug 26 13:24:17.252343: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:17.252409: | expiring aged bare shunts from shunt table Aug 26 13:24:17.252439: | spent 0.0232 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:27.526417: | timer_event_cb: processing event@0x7f6188002b78 Aug 26 13:24:27.526469: | handling event EVENT_SA_REKEY for child state #3 Aug 26 13:24:27.526493: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:27.526509: | picked newest_ipsec_sa #3 for #3 Aug 26 13:24:27.526518: | rekeying stale CHILD SA Aug 26 13:24:27.526532: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:27.526541: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:27.526552: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:27.526570: | creating state object #4 at 0x56327f933e18 Aug 26 13:24:27.526579: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:24:27.526591: | pstats #4 ikev2.child started Aug 26 13:24:27.526600: | duplicating state object #1 "west" as #4 for IPSEC SA Aug 26 13:24:27.526616: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:27.526636: | Message ID: init_child #1.#4; ike: initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:27.526652: | suspend processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:27.526666: | start processing: state #4 connection "west" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:27.526692: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:27.526730: | using existing local ESP/AH proposals for west (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:27.526749: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 13:24:27.526760: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56327f937808 Aug 26 13:24:27.526772: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:24:27.526783: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:27.526800: | RESET processing: state #4 connection "west" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:27.526809: | scheduling drop-dead replace event for #3 Aug 26 13:24:27.526818: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6184002b78 Aug 26 13:24:27.526831: | inserting event EVENT_SA_REPLACE, timeout in 4.992742 seconds for #3 Aug 26 13:24:27.526840: | libevent_malloc: new ptr-libevent@0x7f6178001f78 size 128 Aug 26 13:24:27.526851: | libevent_free: release ptr-libevent@0x56327f9316a8 Aug 26 13:24:27.526860: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:24:27.526880: | #3 spent 0.465 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:27.526889: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:27.526907: | timer_event_cb: processing event@0x56327f937808 Aug 26 13:24:27.526916: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:24:27.526930: | start processing: state #4 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:27.526944: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:24:27.526954: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:27.526965: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:27.526974: | libevent_malloc: new ptr-libevent@0x56327f9316a8 size 128 Aug 26 13:24:27.527002: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:27.527018: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56327f937808 Aug 26 13:24:27.527037: | crypto helper 6 resuming Aug 26 13:24:27.527039: | #4 spent 0.127 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:27.527085: | crypto helper 6 starting work-order 5 for state #4 Aug 26 13:24:27.527115: | stop processing: state #4 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:24:27.527139: | crypto helper 6 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 13:24:27.529753: | crypto helper 6 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.002615 seconds Aug 26 13:24:27.529796: | (#4) spent 2.61 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:27.529808: | crypto helper 6 sending results from work-order 5 for state #4 to event queue Aug 26 13:24:27.529818: | scheduling resume sending helper answer for #4 Aug 26 13:24:27.529829: | libevent_malloc: new ptr-libevent@0x7f617c002888 size 128 Aug 26 13:24:27.529855: | crypto helper 6 waiting (nothing to do) Aug 26 13:24:27.529886: | processing resume sending helper answer for #4 Aug 26 13:24:27.529916: | start processing: state #4 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:24:27.529930: | crypto helper 6 replies to request ID 5 Aug 26 13:24:27.529938: | calling continuation function 0x56327dd4db50 Aug 26 13:24:27.529950: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:27.529969: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:27.529979: | libevent_free: release ptr-libevent@0x56327f9316a8 Aug 26 13:24:27.529989: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:27.529999: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:27.530011: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:24:27.530020: | libevent_malloc: new ptr-libevent@0x56327f9316a8 size 128 Aug 26 13:24:27.530036: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:27.530046: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:27.530055: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:27.530071: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:27.530083: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:27.530092: | suspending state #4 and saving MD Aug 26 13:24:27.530100: | #4 is busy; has a suspended MD Aug 26 13:24:27.530113: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:27.530124: | "west" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:27.530136: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:24:27.530152: | #4 spent 0.218 milliseconds in resume sending helper answer Aug 26 13:24:27.530165: | stop processing: state #4 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:24:27.530175: | libevent_free: release ptr-libevent@0x7f617c002888 Aug 26 13:24:27.530189: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:27.530203: | start processing: state #1 connection "west" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:24:27.530220: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:27.530234: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:27.530246: | start processing: state #4 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:27.530266: | **emit ISAKMP Message: Aug 26 13:24:27.530276: | initiator cookie: Aug 26 13:24:27.530285: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:27.530306: | responder cookie: Aug 26 13:24:27.530313: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:27.530322: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:27.530332: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:27.530340: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:27.530358: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:27.530367: | Message ID: 4 (0x4) Aug 26 13:24:27.530377: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:27.530387: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:27.530396: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.530404: | flags: none (0x0) Aug 26 13:24:27.530414: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:27.530424: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.530435: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:27.530501: | netlink_get_spi: allocated 0x82e76b78 for esp.0@192.1.2.45 Aug 26 13:24:27.530513: | Emitting ikev2_proposals ... Aug 26 13:24:27.530522: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:27.530536: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.530544: | flags: none (0x0) Aug 26 13:24:27.530555: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:27.530564: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.530572: | discarding INTEG=NONE Aug 26 13:24:27.530581: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:27.530589: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.530597: | prop #: 1 (0x1) Aug 26 13:24:27.530605: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:27.530613: | spi size: 4 (0x4) Aug 26 13:24:27.530621: | # transforms: 3 (0x3) Aug 26 13:24:27.530630: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:27.530641: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:27.530649: | our spi 82 e7 6b 78 Aug 26 13:24:27.530658: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.530666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.530674: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:27.530682: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:27.530692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.530701: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:27.530710: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:27.530718: | length/value: 256 (0x100) Aug 26 13:24:27.530728: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:27.530735: | discarding INTEG=NONE Aug 26 13:24:27.530743: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.530751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.530759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:27.530767: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.530777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.530787: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.530796: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.530804: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.530811: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:27.530820: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:27.530827: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:27.530837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.530846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.530855: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.530863: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:27.530872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:27.530880: | discarding INTEG=NONE Aug 26 13:24:27.530888: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:27.530896: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.530903: | prop #: 2 (0x2) Aug 26 13:24:27.530911: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:27.530919: | spi size: 4 (0x4) Aug 26 13:24:27.530926: | # transforms: 3 (0x3) Aug 26 13:24:27.530936: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.530950: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:27.530959: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:27.530967: | our spi 82 e7 6b 78 Aug 26 13:24:27.530975: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.530983: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.530991: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:27.530998: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:27.531007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531016: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:27.531024: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:27.531032: | length/value: 128 (0x80) Aug 26 13:24:27.531040: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:27.531048: | discarding INTEG=NONE Aug 26 13:24:27.531055: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:27.531079: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.531088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531113: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531121: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:27.531129: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:27.531137: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:27.531146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531164: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531172: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:27.531181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:27.531189: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:27.531197: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.531204: | prop #: 3 (0x3) Aug 26 13:24:27.531212: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:27.531219: | spi size: 4 (0x4) Aug 26 13:24:27.531227: | # transforms: 5 (0x5) Aug 26 13:24:27.531237: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.531246: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:27.531255: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:27.531262: | our spi 82 e7 6b 78 Aug 26 13:24:27.531270: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531286: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:27.531306: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:27.531315: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531323: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:27.531336: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:27.531349: | length/value: 256 (0x100) Aug 26 13:24:27.531358: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:27.531366: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531374: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531382: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:27.531390: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:27.531399: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531425: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531432: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531440: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:27.531448: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:27.531457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531474: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531482: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:27.531506: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.531515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531540: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531548: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:27.531556: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:27.531564: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:27.531573: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531582: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531590: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531598: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:27.531607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:27.531615: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:27.531623: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:27.531631: | prop #: 4 (0x4) Aug 26 13:24:27.531639: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:27.531646: | spi size: 4 (0x4) Aug 26 13:24:27.531653: | # transforms: 5 (0x5) Aug 26 13:24:27.531663: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:27.531672: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:27.531681: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:27.531689: | our spi 82 e7 6b 78 Aug 26 13:24:27.531700: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531716: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:27.531724: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:27.531733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531741: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:27.531749: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:27.531757: | length/value: 128 (0x80) Aug 26 13:24:27.531765: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:27.531773: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531788: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:27.531796: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:27.531806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531823: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531831: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531846: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:27.531854: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:27.531863: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531880: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531888: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531903: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:27.531911: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.531921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531938: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.531945: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:27.531953: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:27.531961: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:27.531969: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:27.531978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.531987: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:27.531995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:27.532003: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:27.532012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:27.532020: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:27.532029: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:27.532044: | #4 initiate rekey request for "west" #3 SPI 0x76b1c3bf TSi TSr Aug 26 13:24:27.532053: | printing contents struct traffic_selector Aug 26 13:24:27.532060: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:27.532068: | ipprotoid: 0 Aug 26 13:24:27.532075: | port range: 0-65535 Aug 26 13:24:27.532089: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:27.532096: | printing contents struct traffic_selector Aug 26 13:24:27.532104: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:27.532111: | ipprotoid: 0 Aug 26 13:24:27.532118: | port range: 0-65535 Aug 26 13:24:27.532129: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:27.532137: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:27.532145: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.532153: | flags: none (0x0) Aug 26 13:24:27.532163: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:27.532172: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.532182: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:27.532191: | IKEv2 nonce 13 58 7f 2e 90 60 05 bc 4c 85 13 94 7c e6 b2 84 Aug 26 13:24:27.532199: | IKEv2 nonce a3 7e c2 01 05 d2 02 3b 25 2a 37 f1 62 69 b4 b6 Aug 26 13:24:27.532207: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:27.532215: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:27.532223: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.532231: | flags: none (0x0) Aug 26 13:24:27.532238: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.532248: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:27.532257: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.532267: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:27.532275: | ikev2 g^x f8 ac 2b 98 5b b3 54 17 d5 7a 1b 6d c9 61 2b 40 Aug 26 13:24:27.532283: | ikev2 g^x 1d 4c 05 7b 69 f3 ea 73 d4 ba 2a 34 72 06 cc ee Aug 26 13:24:27.532321: | ikev2 g^x 10 1f 69 a3 24 d6 37 f4 ff ee dd 01 fc 4f c2 96 Aug 26 13:24:27.532342: | ikev2 g^x 1f 61 40 c5 f4 86 31 c6 80 26 2b 73 75 97 b9 5f Aug 26 13:24:27.532355: | ikev2 g^x e6 23 2a 80 28 4c f0 48 57 07 47 e8 4c 1b 81 a0 Aug 26 13:24:27.532366: | ikev2 g^x e4 35 ed 5d de bd 9f d3 3b f9 e4 0c 05 6d 57 76 Aug 26 13:24:27.532379: | ikev2 g^x 2c c1 3e cf de e9 05 c3 1c 32 1e 00 b6 04 4e f5 Aug 26 13:24:27.532391: | ikev2 g^x bc 5e df 50 30 4c c1 1a 3e 1b ad 44 77 71 1d 74 Aug 26 13:24:27.532403: | ikev2 g^x 3a 0a c7 c7 8a cc b1 f1 4b 54 71 a6 b3 0f c0 e7 Aug 26 13:24:27.532416: | ikev2 g^x 15 4a 86 51 6d 6f aa 59 8c 75 77 f5 a8 7f 59 8c Aug 26 13:24:27.532428: | ikev2 g^x d8 a1 25 bb 16 20 92 9c 5c ca 9b 21 ec 88 f1 e2 Aug 26 13:24:27.532458: | ikev2 g^x a3 67 9c 56 57 7b c5 ac c9 73 ba 37 e4 a2 48 85 Aug 26 13:24:27.532471: | ikev2 g^x 82 6b 82 18 04 c6 df 18 92 f1 0a 7a f8 3a 54 31 Aug 26 13:24:27.532484: | ikev2 g^x 72 df 97 81 e8 8f 78 a0 b7 90 7f e1 3a 57 05 f6 Aug 26 13:24:27.532494: | ikev2 g^x f4 96 c5 91 a0 32 9e ac f0 ca 46 67 57 f5 b8 c4 Aug 26 13:24:27.532506: | ikev2 g^x 6b 53 73 96 1f 2c 06 8e 4b 88 81 69 18 37 c5 39 Aug 26 13:24:27.532522: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:27.532536: | Adding a v2N Payload Aug 26 13:24:27.532549: | ****emit IKEv2 Notify Payload: Aug 26 13:24:27.532560: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.532573: | flags: none (0x0) Aug 26 13:24:27.532587: | Protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:27.532598: | SPI size: 4 (0x4) Aug 26 13:24:27.532611: | Notify Message Type: v2N_REKEY_SA (0x4009) Aug 26 13:24:27.532627: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:27.532651: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.532663: | emitting 4 raw bytes of SPI into IKEv2 Notify Payload Aug 26 13:24:27.532671: | SPI 76 b1 c3 bf Aug 26 13:24:27.532679: | emitting length of IKEv2 Notify Payload: 12 Aug 26 13:24:27.532688: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:27.532696: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.532704: | flags: none (0x0) Aug 26 13:24:27.532711: | number of TS: 1 (0x1) Aug 26 13:24:27.532722: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:24:27.532731: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.532739: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:27.532748: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:27.532756: | IP Protocol ID: 0 (0x0) Aug 26 13:24:27.532763: | start port: 0 (0x0) Aug 26 13:24:27.532772: | end port: 65535 (0xffff) Aug 26 13:24:27.532782: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:27.532790: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:27.532799: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:27.532807: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:27.532815: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:27.532823: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 48 Aug 26 13:24:27.532831: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:27.532839: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.532846: | flags: none (0x0) Aug 26 13:24:27.532854: | number of TS: 1 (0x1) Aug 26 13:24:27.532864: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:24:27.532873: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:27.532881: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:27.532888: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:27.532896: | IP Protocol ID: 0 (0x0) Aug 26 13:24:27.532904: | start port: 0 (0x0) Aug 26 13:24:27.532911: | end port: 65535 (0xffff) Aug 26 13:24:27.532920: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:27.532928: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:27.532936: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:27.532944: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:27.532952: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:27.532960: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 48 Aug 26 13:24:27.532969: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:24:27.532978: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:27.532988: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:27.532998: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:27.533006: | emitting length of IKEv2 Encryption Payload: 633 Aug 26 13:24:27.533014: | emitting length of ISAKMP Message: 661 Aug 26 13:24:27.533062: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:27.533075: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_OK Aug 26 13:24:27.533085: | IKEv2: transition from state STATE_V2_REKEY_CHILD_I0 to state STATE_V2_REKEY_CHILD_I Aug 26 13:24:27.533096: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => V2_REKEY_CHILD_I(established IKE SA) Aug 26 13:24:27.533110: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:24:27.533120: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:27.533136: | Message ID: sent #1.#4 request 4; ike: initiator.sent=3->4 initiator.recv=3 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->4 wip.responder=-1 Aug 26 13:24:27.533146: "west" #4: STATE_V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:27.533161: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:27.533179: | sending 661 bytes for STATE_V2_REKEY_CHILD_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:27.533188: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:27.533196: | 2e 20 24 08 00 00 00 04 00 00 02 95 21 00 02 79 Aug 26 13:24:27.533203: | 9c 53 ea 7c 43 af 6b cb b4 e7 c3 28 e7 ab 11 af Aug 26 13:24:27.533211: | 1b 78 65 7c e2 85 e1 36 49 41 cf fc db 87 c4 37 Aug 26 13:24:27.533218: | 8c d7 11 24 f0 54 93 3e c0 bd 28 af fb 63 08 b8 Aug 26 13:24:27.533226: | 9f 01 88 11 d6 ab 53 2b 93 8a 29 a3 bf 5b e2 3f Aug 26 13:24:27.533233: | 65 50 df 43 21 d5 4b 8e 7c 9c 3b 5d d4 b6 5d 8d Aug 26 13:24:27.533240: | 65 1f df 64 ef 17 18 ae 2f 60 c0 59 57 aa 0a 0e Aug 26 13:24:27.533248: | fd c7 1a 50 20 82 d2 18 1d c9 de 13 e8 04 b2 64 Aug 26 13:24:27.533255: | aa 06 44 ff 1a 63 ee e8 2a 9e bf a9 69 00 d8 3c Aug 26 13:24:27.533262: | 51 07 4e 46 fe 39 14 d4 d6 9d b7 f1 3e 61 a9 59 Aug 26 13:24:27.533270: | d7 eb 2b 50 25 03 9e 5b b8 5e c6 aa 4d f6 2b e4 Aug 26 13:24:27.533277: | ec 9c 47 1c 4e 7c 53 eb 66 31 35 d2 93 36 be 0f Aug 26 13:24:27.533284: | 43 85 7b 80 bf c0 05 0c 5c b8 64 e8 e1 75 57 47 Aug 26 13:24:27.533302: | 62 23 96 a7 0e 78 69 7b ac dd ff 44 ca 8f 00 49 Aug 26 13:24:27.533310: | 4c e2 59 95 b5 7a 03 06 99 37 cc fd 4f 6b 47 9c Aug 26 13:24:27.533317: | b1 61 44 a1 70 66 bd 88 7a 9f c3 e1 3b 6e e2 ab Aug 26 13:24:27.533325: | f9 c8 af 94 ac 2b 57 ed 9c e7 eb dd 35 54 a5 6c Aug 26 13:24:27.533332: | 05 79 28 70 11 cd be 71 f9 25 99 f3 09 2d 8e f2 Aug 26 13:24:27.533348: | 72 7a 4f 3e 88 73 8d 52 a6 a6 d4 ff 77 ee a8 90 Aug 26 13:24:27.533356: | 3e c4 af 54 7e 9f c9 f7 f0 18 bb f2 63 8b bb 35 Aug 26 13:24:27.533363: | aa 38 b0 88 95 58 74 0e 5f 9d 19 3a fa b9 fc ab Aug 26 13:24:27.533370: | e8 6c f0 73 06 41 d0 10 d8 ff ff 4b fe 6b b1 68 Aug 26 13:24:27.533378: | 79 1b 9d 96 1e 03 fb 36 1d ff 18 71 18 4f 25 af Aug 26 13:24:27.533385: | ba 9f 1d e8 a0 79 82 50 5a 22 ec d9 21 c5 78 34 Aug 26 13:24:27.533393: | 0e 4b c8 44 25 66 cf ca 4b 46 dd 26 10 c1 34 68 Aug 26 13:24:27.533400: | 73 ab a3 ee 4e 1e c6 3b 4a c8 42 cf ac 8a c5 a8 Aug 26 13:24:27.533407: | 75 79 d7 d0 ce ba ee 7a be 9f 6d c4 6f df 31 3b Aug 26 13:24:27.533415: | 0a 29 40 9b 2a e4 cc 00 98 8e d1 43 f3 e8 19 bd Aug 26 13:24:27.533422: | 7b c9 45 7d eb 36 83 98 ea 7f 64 53 f3 52 59 6f Aug 26 13:24:27.533430: | e1 05 ad e0 4c 35 fd 19 7b 5e 1e 65 fa 90 dd 21 Aug 26 13:24:27.533437: | 12 56 01 56 b7 be 36 48 32 b1 ff a8 2d a7 c2 4f Aug 26 13:24:27.533444: | e8 fe ba 2f 85 67 81 3a e4 ed b5 73 b6 e4 9b 73 Aug 26 13:24:27.533452: | 8f 0a 67 2c 25 76 5f 6b 66 be 26 14 d3 86 8d ef Aug 26 13:24:27.533459: | c8 ee 94 f0 cb f5 ca 6d 84 ee 98 c0 88 fb 84 72 Aug 26 13:24:27.533467: | 6a 6c a4 a0 92 d1 6a ad 00 b1 1e dd 1f 69 52 26 Aug 26 13:24:27.533474: | 51 3a 1a 6f 5d 76 24 46 c6 64 f7 64 19 79 1c d6 Aug 26 13:24:27.533481: | d9 8d 6c 0a 3a 92 c5 12 df 91 f4 19 f6 c0 a5 3d Aug 26 13:24:27.533489: | 7d 51 35 db 92 4c bc 8e ad b9 d2 b8 93 05 c2 78 Aug 26 13:24:27.533496: | 37 67 6f 63 b5 ad 52 ee a6 c0 53 2f 5c 90 a5 fb Aug 26 13:24:27.533503: | 49 58 61 8b 17 e4 c7 0f 7f a1 ce 43 2c a8 73 88 Aug 26 13:24:27.533511: | b4 95 a7 6a 4d Aug 26 13:24:27.533609: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:27.533630: | libevent_free: release ptr-libevent@0x56327f9316a8 Aug 26 13:24:27.533641: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:27.533650: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:24:27.533663: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:27.533676: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:24:27.533685: | libevent_malloc: new ptr-libevent@0x56327f93f958 size 128 Aug 26 13:24:27.533701: | #4 STATE_V2_REKEY_CHILD_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11153.276126 Aug 26 13:24:27.533718: | stop processing: state #4 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:27.533732: | resume processing: state #1 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:27.533748: | #1 spent 3.43 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:27.533761: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:24:27.533770: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:27.546637: | spent 0.00989 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:27.546714: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:27.546728: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:27.546738: | 2e 20 24 20 00 00 00 04 00 00 01 c1 21 00 01 a5 Aug 26 13:24:27.546746: | c6 3f e5 30 27 2d fa 38 1f 30 5a 7f ec 59 23 1d Aug 26 13:24:27.546754: | 0a 25 48 87 26 05 ec ad dc a8 0e c8 1d b7 59 06 Aug 26 13:24:27.546762: | 6d 65 1d 1a 72 d2 2e ba d2 f7 75 3c df 81 79 2a Aug 26 13:24:27.546770: | e4 cb 14 f4 ab 01 da 8d 22 c8 9b e1 01 c1 37 af Aug 26 13:24:27.546778: | f9 d5 3b 96 a4 66 d3 13 1a 7b 27 7b 0c 49 b8 ef Aug 26 13:24:27.546786: | 2f d4 11 36 12 f5 cf 4a 95 4c 4f 81 62 10 26 b2 Aug 26 13:24:27.546794: | 10 f9 35 f4 07 80 06 c1 20 73 98 3a d8 a0 a1 b7 Aug 26 13:24:27.546802: | 5d 1a fa b3 d2 60 1e 12 24 b5 6c 03 1f dd d2 63 Aug 26 13:24:27.546810: | de b2 c3 be 3c 72 42 1c 73 a4 87 e5 44 36 82 c2 Aug 26 13:24:27.546817: | ef ed ed b0 26 7f d9 55 4f 85 f7 3e c7 86 5c f4 Aug 26 13:24:27.546825: | 4f b2 f4 a7 98 72 63 09 65 6c 17 39 2c 09 6c 54 Aug 26 13:24:27.546833: | ea 01 0d 9f 00 6c ed c9 a7 b3 48 06 19 ff e0 71 Aug 26 13:24:27.546841: | 17 a4 5a 09 dd 63 7f 7f f0 fd b6 3b a6 de fd 93 Aug 26 13:24:27.546849: | a5 20 77 86 8f d1 69 6a d9 37 9a 3e b1 c5 c2 3b Aug 26 13:24:27.546857: | 6d cf 47 26 58 ce 5d 6a e8 a6 79 8c 0d fa e7 b5 Aug 26 13:24:27.546865: | b1 c5 dd e7 41 c2 f4 70 ec a6 95 7c 9b 58 4f 5a Aug 26 13:24:27.546873: | 75 d3 5f d1 e9 d5 9e 38 85 93 63 67 60 99 63 49 Aug 26 13:24:27.546880: | 64 2b 23 37 aa 8a 6e 6a c9 53 42 65 7f 8a b9 34 Aug 26 13:24:27.546888: | a2 87 b2 4a a7 fc fb ca 85 eb f4 66 d2 e6 98 01 Aug 26 13:24:27.546896: | 69 5d 25 2f 21 7d aa 6f 08 80 f5 e0 fc 69 10 f6 Aug 26 13:24:27.546904: | b8 ff ac 8a d5 20 e8 a3 3e b6 88 b2 3d 01 88 e5 Aug 26 13:24:27.546912: | bf f5 9d 5d f4 15 6e f3 30 50 91 e6 f0 96 49 8e Aug 26 13:24:27.546920: | f4 b2 65 6e ec eb 07 51 6d 60 f2 54 ac f7 2b c1 Aug 26 13:24:27.546927: | d2 75 e4 24 e2 1f f3 cf ce 78 07 07 7b 94 b1 9b Aug 26 13:24:27.546935: | 30 f2 e8 6f c6 37 e7 e9 e7 ea 91 62 a2 d0 77 e7 Aug 26 13:24:27.546943: | f4 1a e3 ef 5a ae 1a de 6f ed 1a 62 65 d7 10 1b Aug 26 13:24:27.546950: | 44 Aug 26 13:24:27.546965: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:27.546977: | **parse ISAKMP Message: Aug 26 13:24:27.546987: | initiator cookie: Aug 26 13:24:27.546994: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:27.547003: | responder cookie: Aug 26 13:24:27.547010: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:27.547030: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:27.547040: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:27.547049: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:27.547058: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:27.547067: | Message ID: 4 (0x4) Aug 26 13:24:27.547076: | length: 449 (0x1c1) Aug 26 13:24:27.547086: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:27.547098: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:27.547110: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:27.547130: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:27.547142: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:27.547158: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:27.547172: | start processing: state #4 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:27.547181: | #4 is idle Aug 26 13:24:27.547189: | #4 idle Aug 26 13:24:27.547197: | unpacking clear payload Aug 26 13:24:27.547205: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:27.547215: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:27.547225: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:27.547233: | flags: none (0x0) Aug 26 13:24:27.547242: | length: 421 (0x1a5) Aug 26 13:24:27.547251: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:24:27.547260: | #4 in state V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:27.547322: | #4 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:27.547341: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:27.547351: | **parse IKEv2 Security Association Payload: Aug 26 13:24:27.547360: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:27.547368: | flags: none (0x0) Aug 26 13:24:27.547376: | length: 44 (0x2c) Aug 26 13:24:27.547385: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:24:27.547392: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:27.547401: | **parse IKEv2 Nonce Payload: Aug 26 13:24:27.547409: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:27.547416: | flags: none (0x0) Aug 26 13:24:27.547424: | length: 36 (0x24) Aug 26 13:24:27.547432: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:27.547439: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:27.547448: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:27.547456: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:24:27.547464: | flags: none (0x0) Aug 26 13:24:27.547472: | length: 264 (0x108) Aug 26 13:24:27.547480: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.547488: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:27.547496: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:24:27.547505: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:27.547513: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:24:27.547521: | flags: none (0x0) Aug 26 13:24:27.547528: | length: 24 (0x18) Aug 26 13:24:27.547536: | number of TS: 1 (0x1) Aug 26 13:24:27.547545: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:24:27.547552: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:24:27.547561: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:27.547569: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:27.547576: | flags: none (0x0) Aug 26 13:24:27.547584: | length: 24 (0x18) Aug 26 13:24:27.547591: | number of TS: 1 (0x1) Aug 26 13:24:27.547599: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:24:27.547610: | state #4 forced to match CREATE_CHILD_SA from V2_CREATE_I->V2_IPSEC_I by ignoring from state Aug 26 13:24:27.547619: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:27.547649: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:27.547659: | forcing ST #4 to CHILD #1.#4 in FSM processor Aug 26 13:24:27.547667: | Now let's proceed with state specific processing Aug 26 13:24:27.547675: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:27.547712: | using existing local ESP/AH proposals for west (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:27.547724: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:24:27.547734: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:27.547742: | local proposal 1 type PRF has 0 transforms Aug 26 13:24:27.547751: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:27.547759: | local proposal 1 type DH has 1 transforms Aug 26 13:24:27.547767: | local proposal 1 type ESN has 1 transforms Aug 26 13:24:27.547777: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:27.547785: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:27.547793: | local proposal 2 type PRF has 0 transforms Aug 26 13:24:27.547801: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:27.547809: | local proposal 2 type DH has 1 transforms Aug 26 13:24:27.547817: | local proposal 2 type ESN has 1 transforms Aug 26 13:24:27.547826: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:27.547834: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:27.547842: | local proposal 3 type PRF has 0 transforms Aug 26 13:24:27.547850: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:27.547858: | local proposal 3 type DH has 1 transforms Aug 26 13:24:27.547865: | local proposal 3 type ESN has 1 transforms Aug 26 13:24:27.547875: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:27.547883: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:27.547891: | local proposal 4 type PRF has 0 transforms Aug 26 13:24:27.547899: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:27.547907: | local proposal 4 type DH has 1 transforms Aug 26 13:24:27.547914: | local proposal 4 type ESN has 1 transforms Aug 26 13:24:27.547923: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:27.547933: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:27.547941: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:27.547949: | length: 40 (0x28) Aug 26 13:24:27.547957: | prop #: 1 (0x1) Aug 26 13:24:27.547965: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:27.547973: | spi size: 4 (0x4) Aug 26 13:24:27.547980: | # transforms: 3 (0x3) Aug 26 13:24:27.547991: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:27.547999: | remote SPI 04 f2 a8 21 Aug 26 13:24:27.548009: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:27.548018: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:27.548027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.548034: | length: 12 (0xc) Aug 26 13:24:27.548042: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:27.548051: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:27.548059: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:27.548068: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:27.548076: | length/value: 256 (0x100) Aug 26 13:24:27.548089: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:27.548103: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:27.548111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:27.548119: | length: 8 (0x8) Aug 26 13:24:27.548127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:27.548135: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:27.548146: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:27.548154: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:27.548162: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:27.548170: | length: 8 (0x8) Aug 26 13:24:27.548177: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:27.548185: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:27.548196: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:24:27.548207: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:24:27.548221: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:24:27.548229: | remote proposal 1 matches local proposal 1 Aug 26 13:24:27.548239: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:24:27.548255: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=04f2a821;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:24:27.548264: | converting proposal to internal trans attrs Aug 26 13:24:27.548279: | updating #4's .st_oakley with preserved PRF, but why update? Aug 26 13:24:27.548306: | adding ikev2 Child Rekey SA initiator pfs=yes work-order 6 for state #4 Aug 26 13:24:27.548328: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:27.548341: | #4 STATE_V2_REKEY_CHILD_I: retransmits: cleared Aug 26 13:24:27.548353: | libevent_free: release ptr-libevent@0x56327f93f958 Aug 26 13:24:27.548364: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:27.548374: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:27.548386: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:27.548396: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:27.548431: | #4 spent 0.73 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:24:27.548450: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:27.548462: | #4 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:24:27.548471: | suspending state #4 and saving MD Aug 26 13:24:27.548479: | #4 is busy; has a suspended MD Aug 26 13:24:27.548493: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:27.548504: | "west" #4 complete v2 state STATE_V2_REKEY_CHILD_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:27.548536: | stop processing: state #4 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:27.548494: | crypto helper 4 resuming Aug 26 13:24:27.548592: | crypto helper 4 starting work-order 6 for state #4 Aug 26 13:24:27.548556: | #1 spent 1.85 milliseconds in ikev2_process_packet() Aug 26 13:24:27.548618: | crypto helper 4 doing crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 6 Aug 26 13:24:27.548638: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:27.548651: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:27.548660: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:27.548674: | spent 1.94 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:27.550563: | crypto helper 4 finished crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 6 time elapsed 0.001947 seconds Aug 26 13:24:27.550593: | (#4) spent 1.95 milliseconds in crypto helper computing work-order 6: ikev2 Child Rekey SA initiator pfs=yes (dh) Aug 26 13:24:27.550601: | crypto helper 4 sending results from work-order 6 for state #4 to event queue Aug 26 13:24:27.550608: | scheduling resume sending helper answer for #4 Aug 26 13:24:27.550616: | libevent_malloc: new ptr-libevent@0x7f6170001f78 size 128 Aug 26 13:24:27.550633: | crypto helper 4 waiting (nothing to do) Aug 26 13:24:27.550690: | processing resume sending helper answer for #4 Aug 26 13:24:27.550721: | start processing: state #4 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:24:27.550733: | crypto helper 4 replies to request ID 6 Aug 26 13:24:27.550739: | calling continuation function 0x56327dd4e9d0 Aug 26 13:24:27.550747: | ikev2_child_inR_continue for #4 STATE_V2_REKEY_CHILD_I Aug 26 13:24:27.550754: | TSi: parsing 1 traffic selectors Aug 26 13:24:27.550761: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:27.550767: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:27.550773: | IP Protocol ID: 0 (0x0) Aug 26 13:24:27.550779: | length: 16 (0x10) Aug 26 13:24:27.550784: | start port: 0 (0x0) Aug 26 13:24:27.550789: | end port: 65535 (0xffff) Aug 26 13:24:27.550796: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:27.550801: | TS low c0 00 01 00 Aug 26 13:24:27.550807: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:27.550812: | TS high c0 00 01 ff Aug 26 13:24:27.550818: | TSi: parsed 1 traffic selectors Aug 26 13:24:27.550823: | TSr: parsing 1 traffic selectors Aug 26 13:24:27.550829: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:27.550834: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:27.550839: | IP Protocol ID: 0 (0x0) Aug 26 13:24:27.550844: | length: 16 (0x10) Aug 26 13:24:27.550849: | start port: 0 (0x0) Aug 26 13:24:27.550855: | end port: 65535 (0xffff) Aug 26 13:24:27.550860: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:27.550865: | TS low c0 00 02 00 Aug 26 13:24:27.550870: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:27.550875: | TS high c0 00 02 ff Aug 26 13:24:27.550880: | TSr: parsed 1 traffic selectors Aug 26 13:24:27.550892: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:24:27.550902: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:27.550915: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:24:27.550922: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:24:27.550928: | TSi[0] port match: YES fitness 65536 Aug 26 13:24:27.550934: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:24:27.550941: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:27.550950: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:27.550960: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:24:27.550967: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:24:27.550972: | TSr[0] port match: YES fitness 65536 Aug 26 13:24:27.550977: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:24:27.550984: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:27.550989: | best fit so far: TSi[0] TSr[0] Aug 26 13:24:27.550994: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:24:27.550999: | printing contents struct traffic_selector Aug 26 13:24:27.551005: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:27.551010: | ipprotoid: 0 Aug 26 13:24:27.551015: | port range: 0-65535 Aug 26 13:24:27.551023: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:27.551028: | printing contents struct traffic_selector Aug 26 13:24:27.551040: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:27.551045: | ipprotoid: 0 Aug 26 13:24:27.551050: | port range: 0-65535 Aug 26 13:24:27.551057: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:27.551066: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:24:27.551425: | install_ipsec_sa() for #4: inbound and outbound Aug 26 13:24:27.551448: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:24:27.551454: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:27.551461: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:27.551467: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:27.551475: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:27.551482: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:27.551489: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:27.551495: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:27.551501: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:27.551509: | setting IPsec SA replay-window to 32 Aug 26 13:24:27.551515: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:27.551521: | netlink: enabling tunnel mode Aug 26 13:24:27.551527: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:27.551533: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:27.551645: | netlink response for Add SA esp.4f2a821@192.1.2.23 included non-error error Aug 26 13:24:27.551656: | set up outgoing SA, ref=0/0 Aug 26 13:24:27.551663: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:27.551669: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:27.551675: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:27.551681: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:27.551693: | setting IPsec SA replay-window to 32 Aug 26 13:24:27.551706: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:27.551717: | netlink: enabling tunnel mode Aug 26 13:24:27.551729: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:27.551739: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:27.551852: | netlink response for Add SA esp.82e76b78@192.1.2.45 included non-error error Aug 26 13:24:27.551871: | set up incoming SA, ref=0/0 Aug 26 13:24:27.551882: | sr for #4: erouted Aug 26 13:24:27.551893: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:24:27.551903: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:27.551915: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:27.551927: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:27.551941: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:27.551955: | route_and_eroute with c: west (next: none) ero:west esr:{(nil)} ro:west rosr:{(nil)} and state: #4 Aug 26 13:24:27.551967: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:27.551999: | eroute_connection replace eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:24:27.552013: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:27.552064: | raw_eroute result=success Aug 26 13:24:27.552075: | route_and_eroute: firewall_notified: true Aug 26 13:24:27.552083: | route_and_eroute: instance "west", setting eroute_owner {spd=0x56327f92c848,sr=0x56327f92c848} to #4 (was #3) (newest_ipsec_sa=#3) Aug 26 13:24:27.552208: | #1 spent 0.776 milliseconds in install_ipsec_sa() Aug 26 13:24:27.552231: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #4 (was #3) (spd.eroute=#4) cloned from #1 Aug 26 13:24:27.552244: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:27.552257: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:27.552271: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:27.552308: "west" #4: rekeyed #3 STATE_V2_REKEY_CHILD_I and expire it remaining life 3s Aug 26 13:24:27.552331: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:27.552344: | libevent_free: release ptr-libevent@0x7f6178001f78 Aug 26 13:24:27.552357: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6184002b78 Aug 26 13:24:27.552369: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f6184002b78 Aug 26 13:24:27.552384: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #3 Aug 26 13:24:27.552397: | libevent_malloc: new ptr-libevent@0x56327f93f958 size 128 Aug 26 13:24:27.552424: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:27.552445: | #4 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_OK Aug 26 13:24:27.552458: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:24:27.552472: | child state #4: V2_REKEY_CHILD_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:24:27.552485: | Message ID: updating counters for #4 to 4 after switching state Aug 26 13:24:27.552503: | Message ID: recv #1.#4 response 4; ike: initiator.sent=4 initiator.recv=3->4 responder.sent=-1 responder.recv=-1; child: wip.initiator=4->-1 wip.responder=-1 Aug 26 13:24:27.552515: | Message ID: #1.#4 skipping update_send as nothing to send; initiator.sent=4 initiator.recv=4 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:27.552521: | pstats #4 ikev2.child established Aug 26 13:24:27.552536: "west" #4: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:24:27.552543: | NAT-T: encaps is 'auto' Aug 26 13:24:27.552552: "west" #4: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x04f2a821 <0x82e76b78 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:24:27.552559: | releasing whack for #4 (sock=fd@-1) Aug 26 13:24:27.552564: | releasing whack and unpending for parent #1 Aug 26 13:24:27.552570: | unpending state #1 connection "west" Aug 26 13:24:27.552579: | #4 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:27.552586: | event_schedule: new EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:24:27.552593: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #4 Aug 26 13:24:27.552600: | libevent_malloc: new ptr-libevent@0x7f617c002888 size 128 Aug 26 13:24:27.552614: | #4 spent 1.86 milliseconds in resume sending helper answer Aug 26 13:24:27.552625: | stop processing: state #4 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:24:27.552632: | libevent_free: release ptr-libevent@0x7f6170001f78 Aug 26 13:24:28.553675: | timer_event_cb: processing event@0x7f6184002b78 Aug 26 13:24:28.553702: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 13:24:28.553709: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:28.553712: | picked newest_ipsec_sa #4 for #3 Aug 26 13:24:28.553713: | CHILD SA expired (superseded by #4) Aug 26 13:24:28.553716: | pstats #3 ikev2.child deleted completed Aug 26 13:24:28.553719: | #3 spent 9.85 milliseconds in total Aug 26 13:24:28.553722: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:24:28.553726: "west" #3: deleting state (STATE_V2_IPSEC_I) aged 26.063s and sending notification Aug 26 13:24:28.553728: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:28.553731: | get_sa_info esp.95f4fbca@192.1.2.23 Aug 26 13:24:28.553745: | get_sa_info esp.76b1c3bf@192.1.2.45 Aug 26 13:24:28.553751: "west" #3: ESP traffic information: in=336B out=336B Aug 26 13:24:28.553754: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:24:28.553756: | Opening output PBS informational exchange delete request Aug 26 13:24:28.553759: | **emit ISAKMP Message: Aug 26 13:24:28.553763: | initiator cookie: Aug 26 13:24:28.553765: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:28.553766: | responder cookie: Aug 26 13:24:28.553768: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:28.553770: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:28.553772: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:28.553774: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:28.553776: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:28.553778: | Message ID: 5 (0x5) Aug 26 13:24:28.553780: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:28.553782: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:28.553784: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:28.553785: | flags: none (0x0) Aug 26 13:24:28.553788: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:28.553789: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:28.553792: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:28.553800: | ****emit IKEv2 Delete Payload: Aug 26 13:24:28.553801: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:28.553803: | flags: none (0x0) Aug 26 13:24:28.553805: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:28.553806: | SPI size: 4 (0x4) Aug 26 13:24:28.553808: | number of SPIs: 1 (0x1) Aug 26 13:24:28.553810: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:28.553812: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:28.553814: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:28.553815: | local spis 76 b1 c3 bf Aug 26 13:24:28.553817: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:28.553819: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:28.553821: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:28.553823: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:28.553825: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:28.553826: | emitting length of ISAKMP Message: 69 Aug 26 13:24:28.553845: | sending 69 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) Aug 26 13:24:28.553848: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:28.553849: | 2e 20 25 08 00 00 00 05 00 00 00 45 2a 00 00 29 Aug 26 13:24:28.553851: | c2 ca 95 f5 42 ce 8e 02 d8 66 9e 32 dd 53 77 00 Aug 26 13:24:28.553852: | d8 6a 02 ca cb b2 fc 7c 88 bc 70 fc c7 97 4e ea Aug 26 13:24:28.553854: | 9a df 40 f1 2e Aug 26 13:24:28.554116: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:24:28.554120: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 13:24:28.554123: | Message ID: sent #1 request 5; ike: initiator.sent=4->5 initiator.recv=4 responder.sent=-1 responder.recv=-1 wip.initiator=-1->5 wip.responder=-1 Aug 26 13:24:28.554210: | delete esp.95f4fbca@192.1.2.23 Aug 26 13:24:28.554235: | netlink response for Del SA esp.95f4fbca@192.1.2.23 included non-error error Aug 26 13:24:28.554241: | delete esp.76b1c3bf@192.1.2.45 Aug 26 13:24:28.554252: | netlink response for Del SA esp.76b1c3bf@192.1.2.45 included non-error error Aug 26 13:24:28.554258: | in connection_discard for connection west Aug 26 13:24:28.554261: | State DB: deleting IKEv2 state #3 in V2_IPSEC_I Aug 26 13:24:28.554266: | child state #3: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:28.554298: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:24:28.554312: | State DB: found IKEv2 state #4 in V2_IPSEC_I (v2_expire_unused_ike_sa) Aug 26 13:24:28.554316: | can't expire unused IKE SA #1; it has the child #4 Aug 26 13:24:28.554336: | libevent_free: release ptr-libevent@0x56327f93f958 Aug 26 13:24:28.554339: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f6184002b78 Aug 26 13:24:28.554343: | in statetime_stop() and could not find #3 Aug 26 13:24:28.554347: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:28.554747: | spent 0.00219 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:28.554761: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:28.554763: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:28.554765: | 2e 20 25 20 00 00 00 05 00 00 00 45 2a 00 00 29 Aug 26 13:24:28.554766: | 4d c7 c5 6e ab 2c 5c 0f 22 0e cb e3 d3 44 d7 6d Aug 26 13:24:28.554768: | 91 16 34 29 d3 08 c5 2c 7f 1b fe 62 4d f9 96 de Aug 26 13:24:28.554769: | b0 82 16 ca cf Aug 26 13:24:28.554772: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:28.554775: | **parse ISAKMP Message: Aug 26 13:24:28.554776: | initiator cookie: Aug 26 13:24:28.554778: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:28.554779: | responder cookie: Aug 26 13:24:28.554781: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:28.554783: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:28.554785: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:28.554786: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:28.554788: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:28.554790: | Message ID: 5 (0x5) Aug 26 13:24:28.554791: | length: 69 (0x45) Aug 26 13:24:28.554793: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:28.554795: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:28.554798: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:28.554802: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:28.554805: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:28.554806: | #1 is idle Aug 26 13:24:28.554808: | #1 idle Aug 26 13:24:28.554810: | unpacking clear payload Aug 26 13:24:28.554811: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:28.554813: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:28.554815: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:28.554816: | flags: none (0x0) Aug 26 13:24:28.554818: | length: 41 (0x29) Aug 26 13:24:28.554820: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:28.554821: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:24:28.554830: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:28.554832: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:28.554834: | **parse IKEv2 Delete Payload: Aug 26 13:24:28.554836: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:28.554837: | flags: none (0x0) Aug 26 13:24:28.554839: | length: 12 (0xc) Aug 26 13:24:28.554840: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:28.554842: | SPI size: 4 (0x4) Aug 26 13:24:28.554844: | number of SPIs: 1 (0x1) Aug 26 13:24:28.554845: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:28.554847: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:24:28.554849: | Now let's proceed with state specific processing Aug 26 13:24:28.554850: | calling processor I3: INFORMATIONAL Request Aug 26 13:24:28.554852: | an informational response Aug 26 13:24:28.554854: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:28.554856: | SPI 95 f4 fb ca Aug 26 13:24:28.554858: | delete PROTO_v2_ESP SA(0x95f4fbca) Aug 26 13:24:28.554859: | State DB: IKEv2 state not found (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:28.554864: "west" #1: received delete request for PROTO_v2_ESP SA(0x95f4fbca) but corresponding state not found Aug 26 13:24:28.554868: | #1 spent 0.0143 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:28.554871: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:28.554873: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:24:28.554875: | Message ID: updating counters for #1 to 5 after switching state Aug 26 13:24:28.554878: | Message ID: recv #1 response 5; ike: initiator.sent=5 initiator.recv=4->5 responder.sent=-1 responder.recv=-1 wip.initiator=5->-1 wip.responder=-1 Aug 26 13:24:28.554881: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=5 initiator.recv=5 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:28.554883: "west" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:28.554886: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:28.554889: | #1 spent 0.134 milliseconds in ikev2_process_packet() Aug 26 13:24:28.554891: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:28.554893: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:28.554895: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:28.554898: | spent 0.143 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:37.255436: | processing global timer EVENT_PENDING_DDNS Aug 26 13:24:37.255492: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:24:37.255505: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:24:37.255519: | elapsed time in connection_check_ddns for hostname lookup 0.000024 Aug 26 13:24:37.255537: | spent 0.0415 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:24:37.255547: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:37.255559: | expiring aged bare shunts from shunt table Aug 26 13:24:37.255571: | spent 0.012 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:38.958163: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:38.958199: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:24:38.958206: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:38.958217: | get_sa_info esp.82e76b78@192.1.2.45 Aug 26 13:24:38.958242: | get_sa_info esp.4f2a821@192.1.2.23 Aug 26 13:24:38.958273: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:38.958284: | spent 0.136 milliseconds in whack Aug 26 13:24:39.089525: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:39.089945: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:39.089957: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:39.090091: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:24:39.090099: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:39.090131: | get_sa_info esp.82e76b78@192.1.2.45 Aug 26 13:24:39.090167: | get_sa_info esp.4f2a821@192.1.2.23 Aug 26 13:24:39.090216: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:39.090231: | spent 0.72 milliseconds in whack Aug 26 13:24:39.393445: | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:39.393465: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:39.393468: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.393469: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:24:39.393471: | e5 bf 3e c3 53 c1 b2 74 85 59 88 d5 3e df fe cd Aug 26 13:24:39.393472: | 32 4d 73 6c 08 6c 66 0a 22 e4 04 cf fd 98 90 96 Aug 26 13:24:39.393474: | d3 12 76 4a 07 Aug 26 13:24:39.393479: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:39.393482: | **parse ISAKMP Message: Aug 26 13:24:39.393484: | initiator cookie: Aug 26 13:24:39.393486: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:39.393487: | responder cookie: Aug 26 13:24:39.393489: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.393504: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:39.393505: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.393507: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.393509: | flags: none (0x0) Aug 26 13:24:39.393525: | Message ID: 0 (0x0) Aug 26 13:24:39.393527: | length: 69 (0x45) Aug 26 13:24:39.393529: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:39.393532: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:24:39.393535: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:39.393539: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:39.393541: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:24:39.393544: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:24:39.393546: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:24:39.393549: | Message ID: #1 not a duplicate - message is new; initiator.sent=5 initiator.recv=5 responder.sent=-1 responder.recv=-1 Aug 26 13:24:39.393551: | unpacking clear payload Aug 26 13:24:39.393552: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:39.393555: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:39.393556: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:39.393558: | flags: none (0x0) Aug 26 13:24:39.393560: | length: 41 (0x29) Aug 26 13:24:39.393561: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:39.393564: | Message ID: start-responder #1 request 0; ike: initiator.sent=5 initiator.recv=5 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:24:39.393566: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:24:39.393578: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:39.393581: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:39.393583: | **parse IKEv2 Delete Payload: Aug 26 13:24:39.393584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.393586: | flags: none (0x0) Aug 26 13:24:39.393587: | length: 12 (0xc) Aug 26 13:24:39.393589: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:39.393591: | SPI size: 4 (0x4) Aug 26 13:24:39.393592: | number of SPIs: 1 (0x1) Aug 26 13:24:39.393594: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:39.393596: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:24:39.393598: | Now let's proceed with state specific processing Aug 26 13:24:39.393599: | calling processor I3: INFORMATIONAL Request Aug 26 13:24:39.393602: | an informational request should send a response Aug 26 13:24:39.393606: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:24:39.393608: | **emit ISAKMP Message: Aug 26 13:24:39.393610: | initiator cookie: Aug 26 13:24:39.393612: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:39.393613: | responder cookie: Aug 26 13:24:39.393615: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.393617: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.393619: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.393620: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.393622: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:39.393624: | Message ID: 0 (0x0) Aug 26 13:24:39.393626: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.393628: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.393629: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.393632: | flags: none (0x0) Aug 26 13:24:39.393635: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.393637: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:24:39.393639: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.393644: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:39.393646: | SPI 04 f2 a8 21 Aug 26 13:24:39.393647: | delete PROTO_v2_ESP SA(0x04f2a821) Aug 26 13:24:39.393650: | v2 CHILD SA #4 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:24:39.393652: | State DB: found IKEv2 state #4 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:39.393654: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x04f2a821) Aug 26 13:24:39.393656: "west" #1: received Delete SA payload: replace IPsec State #4 now Aug 26 13:24:39.393658: | state #4 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:39.393661: | libevent_free: release ptr-libevent@0x7f617c002888 Aug 26 13:24:39.393663: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f6188002b78 Aug 26 13:24:39.393665: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:39.393668: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Aug 26 13:24:39.393670: | libevent_malloc: new ptr-libevent@0x56327f945d68 size 128 Aug 26 13:24:39.393672: | ****emit IKEv2 Delete Payload: Aug 26 13:24:39.393674: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.393676: | flags: none (0x0) Aug 26 13:24:39.393677: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:39.393679: | SPI size: 4 (0x4) Aug 26 13:24:39.393681: | number of SPIs: 1 (0x1) Aug 26 13:24:39.393683: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:39.393685: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:24:39.393687: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:24:39.393688: | local SPIs 82 e7 6b 78 Aug 26 13:24:39.393690: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:39.393692: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:39.393694: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:39.393696: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:39.393698: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:39.393699: | emitting length of ISAKMP Message: 69 Aug 26 13:24:39.393708: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:39.393713: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.393715: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:24:39.393716: | b6 ae 93 86 ae 50 4e d4 33 cf 08 5f 26 3f 7f 58 Aug 26 13:24:39.393718: | db d9 22 a4 41 c3 b7 29 39 e5 42 46 9b 52 f2 9f Aug 26 13:24:39.393719: | 8b c4 71 fe 29 Aug 26 13:24:39.393740: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=5 initiator.recv=5 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:24:39.393743: | Message ID: sent #1 response 0; ike: initiator.sent=5 initiator.recv=5 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:24:39.393748: | #1 spent 0.137 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:39.393764: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:39.393768: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:24:39.393771: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:24:39.393773: | Message ID: recv #1 request 0; ike: initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:24:39.393776: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:39.393778: "west" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:39.393781: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:39.393784: | #1 spent 0.32 milliseconds in ikev2_process_packet() Aug 26 13:24:39.393787: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:39.393789: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:39.393791: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:39.393793: | spent 0.329 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:39.393799: | timer_event_cb: processing event@0x7f6188002b78 Aug 26 13:24:39.393801: | handling event EVENT_SA_REPLACE for child state #4 Aug 26 13:24:39.393804: | start processing: state #4 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:39.393806: | picked newest_ipsec_sa #4 for #4 Aug 26 13:24:39.393808: | replacing stale CHILD SA Aug 26 13:24:39.393811: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:39.393813: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:39.393815: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:39.393818: | creating state object #5 at 0x56327f9393d8 Aug 26 13:24:39.393820: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 13:24:39.393823: | pstats #5 ikev2.child started Aug 26 13:24:39.393825: | duplicating state object #1 "west" as #5 for IPSEC SA Aug 26 13:24:39.393828: | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:39.393832: | Message ID: init_child #1.#5; ike: initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:39.393835: | suspend processing: state #4 connection "west" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:39.393838: | start processing: state #5 connection "west" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:39.393840: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:39.393848: | using existing local ESP/AH proposals for west (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:39.393853: | #5 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #4 using IKE# 1 pfs=MODP2048 Aug 26 13:24:39.393855: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f6184002b78 Aug 26 13:24:39.393857: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 13:24:39.393859: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:39.393862: | RESET processing: state #5 connection "west" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:39.393864: | event_schedule: new EVENT_SA_EXPIRE-pe@0x56327f9313d8 Aug 26 13:24:39.393866: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Aug 26 13:24:39.393868: | libevent_malloc: new ptr-libevent@0x7f6170001f78 size 128 Aug 26 13:24:39.393870: | libevent_free: release ptr-libevent@0x56327f945d68 Aug 26 13:24:39.393873: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:39.393876: | #4 spent 0.0769 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:24:39.393878: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:39.393881: | timer_event_cb: processing event@0x7f6184002b78 Aug 26 13:24:39.393883: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 13:24:39.393886: | start processing: state #5 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:39.393890: | adding Child Rekey Initiator KE and nonce ni work-order 7 for state #5 Aug 26 13:24:39.393891: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:39.393894: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:24:39.393895: | libevent_malloc: new ptr-libevent@0x56327f945d68 size 128 Aug 26 13:24:39.393902: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:39.393904: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f6184002b78 Aug 26 13:24:39.393920: | #5 spent 0.0383 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:39.393923: | stop processing: state #5 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:24:39.393925: | timer_event_cb: processing event@0x56327f9313d8 Aug 26 13:24:39.393927: | handling event EVENT_SA_EXPIRE for child state #4 Aug 26 13:24:39.393928: | crypto helper 2 resuming Aug 26 13:24:39.393930: | start processing: state #4 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:39.393942: | crypto helper 2 starting work-order 7 for state #5 Aug 26 13:24:39.393948: | picked newest_ipsec_sa #4 for #4 Aug 26 13:24:39.393951: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 7 Aug 26 13:24:39.393951: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:24:39.393976: | pstats #4 ikev2.child re-failed exchange-timeout Aug 26 13:24:39.393981: | pstats #4 ikev2.child deleted completed Aug 26 13:24:39.393985: | #4 spent 7.57 milliseconds in total Aug 26 13:24:39.393991: | [RE]START processing: state #4 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:39.393995: "west" #4: deleting state (STATE_V2_IPSEC_I) aged 11.867s and NOT sending notification Aug 26 13:24:39.393998: | child state #4: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:39.394002: | get_sa_info esp.4f2a821@192.1.2.23 Aug 26 13:24:39.394014: | get_sa_info esp.82e76b78@192.1.2.45 Aug 26 13:24:39.394021: "west" #4: ESP traffic information: in=336B out=336B Aug 26 13:24:39.394025: | child state #4: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:24:39.394078: | running updown command "ipsec _updown" for verb down Aug 26 13:24:39.394083: | command executing down-client Aug 26 13:24:39.394105: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825867' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4f2a82 Aug 26 13:24:39.394108: | popen cmd is 1033 chars long Aug 26 13:24:39.394110: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTER: Aug 26 13:24:39.394114: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: Aug 26 13:24:39.394116: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: Aug 26 13:24:39.394118: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: Aug 26 13:24:39.394119: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: Aug 26 13:24:39.394121: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: Aug 26 13:24:39.394123: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: Aug 26 13:24:39.394124: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825867' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: Aug 26 13:24:39.394126: | cmd( 640):NEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PE: Aug 26 13:24:39.394128: | cmd( 720):RMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLU: Aug 26 13:24:39.394129: | cmd( 800):TO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SER: Aug 26 13:24:39.394131: | cmd( 880):VER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n: Aug 26 13:24:39.394133: | cmd( 960):o' VTI_SHARED='no' SPI_IN=0x4f2a821 SPI_OUT=0x82e76b78 ipsec _updown 2>&1: Aug 26 13:24:39.394657: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 7 time elapsed 0.000705 seconds Aug 26 13:24:39.394671: | (#5) spent 0.711 milliseconds in crypto helper computing work-order 7: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:39.394674: | crypto helper 2 sending results from work-order 7 for state #5 to event queue Aug 26 13:24:39.394676: | scheduling resume sending helper answer for #5 Aug 26 13:24:39.394679: | libevent_malloc: new ptr-libevent@0x7f6174002888 size 128 Aug 26 13:24:39.394690: | crypto helper 2 waiting (nothing to do) Aug 26 13:24:39.401359: | shunt_eroute() called for connection 'west' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:24:39.401374: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:24:39.401377: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:39.401382: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:39.401428: | delete esp.4f2a821@192.1.2.23 Aug 26 13:24:39.401452: | netlink response for Del SA esp.4f2a821@192.1.2.23 included non-error error Aug 26 13:24:39.401459: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:39.401467: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:24:39.401491: | raw_eroute result=success Aug 26 13:24:39.401496: | delete esp.82e76b78@192.1.2.45 Aug 26 13:24:39.401508: | netlink response for Del SA esp.82e76b78@192.1.2.45 included non-error error Aug 26 13:24:39.401521: | in connection_discard for connection west Aug 26 13:24:39.401525: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 13:24:39.401531: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:24:39.401578: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.401604: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:24:39.401608: | can't expire unused IKE SA #1; it has the child #5 Aug 26 13:24:39.401615: | libevent_free: release ptr-libevent@0x7f6170001f78 Aug 26 13:24:39.401621: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x56327f9313d8 Aug 26 13:24:39.401625: | in statetime_stop() and could not find #4 Aug 26 13:24:39.401629: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:39.401644: | processing resume sending helper answer for #5 Aug 26 13:24:39.401651: | start processing: state #5 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:24:39.401660: | crypto helper 2 replies to request ID 7 Aug 26 13:24:39.401664: | calling continuation function 0x56327dd4db50 Aug 26 13:24:39.401670: | ikev2_child_outI_continue for #5 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:39.401674: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:39.401694: | libevent_free: release ptr-libevent@0x56327f945d68 Aug 26 13:24:39.401699: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:39.401704: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:39.401709: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #5 Aug 26 13:24:39.401713: | libevent_malloc: new ptr-libevent@0x7f617c003468 size 128 Aug 26 13:24:39.401733: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:39.401737: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:39.401741: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:39.401749: | [RE]START processing: state #5 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:39.401755: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:39.401758: | suspending state #5 and saving MD Aug 26 13:24:39.401761: | #5 is busy; has a suspended MD Aug 26 13:24:39.401765: | [RE]START processing: state #5 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:39.401767: | "west" #5 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:39.401770: | resume sending helper answer for #5 suppresed complete_v2_state_transition() Aug 26 13:24:39.401775: | #5 spent 0.114 milliseconds in resume sending helper answer Aug 26 13:24:39.401778: | stop processing: state #5 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:24:39.401780: | libevent_free: release ptr-libevent@0x7f6174002888 Aug 26 13:24:39.401782: | processing signal PLUTO_SIGCHLD Aug 26 13:24:39.401786: | waitpid returned ECHILD (no child processes left) Aug 26 13:24:39.401789: | spent 0.00423 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:24:39.401792: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:39.401810: | start processing: state #1 connection "west" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:24:39.401815: | Message ID: #1.#5 resuming SA using IKE SA (unack 0); initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:39.401817: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:39.401820: | start processing: state #5 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:39.401854: | **emit ISAKMP Message: Aug 26 13:24:39.401857: | initiator cookie: Aug 26 13:24:39.401858: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:39.401860: | responder cookie: Aug 26 13:24:39.401861: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.401863: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.401865: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.401867: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:39.401870: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:39.401872: | Message ID: 6 (0x6) Aug 26 13:24:39.401873: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.401876: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.401878: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.401879: | flags: none (0x0) Aug 26 13:24:39.401881: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.401885: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.401887: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.401921: | netlink_get_spi: allocated 0x92887f51 for esp.0@192.1.2.45 Aug 26 13:24:39.401925: | Emitting ikev2_proposals ... Aug 26 13:24:39.401929: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:39.401932: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.401935: | flags: none (0x0) Aug 26 13:24:39.401940: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:39.401944: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.401947: | discarding INTEG=NONE Aug 26 13:24:39.401951: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.401954: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.401957: | prop #: 1 (0x1) Aug 26 13:24:39.401961: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:39.401964: | spi size: 4 (0x4) Aug 26 13:24:39.401967: | # transforms: 3 (0x3) Aug 26 13:24:39.401971: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.401975: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:39.401978: | our spi 92 88 7f 51 Aug 26 13:24:39.401982: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.401986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.401989: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.401993: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:39.401997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402001: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.402005: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.402008: | length/value: 256 (0x100) Aug 26 13:24:39.402012: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.402015: | discarding INTEG=NONE Aug 26 13:24:39.402018: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402025: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.402029: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.402033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402045: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402049: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.402052: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:39.402055: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:39.402060: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402064: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402068: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402071: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:39.402076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.402079: | discarding INTEG=NONE Aug 26 13:24:39.402082: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.402088: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.402091: | prop #: 2 (0x2) Aug 26 13:24:39.402095: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:39.402098: | spi size: 4 (0x4) Aug 26 13:24:39.402101: | # transforms: 3 (0x3) Aug 26 13:24:39.402106: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.402110: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.402114: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:39.402117: | our spi 92 88 7f 51 Aug 26 13:24:39.402118: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402120: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402122: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.402124: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:39.402125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402127: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.402129: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.402131: | length/value: 128 (0x80) Aug 26 13:24:39.402132: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.402134: | discarding INTEG=NONE Aug 26 13:24:39.402136: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.402140: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.402142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402146: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402148: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402149: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.402151: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:39.402152: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:39.402154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402158: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402160: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:39.402161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.402163: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.402165: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.402166: | prop #: 3 (0x3) Aug 26 13:24:39.402168: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:39.402169: | spi size: 4 (0x4) Aug 26 13:24:39.402171: | # transforms: 5 (0x5) Aug 26 13:24:39.402173: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.402175: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.402177: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:39.402178: | our spi 92 88 7f 51 Aug 26 13:24:39.402180: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402185: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.402186: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:39.402188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402190: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.402192: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.402193: | length/value: 256 (0x100) Aug 26 13:24:39.402195: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.402196: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402200: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.402201: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:39.402203: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402205: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402207: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402208: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402212: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.402213: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:39.402215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402217: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402219: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402220: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402222: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402223: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.402225: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.402227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402232: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402234: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.402235: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:39.402237: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:39.402239: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402242: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402244: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:39.402246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.402247: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.402249: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:39.402251: | prop #: 4 (0x4) Aug 26 13:24:39.402252: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:39.402254: | spi size: 4 (0x4) Aug 26 13:24:39.402255: | # transforms: 5 (0x5) Aug 26 13:24:39.402257: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.402262: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.402264: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:39.402266: | our spi 92 88 7f 51 Aug 26 13:24:39.402267: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402269: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402270: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.402272: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:39.402274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402276: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.402277: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.402279: | length/value: 128 (0x80) Aug 26 13:24:39.402280: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.402282: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402285: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.402287: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:39.402294: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402298: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402300: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402303: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.402304: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:39.402306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402310: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402311: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402315: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.402316: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.402318: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402322: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402323: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.402325: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.402326: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:39.402328: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:39.402330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.402332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.402333: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.402335: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:39.402338: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.402340: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:39.402341: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:39.402344: "west" #5: CHILD SA to rekey #4 vanished abort this exchange Aug 26 13:24:39.402346: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:24:39.402349: | [RE]START processing: state #5 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:39.402352: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:24:39.402391: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:24:39.402399: | stop processing: state #5 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:39.402405: | resume processing: state #1 connection "west" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:39.402411: | #1 spent 0.594 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:39.402417: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:24:39.402421: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:39.404729: | spent 0.00214 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:39.404749: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:39.404752: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.404754: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:24:39.404756: | be f2 c7 2b 33 09 59 1f 72 46 18 fa 5e 77 14 2d Aug 26 13:24:39.404757: | 83 f5 75 08 28 13 5f 0f d0 11 d7 58 a4 de 85 9e Aug 26 13:24:39.404759: | c9 Aug 26 13:24:39.404762: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:39.404764: | **parse ISAKMP Message: Aug 26 13:24:39.404766: | initiator cookie: Aug 26 13:24:39.404767: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:39.404769: | responder cookie: Aug 26 13:24:39.404771: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.404773: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:39.404774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.404776: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.404778: | flags: none (0x0) Aug 26 13:24:39.404780: | Message ID: 1 (0x1) Aug 26 13:24:39.404781: | length: 65 (0x41) Aug 26 13:24:39.404783: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:39.404786: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:24:39.404788: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:39.404792: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:39.404794: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:24:39.404797: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:24:39.404799: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:24:39.404802: | Message ID: #1 not a duplicate - message is new; initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 Aug 26 13:24:39.404804: | unpacking clear payload Aug 26 13:24:39.404806: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:39.404808: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:39.404809: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:39.404811: | flags: none (0x0) Aug 26 13:24:39.404812: | length: 37 (0x25) Aug 26 13:24:39.404814: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:24:39.404820: | Message ID: start-responder #1 request 1; ike: initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:24:39.404822: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:24:39.404834: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:39.404836: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:39.404838: | **parse IKEv2 Delete Payload: Aug 26 13:24:39.404840: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.404842: | flags: none (0x0) Aug 26 13:24:39.404843: | length: 8 (0x8) Aug 26 13:24:39.404845: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:24:39.404847: | SPI size: 0 (0x0) Aug 26 13:24:39.404848: | number of SPIs: 0 (0x0) Aug 26 13:24:39.404850: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:24:39.404852: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:24:39.404853: | Now let's proceed with state specific processing Aug 26 13:24:39.404855: | calling processor I3: INFORMATIONAL Request Aug 26 13:24:39.404857: | an informational request should send a response Aug 26 13:24:39.404861: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:24:39.404864: | **emit ISAKMP Message: Aug 26 13:24:39.404865: | initiator cookie: Aug 26 13:24:39.404867: | 34 f5 76 a9 3e 8c 98 bc Aug 26 13:24:39.404869: | responder cookie: Aug 26 13:24:39.404870: | 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.404872: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.404873: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.404875: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.404877: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:24:39.404879: | Message ID: 1 (0x1) Aug 26 13:24:39.404881: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.404883: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.404884: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.404886: | flags: none (0x0) Aug 26 13:24:39.404888: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.404890: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:24:39.404892: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.404896: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:39.404898: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:39.404900: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:39.404902: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:24:39.404903: | emitting length of ISAKMP Message: 57 Aug 26 13:24:39.404913: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:39.404916: | 34 f5 76 a9 3e 8c 98 bc 16 9f 01 b3 a8 98 ae 60 Aug 26 13:24:39.404918: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:24:39.404919: | 53 74 3a 80 e5 73 0f da 58 cc a3 3d 8f a3 33 97 Aug 26 13:24:39.404921: | 6b a4 5c 0b 93 8f dd 9a ee Aug 26 13:24:39.404941: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=5 initiator.recv=5 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:24:39.404945: | Message ID: sent #1 response 1; ike: initiator.sent=5 initiator.recv=5 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:24:39.404948: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:24:39.404950: | pstats #5 ikev2.child deleted other Aug 26 13:24:39.404952: | #5 spent 0.863 milliseconds in total Aug 26 13:24:39.404957: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:39.404960: | start processing: state #5 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:39.404962: "west" #5: deleting other state #5 (STATE_CHILDSA_DEL) aged 0.011s and NOT sending notification Aug 26 13:24:39.404964: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 13:24:39.404967: | state #5 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:39.404969: | libevent_free: release ptr-libevent@0x7f617c003468 Aug 26 13:24:39.404971: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6188002b78 Aug 26 13:24:39.404974: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:39.404978: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:24:39.404987: | raw_eroute result=success Aug 26 13:24:39.404991: | in connection_discard for connection west Aug 26 13:24:39.404993: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 13:24:39.404998: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:24:39.405008: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.405011: | resume processing: state #1 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.405016: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:24:39.405018: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:24:39.405020: | pstats #1 ikev2.ike deleted completed Aug 26 13:24:39.405022: | #1 spent 21.3 milliseconds in total Aug 26 13:24:39.405025: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:39.405027: "west" #1: deleting state (STATE_IKESA_DEL) aged 61.956s and NOT sending notification Aug 26 13:24:39.405029: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:24:39.405060: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:39.405063: | libevent_free: release ptr-libevent@0x7f6180000f48 Aug 26 13:24:39.405067: | free_event_entry: release EVENT_SA_REKEY-pe@0x56327f92e548 Aug 26 13:24:39.405069: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:24:39.405071: | picked newest_isakmp_sa #0 for #1 Aug 26 13:24:39.405073: "west" #1: deleting IKE SA for connection 'west' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:24:39.405075: | add revival: connection 'west' added to the list and scheduled for 0 seconds Aug 26 13:24:39.405078: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:24:39.405080: | in connection_discard for connection west Aug 26 13:24:39.405082: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:24:39.405084: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:24:39.405098: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.405119: | in statetime_stop() and could not find #1 Aug 26 13:24:39.405122: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:39.405124: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:24:39.405126: | STF_OK but no state object remains Aug 26 13:24:39.405128: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:39.405130: | in statetime_stop() and could not find #1 Aug 26 13:24:39.405133: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:39.405135: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:39.405136: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:39.405140: | spent 0.392 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:39.405144: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:24:39.405148: Initiating connection west which received a Delete/Notify but must remain up per local policy Aug 26 13:24:39.405150: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:24:39.405153: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Aug 26 13:24:39.405155: | connection 'west' +POLICY_UP Aug 26 13:24:39.405157: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:24:39.405159: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:39.405164: | creating state object #6 at 0x56327f92ec18 Aug 26 13:24:39.405166: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 13:24:39.405169: | pstats #6 ikev2.ike started Aug 26 13:24:39.405172: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:24:39.405174: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:24:39.405177: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:39.405181: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:24:39.405184: | start processing: state #6 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:24:39.405186: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:24:39.405188: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #6 "west" Aug 26 13:24:39.405191: "west" #6: initiating v2 parent SA Aug 26 13:24:39.405201: | using existing local IKE proposals for connection west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:39.405204: | adding ikev2_outI1 KE work-order 8 for state #6 Aug 26 13:24:39.405206: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:39.405209: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:24:39.405211: | libevent_malloc: new ptr-libevent@0x56327f9315f8 size 128 Aug 26 13:24:39.405220: | #6 spent 0.0663 milliseconds in ikev2_parent_outI1() Aug 26 13:24:39.405225: | RESET processing: state #6 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:24:39.405227: | crypto helper 0 resuming Aug 26 13:24:39.405229: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:24:39.405237: | crypto helper 0 starting work-order 8 for state #6 Aug 26 13:24:39.405240: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:24:39.405242: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 8 Aug 26 13:24:39.405245: | spent 0.0926 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:24:39.405811: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 8 time elapsed 0.000569 seconds Aug 26 13:24:39.405821: | (#6) spent 0.572 milliseconds in crypto helper computing work-order 8: ikev2_outI1 KE (pcr) Aug 26 13:24:39.405824: | crypto helper 0 sending results from work-order 8 for state #6 to event queue Aug 26 13:24:39.405826: | scheduling resume sending helper answer for #6 Aug 26 13:24:39.405828: | libevent_malloc: new ptr-libevent@0x7f6188004818 size 128 Aug 26 13:24:39.405834: | crypto helper 0 waiting (nothing to do) Aug 26 13:24:39.405842: | processing resume sending helper answer for #6 Aug 26 13:24:39.405853: | start processing: state #6 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:39.405857: | crypto helper 0 replies to request ID 8 Aug 26 13:24:39.405858: | calling continuation function 0x56327dd4db50 Aug 26 13:24:39.405860: | ikev2_parent_outI1_continue for #6 Aug 26 13:24:39.405864: | **emit ISAKMP Message: Aug 26 13:24:39.405866: | initiator cookie: Aug 26 13:24:39.405868: | 9d e9 39 9a 1e 5f fa 1f Aug 26 13:24:39.405869: | responder cookie: Aug 26 13:24:39.405871: | 00 00 00 00 00 00 00 00 Aug 26 13:24:39.405873: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.405874: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.405876: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:24:39.405878: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:39.405880: | Message ID: 0 (0x0) Aug 26 13:24:39.405882: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.405891: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:39.405893: | Emitting ikev2_proposals ... Aug 26 13:24:39.405895: | ***emit IKEv2 Security Association Payload: Aug 26 13:24:39.405897: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.405899: | flags: none (0x0) Aug 26 13:24:39.405901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:39.405903: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.405905: | discarding INTEG=NONE Aug 26 13:24:39.405906: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.405908: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.405910: | prop #: 1 (0x1) Aug 26 13:24:39.405911: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:39.405913: | spi size: 0 (0x0) Aug 26 13:24:39.405914: | # transforms: 11 (0xb) Aug 26 13:24:39.405916: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.405918: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405922: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.405923: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:39.405925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405927: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.405929: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.405931: | length/value: 256 (0x100) Aug 26 13:24:39.405933: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.405934: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405938: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.405939: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:39.405941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405945: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405946: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.405948: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405951: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.405953: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:39.405955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405958: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.405960: | discarding INTEG=NONE Aug 26 13:24:39.405961: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405965: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.405966: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.405968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405972: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.405973: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405976: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.405978: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:39.405980: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405984: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.405985: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405988: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.405990: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:39.405992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.405994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.405995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.405997: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.405998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406002: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:39.406004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406009: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406012: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406014: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:39.406016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406020: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406021: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406025: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:39.406028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406030: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406032: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406033: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406036: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406038: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:39.406040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406045: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406047: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.406048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406050: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:39.406052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406055: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406057: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:24:39.406059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.406060: | discarding INTEG=NONE Aug 26 13:24:39.406062: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.406064: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.406065: | prop #: 2 (0x2) Aug 26 13:24:39.406067: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:39.406068: | spi size: 0 (0x0) Aug 26 13:24:39.406070: | # transforms: 11 (0xb) Aug 26 13:24:39.406072: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.406074: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.406076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406079: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.406081: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:39.406082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406084: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.406087: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.406088: | length/value: 128 (0x80) Aug 26 13:24:39.406090: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.406092: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406095: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406097: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:39.406098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406102: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406104: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406107: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406108: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:39.406110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406114: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406115: | discarding INTEG=NONE Aug 26 13:24:39.406117: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406120: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406122: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.406124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406127: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406132: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406133: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:39.406135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406140: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406145: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:39.406147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406151: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406152: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406155: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406157: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:39.406160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406163: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406168: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406170: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:39.406172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406173: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406175: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406177: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406181: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:39.406183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406187: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406188: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406193: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:39.406195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406199: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406200: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406202: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.406203: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406205: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:39.406207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406210: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406212: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:24:39.406214: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.406216: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.406217: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.406219: | prop #: 3 (0x3) Aug 26 13:24:39.406220: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:39.406222: | spi size: 0 (0x0) Aug 26 13:24:39.406224: | # transforms: 13 (0xd) Aug 26 13:24:39.406226: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.406227: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.406230: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406231: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406233: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.406235: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:39.406236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406238: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.406240: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.406241: | length/value: 256 (0x100) Aug 26 13:24:39.406243: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.406245: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406248: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406249: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:39.406251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406255: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406256: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406258: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406260: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406261: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:39.406263: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406267: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406268: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406271: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.406273: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:39.406275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406278: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406280: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406282: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406283: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.406285: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:39.406287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406333: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406334: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406336: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406338: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406339: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.406341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406346: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406347: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406352: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:39.406354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406357: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406359: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406360: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406364: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:39.406365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406370: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406373: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406375: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:39.406377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406380: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406386: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:39.406388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406390: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406392: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406393: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406396: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406398: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:39.406400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406403: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406405: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406410: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:39.406412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406416: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406417: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406419: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.406420: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406422: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:39.406424: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406427: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406429: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:24:39.406430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.406432: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:39.406434: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:39.406435: | prop #: 4 (0x4) Aug 26 13:24:39.406437: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:39.406438: | spi size: 0 (0x0) Aug 26 13:24:39.406440: | # transforms: 13 (0xd) Aug 26 13:24:39.406442: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:39.406444: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:39.406445: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406448: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:39.406450: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:39.406452: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406453: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:39.406455: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:39.406456: | length/value: 128 (0x80) Aug 26 13:24:39.406458: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:39.406460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406463: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406464: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:39.406466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406470: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406471: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406474: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:39.406476: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:39.406478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406482: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406484: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406487: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.406488: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:39.406490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406492: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406494: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406495: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406497: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406498: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:39.406500: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:39.406502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406505: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406507: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406510: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406511: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.406513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406516: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406518: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406521: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406523: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:39.406525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406528: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406534: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:39.406536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406538: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406539: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406541: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406544: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406546: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:39.406547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406552: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406553: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406556: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406558: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:39.406560: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406563: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406568: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406569: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:39.406571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406575: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406576: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406581: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:39.406583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406586: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406588: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:24:39.406589: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:39.406591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:39.406592: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:39.406594: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:39.406596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:39.406598: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:39.406599: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:24:39.406601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:39.406603: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:24:39.406605: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:39.406606: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:24:39.406608: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.406609: | flags: none (0x0) Aug 26 13:24:39.406611: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:39.406613: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:39.406616: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.406618: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:39.406620: | ikev2 g^x 9c 9e 3a 4c 00 e4 fc ae 8d 42 ff 1a db 76 91 a9 Aug 26 13:24:39.406622: | ikev2 g^x 0a e9 10 44 36 f5 b1 07 da 8c 67 67 d2 98 ae 0a Aug 26 13:24:39.406623: | ikev2 g^x ac b0 2e a5 2c 39 7e ac d1 68 4c 36 95 bc e5 bf Aug 26 13:24:39.406625: | ikev2 g^x 83 eb 99 b1 39 9e e7 af 5f 72 08 e9 67 f9 b3 31 Aug 26 13:24:39.406626: | ikev2 g^x 0a 68 71 92 4c 29 db 76 41 8f 37 a5 8c 15 58 0c Aug 26 13:24:39.406628: | ikev2 g^x 3e d7 5d f4 b3 68 88 8f 4e 2c d8 c0 c7 29 73 55 Aug 26 13:24:39.406629: | ikev2 g^x 0a 57 03 8c 44 f1 af 44 bc a8 87 3b 1c 89 63 f9 Aug 26 13:24:39.406631: | ikev2 g^x f1 7a bf 98 39 b3 c5 b8 64 53 90 5e a0 30 63 96 Aug 26 13:24:39.406632: | ikev2 g^x 95 ad 72 7c 13 b1 92 04 83 37 b0 0a 0b 33 c2 bd Aug 26 13:24:39.406634: | ikev2 g^x e0 02 09 13 0a 1d 35 e1 b9 44 f7 86 8b 9c 17 b4 Aug 26 13:24:39.406635: | ikev2 g^x 91 5e a2 c3 b8 c9 92 60 9b f4 67 94 45 e6 09 d5 Aug 26 13:24:39.406637: | ikev2 g^x 41 df 40 c8 1a be b4 59 cf a8 ab 3c 1b f7 49 16 Aug 26 13:24:39.406638: | ikev2 g^x a0 72 8c 44 4a d7 3f cc 25 46 44 78 14 04 12 b4 Aug 26 13:24:39.406640: | ikev2 g^x 73 4e 40 83 d9 54 a7 4d 54 96 dc 02 44 fd b0 3e Aug 26 13:24:39.406641: | ikev2 g^x 23 67 77 c8 25 c6 c0 02 5d bb 5c b5 47 ab 0e 20 Aug 26 13:24:39.406643: | ikev2 g^x 92 9f 0e ff c7 e7 94 90 79 3c 77 f0 ac 11 bd 15 Aug 26 13:24:39.406645: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:39.406646: | ***emit IKEv2 Nonce Payload: Aug 26 13:24:39.406648: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:24:39.406649: | flags: none (0x0) Aug 26 13:24:39.406651: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:24:39.406653: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:39.406655: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.406657: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:39.406659: | IKEv2 nonce 22 25 ca cd f7 fd 0d 39 4d 56 7f 8c 31 fd 0a 79 Aug 26 13:24:39.406660: | IKEv2 nonce 03 af e1 81 e7 3c 12 91 b3 6c 0b 68 62 5b 1e ee Aug 26 13:24:39.406662: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:39.406663: | Adding a v2N Payload Aug 26 13:24:39.406665: | ***emit IKEv2 Notify Payload: Aug 26 13:24:39.406667: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.406668: | flags: none (0x0) Aug 26 13:24:39.406670: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:24:39.406671: | SPI size: 0 (0x0) Aug 26 13:24:39.406673: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:24:39.406675: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:39.406677: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.406679: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:24:39.406681: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:24:39.406683: | natd_hash: rcookie is zero Aug 26 13:24:39.406691: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:24:39.406693: | natd_hash: icookie= 9d e9 39 9a 1e 5f fa 1f Aug 26 13:24:39.406694: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:24:39.406696: | natd_hash: ip= c0 01 02 2d Aug 26 13:24:39.406697: | natd_hash: port=500 Aug 26 13:24:39.406699: | natd_hash: hash= f5 ee df 46 06 1e a6 59 b5 7d e6 54 91 c4 d6 60 Aug 26 13:24:39.406700: | natd_hash: hash= 32 f8 85 6b Aug 26 13:24:39.406702: | Adding a v2N Payload Aug 26 13:24:39.406707: | ***emit IKEv2 Notify Payload: Aug 26 13:24:39.406708: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.406710: | flags: none (0x0) Aug 26 13:24:39.406711: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:24:39.406713: | SPI size: 0 (0x0) Aug 26 13:24:39.406715: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:24:39.406717: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:39.406718: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.406720: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:24:39.406722: | Notify data f5 ee df 46 06 1e a6 59 b5 7d e6 54 91 c4 d6 60 Aug 26 13:24:39.406723: | Notify data 32 f8 85 6b Aug 26 13:24:39.406725: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:24:39.406727: | natd_hash: rcookie is zero Aug 26 13:24:39.406730: | natd_hash: hasher=0x56327de22800(20) Aug 26 13:24:39.406732: | natd_hash: icookie= 9d e9 39 9a 1e 5f fa 1f Aug 26 13:24:39.406734: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:24:39.406735: | natd_hash: ip= c0 01 02 17 Aug 26 13:24:39.406736: | natd_hash: port=500 Aug 26 13:24:39.406738: | natd_hash: hash= 95 45 e8 53 1c 07 c5 5c b1 87 e6 c5 c7 19 49 3d Aug 26 13:24:39.406739: | natd_hash: hash= b1 51 22 d1 Aug 26 13:24:39.406741: | Adding a v2N Payload Aug 26 13:24:39.406742: | ***emit IKEv2 Notify Payload: Aug 26 13:24:39.406744: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.406745: | flags: none (0x0) Aug 26 13:24:39.406747: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:24:39.406748: | SPI size: 0 (0x0) Aug 26 13:24:39.406750: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:24:39.406752: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:39.406754: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:39.406756: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:24:39.406757: | Notify data 95 45 e8 53 1c 07 c5 5c b1 87 e6 c5 c7 19 49 3d Aug 26 13:24:39.406759: | Notify data b1 51 22 d1 Aug 26 13:24:39.406760: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:24:39.406762: | emitting length of ISAKMP Message: 828 Aug 26 13:24:39.406766: | stop processing: state #6 connection "west" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:24:39.406770: | start processing: state #6 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:39.406772: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:24:39.406774: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:24:39.406776: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:24:39.406778: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 13:24:39.406780: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 13:24:39.406783: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:24:39.406785: "west" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:24:39.406788: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:39.406792: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 13:24:39.406793: | 9d e9 39 9a 1e 5f fa 1f 00 00 00 00 00 00 00 00 Aug 26 13:24:39.406795: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:24:39.406797: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:24:39.406798: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:24:39.406800: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:24:39.406802: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:24:39.406804: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:24:39.406805: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:24:39.406807: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:24:39.406808: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:24:39.406810: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:24:39.406811: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:24:39.406813: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:24:39.406814: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:24:39.406816: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:24:39.406817: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:24:39.406819: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:24:39.406820: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:24:39.406822: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:24:39.406823: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:24:39.406825: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:24:39.406826: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:24:39.406828: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:24:39.406829: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:24:39.406830: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:24:39.406832: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:24:39.406833: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:24:39.406835: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:24:39.406836: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:24:39.406838: | 28 00 01 08 00 0e 00 00 9c 9e 3a 4c 00 e4 fc ae Aug 26 13:24:39.406839: | 8d 42 ff 1a db 76 91 a9 0a e9 10 44 36 f5 b1 07 Aug 26 13:24:39.406841: | da 8c 67 67 d2 98 ae 0a ac b0 2e a5 2c 39 7e ac Aug 26 13:24:39.406842: | d1 68 4c 36 95 bc e5 bf 83 eb 99 b1 39 9e e7 af Aug 26 13:24:39.406844: | 5f 72 08 e9 67 f9 b3 31 0a 68 71 92 4c 29 db 76 Aug 26 13:24:39.406860: | 41 8f 37 a5 8c 15 58 0c 3e d7 5d f4 b3 68 88 8f Aug 26 13:24:39.406862: | 4e 2c d8 c0 c7 29 73 55 0a 57 03 8c 44 f1 af 44 Aug 26 13:24:39.406863: | bc a8 87 3b 1c 89 63 f9 f1 7a bf 98 39 b3 c5 b8 Aug 26 13:24:39.406865: | 64 53 90 5e a0 30 63 96 95 ad 72 7c 13 b1 92 04 Aug 26 13:24:39.406866: | 83 37 b0 0a 0b 33 c2 bd e0 02 09 13 0a 1d 35 e1 Aug 26 13:24:39.406868: | b9 44 f7 86 8b 9c 17 b4 91 5e a2 c3 b8 c9 92 60 Aug 26 13:24:39.406869: | 9b f4 67 94 45 e6 09 d5 41 df 40 c8 1a be b4 59 Aug 26 13:24:39.406871: | cf a8 ab 3c 1b f7 49 16 a0 72 8c 44 4a d7 3f cc Aug 26 13:24:39.406872: | 25 46 44 78 14 04 12 b4 73 4e 40 83 d9 54 a7 4d Aug 26 13:24:39.406874: | 54 96 dc 02 44 fd b0 3e 23 67 77 c8 25 c6 c0 02 Aug 26 13:24:39.406875: | 5d bb 5c b5 47 ab 0e 20 92 9f 0e ff c7 e7 94 90 Aug 26 13:24:39.406877: | 79 3c 77 f0 ac 11 bd 15 29 00 00 24 22 25 ca cd Aug 26 13:24:39.406878: | f7 fd 0d 39 4d 56 7f 8c 31 fd 0a 79 03 af e1 81 Aug 26 13:24:39.406880: | e7 3c 12 91 b3 6c 0b 68 62 5b 1e ee 29 00 00 08 Aug 26 13:24:39.406881: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f5 ee df 46 Aug 26 13:24:39.406883: | 06 1e a6 59 b5 7d e6 54 91 c4 d6 60 32 f8 85 6b Aug 26 13:24:39.406884: | 00 00 00 1c 00 00 40 05 95 45 e8 53 1c 07 c5 5c Aug 26 13:24:39.406886: | b1 87 e6 c5 c7 19 49 3d b1 51 22 d1 Aug 26 13:24:39.406898: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:39.406901: | libevent_free: release ptr-libevent@0x56327f9315f8 Aug 26 13:24:39.406903: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6188002b78 Aug 26 13:24:39.406905: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:24:39.406908: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:39.406911: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:24:39.406913: | libevent_malloc: new ptr-libevent@0x56327f945d68 size 128 Aug 26 13:24:39.406916: | #6 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11165.149375 Aug 26 13:24:39.406919: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 13:24:39.406923: | #6 spent 1.04 milliseconds in resume sending helper answer Aug 26 13:24:39.406926: | stop processing: state #6 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:39.406930: | libevent_free: release ptr-libevent@0x7f6188004818 Aug 26 13:24:39.907420: | timer_event_cb: processing event@0x7f6188002b78 Aug 26 13:24:39.907469: | handling event EVENT_RETRANSMIT for parent state #6 Aug 26 13:24:39.907493: | start processing: state #6 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:39.907505: | IKEv2 retransmit event Aug 26 13:24:39.907520: | [RE]START processing: state #6 connection "west" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:24:39.907534: | handling event EVENT_RETRANSMIT for 192.1.2.23 "west" #6 attempt 2 of 0 Aug 26 13:24:39.907547: | and parent for 192.1.2.23 "west" #6 keying attempt 1 of 0; retransmit 1 Aug 26 13:24:39.907566: | retransmits: current time 11165.650022; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500647 exceeds limit? NO Aug 26 13:24:39.907578: | event_schedule: new EVENT_RETRANSMIT-pe@0x56327f9313d8 Aug 26 13:24:39.907590: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:24:39.907601: | libevent_malloc: new ptr-libevent@0x7f6188004818 size 128 Aug 26 13:24:39.907615: "west" #6: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 13:24:39.907635: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 13:24:39.907644: | 9d e9 39 9a 1e 5f fa 1f 00 00 00 00 00 00 00 00 Aug 26 13:24:39.907652: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:24:39.907659: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:24:39.907667: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:24:39.907674: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:24:39.907681: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:24:39.907689: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:24:39.907696: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:24:39.907704: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:24:39.907711: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:24:39.907718: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:24:39.907726: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:24:39.907733: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:24:39.907741: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:24:39.907748: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:24:39.907755: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:24:39.907763: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:24:39.907770: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:24:39.907778: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:24:39.907785: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:24:39.907792: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:24:39.907800: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:24:39.907807: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:24:39.907815: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:24:39.907822: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:24:39.907839: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:24:39.907848: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:24:39.907855: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:24:39.907862: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:24:39.907870: | 28 00 01 08 00 0e 00 00 9c 9e 3a 4c 00 e4 fc ae Aug 26 13:24:39.907877: | 8d 42 ff 1a db 76 91 a9 0a e9 10 44 36 f5 b1 07 Aug 26 13:24:39.907885: | da 8c 67 67 d2 98 ae 0a ac b0 2e a5 2c 39 7e ac Aug 26 13:24:39.907892: | d1 68 4c 36 95 bc e5 bf 83 eb 99 b1 39 9e e7 af Aug 26 13:24:39.907899: | 5f 72 08 e9 67 f9 b3 31 0a 68 71 92 4c 29 db 76 Aug 26 13:24:39.907907: | 41 8f 37 a5 8c 15 58 0c 3e d7 5d f4 b3 68 88 8f Aug 26 13:24:39.907914: | 4e 2c d8 c0 c7 29 73 55 0a 57 03 8c 44 f1 af 44 Aug 26 13:24:39.907922: | bc a8 87 3b 1c 89 63 f9 f1 7a bf 98 39 b3 c5 b8 Aug 26 13:24:39.907929: | 64 53 90 5e a0 30 63 96 95 ad 72 7c 13 b1 92 04 Aug 26 13:24:39.907936: | 83 37 b0 0a 0b 33 c2 bd e0 02 09 13 0a 1d 35 e1 Aug 26 13:24:39.907944: | b9 44 f7 86 8b 9c 17 b4 91 5e a2 c3 b8 c9 92 60 Aug 26 13:24:39.907951: | 9b f4 67 94 45 e6 09 d5 41 df 40 c8 1a be b4 59 Aug 26 13:24:39.907958: | cf a8 ab 3c 1b f7 49 16 a0 72 8c 44 4a d7 3f cc Aug 26 13:24:39.907966: | 25 46 44 78 14 04 12 b4 73 4e 40 83 d9 54 a7 4d Aug 26 13:24:39.907973: | 54 96 dc 02 44 fd b0 3e 23 67 77 c8 25 c6 c0 02 Aug 26 13:24:39.907981: | 5d bb 5c b5 47 ab 0e 20 92 9f 0e ff c7 e7 94 90 Aug 26 13:24:39.907988: | 79 3c 77 f0 ac 11 bd 15 29 00 00 24 22 25 ca cd Aug 26 13:24:39.907995: | f7 fd 0d 39 4d 56 7f 8c 31 fd 0a 79 03 af e1 81 Aug 26 13:24:39.908003: | e7 3c 12 91 b3 6c 0b 68 62 5b 1e ee 29 00 00 08 Aug 26 13:24:39.908010: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f5 ee df 46 Aug 26 13:24:39.908017: | 06 1e a6 59 b5 7d e6 54 91 c4 d6 60 32 f8 85 6b Aug 26 13:24:39.908025: | 00 00 00 1c 00 00 40 05 95 45 e8 53 1c 07 c5 5c Aug 26 13:24:39.908032: | b1 87 e6 c5 c7 19 49 3d b1 51 22 d1 Aug 26 13:24:39.908100: | libevent_free: release ptr-libevent@0x56327f945d68 Aug 26 13:24:39.908114: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6188002b78 Aug 26 13:24:39.908135: | #6 spent 0.708 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:24:39.908150: | stop processing: state #6 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:24:40.208620: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:40.208645: shutting down Aug 26 13:24:40.208655: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:24:40.208658: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:24:40.208660: forgetting secrets Aug 26 13:24:40.208667: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:24:40.208671: | unreference key: 0x56327f92e8c8 @east cnt 1-- Aug 26 13:24:40.208676: | unreference key: 0x56327f885c48 @west cnt 1-- Aug 26 13:24:40.208680: | start processing: connection "west" (in delete_connection() at connections.c:189) Aug 26 13:24:40.208683: | removing pending policy for no connection {0x56327f91f3e8} Aug 26 13:24:40.208685: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:24:40.208687: | pass 0 Aug 26 13:24:40.208690: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:24:40.208692: | state #6 Aug 26 13:24:40.208694: | suspend processing: connection "west" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:24:40.208699: | start processing: state #6 connection "west" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:24:40.208701: | pstats #6 ikev2.ike deleted other Aug 26 13:24:40.208706: | #6 spent 2.39 milliseconds in total Aug 26 13:24:40.208709: | [RE]START processing: state #6 connection "west" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:24:40.208718: "west" #6: deleting state (STATE_PARENT_I1) aged 0.803s and NOT sending notification Aug 26 13:24:40.208722: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 13:24:40.208724: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:40.208727: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 13:24:40.208731: | libevent_free: release ptr-libevent@0x7f6188004818 Aug 26 13:24:40.208733: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56327f9313d8 Aug 26 13:24:40.208736: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:24:40.208739: | picked newest_isakmp_sa #0 for #6 Aug 26 13:24:40.208741: "west" #6: deleting IKE SA for connection 'west' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:24:40.208744: | add revival: connection 'west' added to the list and scheduled for 5 seconds Aug 26 13:24:40.208747: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:24:40.208752: | stop processing: connection "west" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:24:40.208754: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:24:40.208756: | in connection_discard for connection west Aug 26 13:24:40.208758: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 13:24:40.208761: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:24:40.208777: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:24:40.208782: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:24:40.208784: | pass 1 Aug 26 13:24:40.208786: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:24:40.208789: | shunt_eroute() called for connection 'west' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:24:40.208792: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:24:40.208795: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:40.208827: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:40.208837: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:40.208840: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:40.208842: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:40.208845: | route owner of "west" unrouted: NULL Aug 26 13:24:40.208848: | running updown command "ipsec _updown" for verb unroute Aug 26 13:24:40.208850: | command executing unroute-client Aug 26 13:24:40.208872: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OU Aug 26 13:24:40.208875: | popen cmd is 1015 chars long Aug 26 13:24:40.208877: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Aug 26 13:24:40.208880: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Aug 26 13:24:40.208882: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Aug 26 13:24:40.208884: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:24:40.208888: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: Aug 26 13:24:40.208890: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: Aug 26 13:24:40.208892: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': Aug 26 13:24:40.208894: | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: Aug 26 13:24:40.208896: | cmd( 640):FS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANE: Aug 26 13:24:40.208898: | cmd( 720):NT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Aug 26 13:24:40.208900: | cmd( 800):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Aug 26 13:24:40.208902: | cmd( 880):0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT: Aug 26 13:24:40.208904: | cmd( 960):I_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:24:40.219161: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219179: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219181: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219184: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219186: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219187: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219189: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219191: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219202: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219213: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219223: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219234: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219246: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219255: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219265: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219275: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219286: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219303: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219313: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219323: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219334: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219345: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219355: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219365: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219375: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219450: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219461: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219472: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.219482: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:24:40.224787: | free hp@0x56327f92e468 Aug 26 13:24:40.224802: | flush revival: connection 'west' revival flushed Aug 26 13:24:40.224808: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:24:40.224822: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:24:40.224824: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:24:40.224834: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:24:40.224839: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:24:40.224841: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:24:40.224843: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:24:40.224845: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:24:40.224847: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:24:40.224850: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:24:40.224860: | libevent_free: release ptr-libevent@0x56327f91ff58 Aug 26 13:24:40.224862: | free_event_entry: release EVENT_NULL-pe@0x56327f92bda8 Aug 26 13:24:40.224870: | libevent_free: release ptr-libevent@0x56327f8b2a78 Aug 26 13:24:40.224871: | free_event_entry: release EVENT_NULL-pe@0x56327f92be58 Aug 26 13:24:40.224878: | libevent_free: release ptr-libevent@0x56327f8b5f08 Aug 26 13:24:40.224880: | free_event_entry: release EVENT_NULL-pe@0x56327f92bf08 Aug 26 13:24:40.224885: | libevent_free: release ptr-libevent@0x56327f8b6a28 Aug 26 13:24:40.224887: | free_event_entry: release EVENT_NULL-pe@0x56327f92bfb8 Aug 26 13:24:40.224892: | libevent_free: release ptr-libevent@0x56327f88a4e8 Aug 26 13:24:40.224894: | free_event_entry: release EVENT_NULL-pe@0x56327f92c068 Aug 26 13:24:40.224898: | libevent_free: release ptr-libevent@0x56327f88a1d8 Aug 26 13:24:40.224900: | free_event_entry: release EVENT_NULL-pe@0x56327f92c118 Aug 26 13:24:40.224904: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:24:40.225269: | libevent_free: release ptr-libevent@0x56327f920008 Aug 26 13:24:40.225274: | free_event_entry: release EVENT_NULL-pe@0x56327f913d78 Aug 26 13:24:40.225278: | libevent_free: release ptr-libevent@0x56327f8b5888 Aug 26 13:24:40.225280: | free_event_entry: release EVENT_NULL-pe@0x56327f913d08 Aug 26 13:24:40.225284: | libevent_free: release ptr-libevent@0x56327f8f7648 Aug 26 13:24:40.225285: | free_event_entry: release EVENT_NULL-pe@0x56327f9131c8 Aug 26 13:24:40.225294: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:24:40.225298: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:24:40.225300: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:24:40.225302: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:24:40.225303: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:24:40.225305: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:24:40.225307: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:24:40.225308: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:24:40.225310: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:24:40.225314: | libevent_free: release ptr-libevent@0x56327f8b6eb8 Aug 26 13:24:40.225316: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:24:40.225318: | libevent_free: release ptr-libevent@0x56327f92b508 Aug 26 13:24:40.225320: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:24:40.225322: | libevent_free: release ptr-libevent@0x56327f92b618 Aug 26 13:24:40.225337: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:24:40.225339: | libevent_free: release ptr-libevent@0x56327f92b858 Aug 26 13:24:40.225340: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:24:40.225342: | releasing event base Aug 26 13:24:40.225351: | libevent_free: release ptr-libevent@0x56327f92b728 Aug 26 13:24:40.225353: | libevent_free: release ptr-libevent@0x56327f90e678 Aug 26 13:24:40.225355: | libevent_free: release ptr-libevent@0x56327f90e628 Aug 26 13:24:40.225357: | libevent_free: release ptr-libevent@0x7f61840027d8 Aug 26 13:24:40.225359: | libevent_free: release ptr-libevent@0x56327f90e578 Aug 26 13:24:40.225361: | libevent_free: release ptr-libevent@0x56327f92b2d8 Aug 26 13:24:40.225363: | libevent_free: release ptr-libevent@0x56327f92b488 Aug 26 13:24:40.225365: | libevent_free: release ptr-libevent@0x56327f90e828 Aug 26 13:24:40.225366: | libevent_free: release ptr-libevent@0x56327f9132d8 Aug 26 13:24:40.225368: | libevent_free: release ptr-libevent@0x56327f913cc8 Aug 26 13:24:40.225369: | libevent_free: release ptr-libevent@0x56327f92c188 Aug 26 13:24:40.225373: | libevent_free: release ptr-libevent@0x56327f92c0d8 Aug 26 13:24:40.225375: | libevent_free: release ptr-libevent@0x56327f92c028 Aug 26 13:24:40.225376: | libevent_free: release ptr-libevent@0x56327f92bf78 Aug 26 13:24:40.225378: | libevent_free: release ptr-libevent@0x56327f92bec8 Aug 26 13:24:40.225379: | libevent_free: release ptr-libevent@0x56327f92be18 Aug 26 13:24:40.225381: | libevent_free: release ptr-libevent@0x56327f8b2318 Aug 26 13:24:40.225383: | libevent_free: release ptr-libevent@0x56327f92b5d8 Aug 26 13:24:40.225384: | libevent_free: release ptr-libevent@0x56327f92b4c8 Aug 26 13:24:40.225386: | libevent_free: release ptr-libevent@0x56327f92b448 Aug 26 13:24:40.225388: | libevent_free: release ptr-libevent@0x56327f92b6e8 Aug 26 13:24:40.225404: | libevent_free: release ptr-libevent@0x56327f92b318 Aug 26 13:24:40.225406: | libevent_free: release ptr-libevent@0x56327f889908 Aug 26 13:24:40.225408: | libevent_free: release ptr-libevent@0x56327f889d38 Aug 26 13:24:40.225410: | libevent_free: release ptr-libevent@0x56327f8b2688 Aug 26 13:24:40.225411: | releasing global libevent data Aug 26 13:24:40.225413: | libevent_free: release ptr-libevent@0x56327f88ef78 Aug 26 13:24:40.225415: | libevent_free: release ptr-libevent@0x56327f889cd8 Aug 26 13:24:40.225417: | libevent_free: release ptr-libevent@0x56327f889dd8 Aug 26 13:24:40.225447: leak detective found no leaks