Aug 26 13:23:26.618299: FIPS Product: YES
Aug 26 13:23:26.618386: FIPS Kernel: NO
Aug 26 13:23:26.618388: FIPS Mode: NO
Aug 26 13:23:26.618390: NSS DB directory: sql:/etc/ipsec.d
Aug 26 13:23:26.618494: Initializing NSS
Aug 26 13:23:26.618499: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 13:23:26.642491: NSS initialized
Aug 26 13:23:26.642503: NSS crypto library initialized
Aug 26 13:23:26.642505: FIPS HMAC integrity support [enabled]
Aug 26 13:23:26.642506: FIPS mode disabled for pluto daemon
Aug 26 13:23:26.669702: FIPS HMAC integrity verification self-test FAILED
Aug 26 13:23:26.669789: libcap-ng support [enabled]
Aug 26 13:23:26.669798: Linux audit support [enabled]
Aug 26 13:23:26.669827: Linux audit activated
Aug 26 13:23:26.669831: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8364
Aug 26 13:23:26.669833: core dump dir: /tmp
Aug 26 13:23:26.669834: secrets file: /etc/ipsec.secrets
Aug 26 13:23:26.669836: leak-detective enabled
Aug 26 13:23:26.669837: NSS crypto [enabled]
Aug 26 13:23:26.669839: XAUTH PAM support [enabled]
Aug 26 13:23:26.669895: | libevent is using pluto's memory allocator
Aug 26 13:23:26.669904: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 13:23:26.669916: | libevent_malloc: new ptr-libevent@0x56286c4a7ba8 size 40
Aug 26 13:23:26.669919: | libevent_malloc: new ptr-libevent@0x56286c4a7cd8 size 40
Aug 26 13:23:26.669921: | libevent_malloc: new ptr-libevent@0x56286c4a7dd8 size 40
Aug 26 13:23:26.669922: | creating event base
Aug 26 13:23:26.669924: | libevent_malloc: new ptr-libevent@0x56286c52c4c8 size 56
Aug 26 13:23:26.669928: | libevent_malloc: new ptr-libevent@0x56286c4d04d8 size 664
Aug 26 13:23:26.669937: | libevent_malloc: new ptr-libevent@0x56286c52c538 size 24
Aug 26 13:23:26.669939: | libevent_malloc: new ptr-libevent@0x56286c52c588 size 384
Aug 26 13:23:26.669947: | libevent_malloc: new ptr-libevent@0x56286c52c488 size 16
Aug 26 13:23:26.669948: | libevent_malloc: new ptr-libevent@0x56286c4a7908 size 40
Aug 26 13:23:26.669950: | libevent_malloc: new ptr-libevent@0x56286c4a7d38 size 48
Aug 26 13:23:26.669954: | libevent_realloc: new ptr-libevent@0x56286c4d0168 size 256
Aug 26 13:23:26.669955: | libevent_malloc: new ptr-libevent@0x56286c52c738 size 16
Aug 26 13:23:26.669959: | libevent_free: release ptr-libevent@0x56286c52c4c8
Aug 26 13:23:26.669962: | libevent initialized
Aug 26 13:23:26.669965: | libevent_realloc: new ptr-libevent@0x56286c52c4c8 size 64
Aug 26 13:23:26.669967: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 13:23:26.669977: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 13:23:26.669979: NAT-Traversal support  [enabled]
Aug 26 13:23:26.669981: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 13:23:26.669985: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 13:23:26.669991: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 13:23:26.670018: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 13:23:26.670021: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 13:23:26.670023: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 13:23:26.670055: Encryption algorithms:
Aug 26 13:23:26.670061:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 13:23:26.670064:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 13:23:26.670066:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 13:23:26.670069:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 13:23:26.670071:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 13:23:26.670078:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 13:23:26.670080:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 13:23:26.670083:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 13:23:26.670085:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 13:23:26.670087:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 13:23:26.670089:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 13:23:26.670092:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 13:23:26.670094:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 13:23:26.670096:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 13:23:26.670099:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 13:23:26.670101:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 13:23:26.670103:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 13:23:26.670108: Hash algorithms:
Aug 26 13:23:26.670110:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 13:23:26.670112:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 13:23:26.670114:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 13:23:26.670116:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 13:23:26.670118:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 13:23:26.670126: PRF algorithms:
Aug 26 13:23:26.670128:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 13:23:26.670130:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 13:23:26.670132:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 13:23:26.670134:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 13:23:26.670136:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 13:23:26.670138:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 13:23:26.670154: Integrity algorithms:
Aug 26 13:23:26.670156:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 13:23:26.670159:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 13:23:26.670161:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 13:23:26.670163:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 13:23:26.670166:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 13:23:26.670168:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 13:23:26.670170:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 13:23:26.670172:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 13:23:26.670174:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 13:23:26.670182: DH algorithms:
Aug 26 13:23:26.670184:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 13:23:26.670186:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 13:23:26.670188:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 13:23:26.670191:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 13:23:26.670193:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 13:23:26.670195:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 13:23:26.670197:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 13:23:26.670199:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 13:23:26.670201:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 13:23:26.670202:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 13:23:26.670204:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 13:23:26.670206: testing CAMELLIA_CBC:
Aug 26 13:23:26.670209:   Camellia: 16 bytes with 128-bit key
Aug 26 13:23:26.670303:   Camellia: 16 bytes with 128-bit key
Aug 26 13:23:26.670341:   Camellia: 16 bytes with 256-bit key
Aug 26 13:23:26.670375:   Camellia: 16 bytes with 256-bit key
Aug 26 13:23:26.670392: testing AES_GCM_16:
Aug 26 13:23:26.670394:   empty string
Aug 26 13:23:26.670412:   one block
Aug 26 13:23:26.670429:   two blocks
Aug 26 13:23:26.670445:   two blocks with associated data
Aug 26 13:23:26.670461: testing AES_CTR:
Aug 26 13:23:26.670463:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 13:23:26.670479:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 13:23:26.670496:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 13:23:26.670515:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 13:23:26.670532:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 13:23:26.670548:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 13:23:26.670565:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 13:23:26.670580:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 13:23:26.670597:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 13:23:26.670614: testing AES_CBC:
Aug 26 13:23:26.670616:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 13:23:26.670632:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:26.670649:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:26.670666:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:26.670686: testing AES_XCBC:
Aug 26 13:23:26.670688:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 13:23:26.670761:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 13:23:26.670846:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 13:23:26.670919:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 13:23:26.670993:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 13:23:26.671068:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 13:23:26.671143:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 13:23:26.671337:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 13:23:26.671428:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 13:23:26.671509:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 13:23:26.671648: testing HMAC_MD5:
Aug 26 13:23:26.671651:   RFC 2104: MD5_HMAC test 1
Aug 26 13:23:26.671755:   RFC 2104: MD5_HMAC test 2
Aug 26 13:23:26.671846:   RFC 2104: MD5_HMAC test 3
Aug 26 13:23:26.671965: 8 CPU cores online
Aug 26 13:23:26.671969: starting up 7 crypto helpers
Aug 26 13:23:26.671994: started thread for crypto helper 0
Aug 26 13:23:26.672009: started thread for crypto helper 1
Aug 26 13:23:26.672042: | starting up helper thread 0
Aug 26 13:23:26.672048: started thread for crypto helper 2
Aug 26 13:23:26.672054: | starting up helper thread 2
Aug 26 13:23:26.672061: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 13:23:26.672075: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 13:23:26.672048: | starting up helper thread 1
Aug 26 13:23:26.672094: | crypto helper 0 waiting (nothing to do)
Aug 26 13:23:26.672120: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 13:23:26.672119: started thread for crypto helper 3
Aug 26 13:23:26.672121: | starting up helper thread 3
Aug 26 13:23:26.672126: | crypto helper 1 waiting (nothing to do)
Aug 26 13:23:26.672134: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 13:23:26.672139: | crypto helper 3 waiting (nothing to do)
Aug 26 13:23:26.672146: | crypto helper 2 waiting (nothing to do)
Aug 26 13:23:26.672147: started thread for crypto helper 4
Aug 26 13:23:26.672149: | starting up helper thread 4
Aug 26 13:23:26.672160: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 13:23:26.672164: | crypto helper 4 waiting (nothing to do)
Aug 26 13:23:26.672171: started thread for crypto helper 5
Aug 26 13:23:26.672188: started thread for crypto helper 6
Aug 26 13:23:26.672189: | starting up helper thread 6
Aug 26 13:23:26.672192: | checking IKEv1 state table
Aug 26 13:23:26.672196: | starting up helper thread 5
Aug 26 13:23:26.672205: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672198: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 13:23:26.672208: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 13:23:26.672207: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 13:23:26.672211: | crypto helper 6 waiting (nothing to do)
Aug 26 13:23:26.672214: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672219: | crypto helper 5 waiting (nothing to do)
Aug 26 13:23:26.672220: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 13:23:26.672226: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 13:23:26.672228: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 13:23:26.672229: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:26.672231: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:26.672233: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 13:23:26.672234: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 13:23:26.672236: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:26.672238: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:26.672239: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 13:23:26.672241: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:26.672242: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:26.672244: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 13:23:26.672246: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 13:23:26.672247: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:26.672249: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:26.672250: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 13:23:26.672252: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 13:23:26.672254: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672256: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 13:23:26.672257: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672259: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672261: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 13:23:26.672262: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672264: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 13:23:26.672265: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 13:23:26.672267: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 13:23:26.672269: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 13:23:26.672270: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 13:23:26.672272: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 13:23:26.672274: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672275: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 13:23:26.672277: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672279: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 13:23:26.672280: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 13:23:26.672285: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 13:23:26.672287: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 13:23:26.672295: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 13:23:26.672297: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 13:23:26.672299: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 13:23:26.672301: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672302: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 13:23:26.672304: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672306: |   INFO: category: informational flags: 0:
Aug 26 13:23:26.672307: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672309: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 13:23:26.672311: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672312: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 13:23:26.672327: |     -> XAUTH_R1 EVENT_NULL
Aug 26 13:23:26.672329: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 13:23:26.672330: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:26.672332: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 13:23:26.672333: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 13:23:26.672335: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 13:23:26.672337: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 13:23:26.672338: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 13:23:26.672340: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:26.672342: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 13:23:26.672343: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:26.672345: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 13:23:26.672346: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 13:23:26.672348: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 13:23:26.672350: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 13:23:26.672355: | checking IKEv2 state table
Aug 26 13:23:26.672359: |   PARENT_I0: category: ignore flags: 0:
Aug 26 13:23:26.672361: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 13:23:26.672363: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672365: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 13:23:26.672367: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 13:23:26.672369: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 13:23:26.672370: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 13:23:26.672372: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 13:23:26.672374: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 13:23:26.672376: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 13:23:26.672378: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 13:23:26.672379: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 13:23:26.672381: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 13:23:26.672383: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 13:23:26.672384: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 13:23:26.672386: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 13:23:26.672388: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672390: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 13:23:26.672391: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 13:23:26.672393: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 13:23:26.672395: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 13:23:26.672397: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 13:23:26.672399: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 13:23:26.672402: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 13:23:26.672404: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 13:23:26.672405: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 13:23:26.672407: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 13:23:26.672409: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 13:23:26.672411: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 13:23:26.672413: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 13:23:26.672415: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 13:23:26.672416: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 13:23:26.672418: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 13:23:26.672420: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 13:23:26.672422: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 13:23:26.672424: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 13:23:26.672426: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 13:23:26.672427: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 13:23:26.672429: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 13:23:26.672431: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 13:23:26.672433: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 13:23:26.672435: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 13:23:26.672436: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 13:23:26.672438: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 13:23:26.672440: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 13:23:26.672442: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 13:23:26.672444: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 13:23:26.672453: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 13:23:26.672711: | Hard-wiring algorithms
Aug 26 13:23:26.672714: | adding AES_CCM_16 to kernel algorithm db
Aug 26 13:23:26.672717: | adding AES_CCM_12 to kernel algorithm db
Aug 26 13:23:26.672719: | adding AES_CCM_8 to kernel algorithm db
Aug 26 13:23:26.672721: | adding 3DES_CBC to kernel algorithm db
Aug 26 13:23:26.672722: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 13:23:26.672724: | adding AES_GCM_16 to kernel algorithm db
Aug 26 13:23:26.672726: | adding AES_GCM_12 to kernel algorithm db
Aug 26 13:23:26.672727: | adding AES_GCM_8 to kernel algorithm db
Aug 26 13:23:26.672729: | adding AES_CTR to kernel algorithm db
Aug 26 13:23:26.672731: | adding AES_CBC to kernel algorithm db
Aug 26 13:23:26.672732: | adding SERPENT_CBC to kernel algorithm db
Aug 26 13:23:26.672734: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 13:23:26.672736: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 13:23:26.672737: | adding NULL to kernel algorithm db
Aug 26 13:23:26.672739: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 13:23:26.672741: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 13:23:26.672743: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 13:23:26.672744: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 13:23:26.672746: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 13:23:26.672747: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 13:23:26.672749: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 13:23:26.672750: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 13:23:26.672752: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 13:23:26.672754: | adding NONE to kernel algorithm db
Aug 26 13:23:26.672770: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 13:23:26.672775: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 13:23:26.672776: | setup kernel fd callback
Aug 26 13:23:26.672778: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56286c531078
Aug 26 13:23:26.672782: | libevent_malloc: new ptr-libevent@0x56286c515508 size 128
Aug 26 13:23:26.672784: | libevent_malloc: new ptr-libevent@0x56286c531188 size 16
Aug 26 13:23:26.672788: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56286c531bb8
Aug 26 13:23:26.672790: | libevent_malloc: new ptr-libevent@0x56286c4d1978 size 128
Aug 26 13:23:26.672792: | libevent_malloc: new ptr-libevent@0x56286c531b78 size 16
Aug 26 13:23:26.672928: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 13:23:26.672935: selinux support is enabled.
Aug 26 13:23:26.673370: | unbound context created - setting debug level to 5
Aug 26 13:23:26.673393: | /etc/hosts lookups activated
Aug 26 13:23:26.673401: | /etc/resolv.conf usage activated
Aug 26 13:23:26.673437: | outgoing-port-avoid set 0-65535
Aug 26 13:23:26.673454: | outgoing-port-permit set 32768-60999
Aug 26 13:23:26.673456: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 13:23:26.673458: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 13:23:26.673460: | Setting up events, loop start
Aug 26 13:23:26.673463: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56286c531c28
Aug 26 13:23:26.673465: | libevent_malloc: new ptr-libevent@0x56286c53dda8 size 128
Aug 26 13:23:26.673467: | libevent_malloc: new ptr-libevent@0x56286c549078 size 16
Aug 26 13:23:26.673471: | libevent_realloc: new ptr-libevent@0x56286c5490b8 size 256
Aug 26 13:23:26.673473: | libevent_malloc: new ptr-libevent@0x56286c5491e8 size 8
Aug 26 13:23:26.673476: | libevent_realloc: new ptr-libevent@0x56286c4a3918 size 144
Aug 26 13:23:26.673477: | libevent_malloc: new ptr-libevent@0x56286c4d1038 size 152
Aug 26 13:23:26.673480: | libevent_malloc: new ptr-libevent@0x56286c549228 size 16
Aug 26 13:23:26.673483: | signal event handler PLUTO_SIGCHLD installed
Aug 26 13:23:26.673485: | libevent_malloc: new ptr-libevent@0x56286c549268 size 8
Aug 26 13:23:26.673489: | libevent_malloc: new ptr-libevent@0x56286c4d4fd8 size 152
Aug 26 13:23:26.673491: | signal event handler PLUTO_SIGTERM installed
Aug 26 13:23:26.673493: | libevent_malloc: new ptr-libevent@0x56286c5492a8 size 8
Aug 26 13:23:26.673494: | libevent_malloc: new ptr-libevent@0x56286c5492e8 size 152
Aug 26 13:23:26.673496: | signal event handler PLUTO_SIGHUP installed
Aug 26 13:23:26.673498: | libevent_malloc: new ptr-libevent@0x56286c5493b8 size 8
Aug 26 13:23:26.673500: | libevent_realloc: release ptr-libevent@0x56286c4a3918
Aug 26 13:23:26.673502: | libevent_realloc: new ptr-libevent@0x56286c5493f8 size 256
Aug 26 13:23:26.673504: | libevent_malloc: new ptr-libevent@0x56286c549528 size 152
Aug 26 13:23:26.673506: | signal event handler PLUTO_SIGSYS installed
Aug 26 13:23:26.673761: | created addconn helper (pid:8381) using fork+execve
Aug 26 13:23:26.673774: | forked child 8381
Aug 26 13:23:26.675190: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.675362: listening for IKE messages
Aug 26 13:23:26.675606: | Inspecting interface lo 
Aug 26 13:23:26.675612: | found lo with address 127.0.0.1
Aug 26 13:23:26.675614: | Inspecting interface eth0 
Aug 26 13:23:26.675617: | found eth0 with address 192.0.2.254
Aug 26 13:23:26.675620: | Inspecting interface eth0 
Aug 26 13:23:26.675622: | found eth0 with address 192.0.200.254
Aug 26 13:23:26.675624: | Inspecting interface eth1 
Aug 26 13:23:26.675627: | found eth1 with address 192.1.2.23
Aug 26 13:23:26.675691: Kernel supports NIC esp-hw-offload
Aug 26 13:23:26.675699: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 13:23:26.675731: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:26.675735: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:26.675741: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 13:23:26.675761: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.200.254:500
Aug 26 13:23:26.675775: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:26.675778: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:26.675780: adding interface eth0/eth0 192.0.200.254:4500
Aug 26 13:23:26.675797: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 13:23:26.675812: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:26.675815: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:26.675818: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 13:23:26.675833: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 13:23:26.675849: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:26.675852: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:26.675854: adding interface lo/lo 127.0.0.1:4500
Aug 26 13:23:26.675909: | no interfaces to sort
Aug 26 13:23:26.675913: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 13:23:26.675920: | add_fd_read_event_handler: new ethX-pe@0x56286c549b58
Aug 26 13:23:26.675922: | libevent_malloc: new ptr-libevent@0x56286c53dcf8 size 128
Aug 26 13:23:26.675924: | libevent_malloc: new ptr-libevent@0x56286c549bc8 size 16
Aug 26 13:23:26.675929: | setup callback for interface lo 127.0.0.1:4500 fd 24
Aug 26 13:23:26.675931: | add_fd_read_event_handler: new ethX-pe@0x56286c549c08
Aug 26 13:23:26.675933: | libevent_malloc: new ptr-libevent@0x56286c4d35d8 size 128
Aug 26 13:23:26.675935: | libevent_malloc: new ptr-libevent@0x56286c549c78 size 16
Aug 26 13:23:26.675938: | setup callback for interface lo 127.0.0.1:500 fd 23
Aug 26 13:23:26.675940: | add_fd_read_event_handler: new ethX-pe@0x56286c549cb8
Aug 26 13:23:26.675941: | libevent_malloc: new ptr-libevent@0x56286c4d34d8 size 128
Aug 26 13:23:26.675943: | libevent_malloc: new ptr-libevent@0x56286c549d28 size 16
Aug 26 13:23:26.675946: | setup callback for interface eth0 192.0.2.254:4500 fd 22
Aug 26 13:23:26.675948: | add_fd_read_event_handler: new ethX-pe@0x56286c549d68
Aug 26 13:23:26.675951: | libevent_malloc: new ptr-libevent@0x56286c4d4b48 size 128
Aug 26 13:23:26.675953: | libevent_malloc: new ptr-libevent@0x56286c549dd8 size 16
Aug 26 13:23:26.675956: | setup callback for interface eth0 192.0.2.254:500 fd 21
Aug 26 13:23:26.675958: | add_fd_read_event_handler: new ethX-pe@0x56286c549e18
Aug 26 13:23:26.675960: | libevent_malloc: new ptr-libevent@0x56286c4a84e8 size 128
Aug 26 13:23:26.675962: | libevent_malloc: new ptr-libevent@0x56286c549e88 size 16
Aug 26 13:23:26.675965: | setup callback for interface eth0 192.0.200.254:4500 fd 20
Aug 26 13:23:26.675967: | add_fd_read_event_handler: new ethX-pe@0x56286c549ec8
Aug 26 13:23:26.675969: | libevent_malloc: new ptr-libevent@0x56286c4a81d8 size 128
Aug 26 13:23:26.675970: | libevent_malloc: new ptr-libevent@0x56286c549f38 size 16
Aug 26 13:23:26.675973: | setup callback for interface eth0 192.0.200.254:500 fd 19
Aug 26 13:23:26.675975: | add_fd_read_event_handler: new ethX-pe@0x56286c549f78
Aug 26 13:23:26.675977: | libevent_malloc: new ptr-libevent@0x56286c54a598 size 128
Aug 26 13:23:26.675979: | libevent_malloc: new ptr-libevent@0x56286c549fe8 size 16
Aug 26 13:23:26.675983: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 13:23:26.675985: | add_fd_read_event_handler: new ethX-pe@0x56286c54a648
Aug 26 13:23:26.675987: | libevent_malloc: new ptr-libevent@0x56286c54a6b8 size 128
Aug 26 13:23:26.675989: | libevent_malloc: new ptr-libevent@0x56286c54a768 size 16
Aug 26 13:23:26.675992: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 13:23:26.675995: | certs and keys locked by 'free_preshared_secrets'
Aug 26 13:23:26.675997: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 13:23:26.676066: loading secrets from "/etc/ipsec.secrets"
Aug 26 13:23:26.676074: | id type added to secret(0x56286c4a3b58) PKK_PSK: @west
Aug 26 13:23:26.676077: | id type added to secret(0x56286c4a3b58) PKK_PSK: @east
Aug 26 13:23:26.676080: | Processing PSK at line 1: passed
Aug 26 13:23:26.676081: | certs and keys locked by 'process_secret'
Aug 26 13:23:26.676084: | certs and keys unlocked by 'process_secret'
Aug 26 13:23:26.676090: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.676095: | spent 0.889 milliseconds in whack
Aug 26 13:23:26.690892: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.690910: listening for IKE messages
Aug 26 13:23:26.690935: | Inspecting interface lo 
Aug 26 13:23:26.690940: | found lo with address 127.0.0.1
Aug 26 13:23:26.690942: | Inspecting interface eth0 
Aug 26 13:23:26.690945: | found eth0 with address 192.0.2.254
Aug 26 13:23:26.690946: | Inspecting interface eth0 
Aug 26 13:23:26.690949: | found eth0 with address 192.0.200.254
Aug 26 13:23:26.690950: | Inspecting interface eth1 
Aug 26 13:23:26.690953: | found eth1 with address 192.1.2.23
Aug 26 13:23:26.690991: | no interfaces to sort
Aug 26 13:23:26.690998: | libevent_free: release ptr-libevent@0x56286c53dcf8
Aug 26 13:23:26.691000: | free_event_entry: release EVENT_NULL-pe@0x56286c549b58
Aug 26 13:23:26.691002: | add_fd_read_event_handler: new ethX-pe@0x56286c549b58
Aug 26 13:23:26.691004: | libevent_malloc: new ptr-libevent@0x56286c53dcf8 size 128
Aug 26 13:23:26.691009: | setup callback for interface lo 127.0.0.1:4500 fd 24
Aug 26 13:23:26.691012: | libevent_free: release ptr-libevent@0x56286c4d35d8
Aug 26 13:23:26.691013: | free_event_entry: release EVENT_NULL-pe@0x56286c549c08
Aug 26 13:23:26.691015: | add_fd_read_event_handler: new ethX-pe@0x56286c549c08
Aug 26 13:23:26.691017: | libevent_malloc: new ptr-libevent@0x56286c4d35d8 size 128
Aug 26 13:23:26.691020: | setup callback for interface lo 127.0.0.1:500 fd 23
Aug 26 13:23:26.691022: | libevent_free: release ptr-libevent@0x56286c4d34d8
Aug 26 13:23:26.691024: | free_event_entry: release EVENT_NULL-pe@0x56286c549cb8
Aug 26 13:23:26.691026: | add_fd_read_event_handler: new ethX-pe@0x56286c549cb8
Aug 26 13:23:26.691028: | libevent_malloc: new ptr-libevent@0x56286c4d34d8 size 128
Aug 26 13:23:26.691030: | setup callback for interface eth0 192.0.2.254:4500 fd 22
Aug 26 13:23:26.691033: | libevent_free: release ptr-libevent@0x56286c4d4b48
Aug 26 13:23:26.691035: | free_event_entry: release EVENT_NULL-pe@0x56286c549d68
Aug 26 13:23:26.691036: | add_fd_read_event_handler: new ethX-pe@0x56286c549d68
Aug 26 13:23:26.691038: | libevent_malloc: new ptr-libevent@0x56286c4d4b48 size 128
Aug 26 13:23:26.691041: | setup callback for interface eth0 192.0.2.254:500 fd 21
Aug 26 13:23:26.691044: | libevent_free: release ptr-libevent@0x56286c4a84e8
Aug 26 13:23:26.691045: | free_event_entry: release EVENT_NULL-pe@0x56286c549e18
Aug 26 13:23:26.691047: | add_fd_read_event_handler: new ethX-pe@0x56286c549e18
Aug 26 13:23:26.691049: | libevent_malloc: new ptr-libevent@0x56286c4a84e8 size 128
Aug 26 13:23:26.691052: | setup callback for interface eth0 192.0.200.254:4500 fd 20
Aug 26 13:23:26.691054: | libevent_free: release ptr-libevent@0x56286c4a81d8
Aug 26 13:23:26.691056: | free_event_entry: release EVENT_NULL-pe@0x56286c549ec8
Aug 26 13:23:26.691058: | add_fd_read_event_handler: new ethX-pe@0x56286c549ec8
Aug 26 13:23:26.691059: | libevent_malloc: new ptr-libevent@0x56286c4a81d8 size 128
Aug 26 13:23:26.691062: | setup callback for interface eth0 192.0.200.254:500 fd 19
Aug 26 13:23:26.691065: | libevent_free: release ptr-libevent@0x56286c54a598
Aug 26 13:23:26.691066: | free_event_entry: release EVENT_NULL-pe@0x56286c549f78
Aug 26 13:23:26.691068: | add_fd_read_event_handler: new ethX-pe@0x56286c549f78
Aug 26 13:23:26.691070: | libevent_malloc: new ptr-libevent@0x56286c54a598 size 128
Aug 26 13:23:26.691073: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 13:23:26.691075: | libevent_free: release ptr-libevent@0x56286c54a6b8
Aug 26 13:23:26.691080: | free_event_entry: release EVENT_NULL-pe@0x56286c54a648
Aug 26 13:23:26.691082: | add_fd_read_event_handler: new ethX-pe@0x56286c54a648
Aug 26 13:23:26.691083: | libevent_malloc: new ptr-libevent@0x56286c54a6b8 size 128
Aug 26 13:23:26.691086: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 13:23:26.691088: | certs and keys locked by 'free_preshared_secrets'
Aug 26 13:23:26.691090: forgetting secrets
Aug 26 13:23:26.691095: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 13:23:26.691105: loading secrets from "/etc/ipsec.secrets"
Aug 26 13:23:26.691111: | id type added to secret(0x56286c4a3b58) PKK_PSK: @west
Aug 26 13:23:26.691113: | id type added to secret(0x56286c4a3b58) PKK_PSK: @east
Aug 26 13:23:26.691116: | Processing PSK at line 1: passed
Aug 26 13:23:26.691118: | certs and keys locked by 'process_secret'
Aug 26 13:23:26.691119: | certs and keys unlocked by 'process_secret'
Aug 26 13:23:26.691126: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.691130: | spent 0.245 milliseconds in whack
Aug 26 13:23:26.691483: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:26.691497: | waitpid returned pid 8381 (exited with status 0)
Aug 26 13:23:26.691500: | reaped addconn helper child (status 0)
Aug 26 13:23:26.691504: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:26.691507: | spent 0.0139 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:26.761866: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.761894: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.761898: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.761901: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.761904: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.761908: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.761916: | Added new connection westnet-eastnet-ikev2a with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.761976: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 13:23:26.761980: | from whack: got --esp=
Aug 26 13:23:26.762018: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 13:23:26.762024: | counting wild cards for @west is 0
Aug 26 13:23:26.762028: | counting wild cards for @east is 0
Aug 26 13:23:26.762038: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 13:23:26.762041: | new hp@0x56286c54c678
Aug 26 13:23:26.762045: added connection description "westnet-eastnet-ikev2a"
Aug 26 13:23:26.762057: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.762068: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 13:23:26.762076: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.762084: | spent 0.229 milliseconds in whack
Aug 26 13:23:26.762179: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.762196: add keyid @west
Aug 26 13:23:26.762203: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 13:23:26.762207: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 13:23:26.762210: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 13:23:26.762221: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 13:23:26.762225: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 13:23:26.762229: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 13:23:26.762232: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 13:23:26.762236: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 13:23:26.762240: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 13:23:26.762243: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 13:23:26.762247: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 13:23:26.762250: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 13:23:26.762254: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 13:23:26.762257: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 13:23:26.762261: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 13:23:26.762264: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 13:23:26.762268: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 13:23:26.762271: | add pubkey  15 04 37 f9
Aug 26 13:23:26.762329: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 13:23:26.762340: | computed rsa CKAID  7f 0f 03 50
Aug 26 13:23:26.762360: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.762369: | spent 0.192 milliseconds in whack
Aug 26 13:23:26.762398: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.762411: add keyid @east
Aug 26 13:23:26.762415: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 13:23:26.762418: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 13:23:26.762420: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 13:23:26.762423: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 13:23:26.762425: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 13:23:26.762428: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 13:23:26.762430: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 13:23:26.762433: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 13:23:26.762435: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 13:23:26.762438: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 13:23:26.762440: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 13:23:26.762456: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 13:23:26.762458: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 13:23:26.762460: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 13:23:26.762463: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 13:23:26.762465: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 13:23:26.762467: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 13:23:26.762469: | add pubkey  51 51 48 ef
Aug 26 13:23:26.762480: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 13:23:26.762482: | computed rsa CKAID  8a 82 25 f1
Aug 26 13:23:26.762491: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.762495: | spent 0.103 milliseconds in whack
Aug 26 13:23:26.877424: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.877466: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.877470: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.877472: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.877474: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.877487: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.877494: | Added new connection westnet-eastnet-ikev2b with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.877540: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 13:23:26.877543: | from whack: got --esp=
Aug 26 13:23:26.877572: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 13:23:26.877576: | counting wild cards for @west is 0
Aug 26 13:23:26.877579: | counting wild cards for @east is 0
Aug 26 13:23:26.877586: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:26.877590: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@0x56286c54c678: westnet-eastnet-ikev2a
Aug 26 13:23:26.877592: added connection description "westnet-eastnet-ikev2b"
Aug 26 13:23:26.877602: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.877611: | 192.0.211.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 13:23:26.877617: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.877623: | spent 0.21 milliseconds in whack
Aug 26 13:23:26.877724: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.877740: add keyid @west
Aug 26 13:23:26.877745: | unreference key: 0x56286c4a3c48 @west cnt 1--
Aug 26 13:23:26.877751: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 13:23:26.877754: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 13:23:26.877756: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 13:23:26.877758: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 13:23:26.877760: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 13:23:26.877762: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 13:23:26.877764: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 13:23:26.877766: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 13:23:26.877768: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 13:23:26.877770: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 13:23:26.877772: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 13:23:26.877774: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 13:23:26.877776: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 13:23:26.877778: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 13:23:26.877780: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 13:23:26.877782: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 13:23:26.877784: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 13:23:26.877785: | add pubkey  15 04 37 f9
Aug 26 13:23:26.877803: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 13:23:26.877805: | computed rsa CKAID  7f 0f 03 50
Aug 26 13:23:26.877815: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.877821: | spent 0.103 milliseconds in whack
Aug 26 13:23:26.877893: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.877908: add keyid @east
Aug 26 13:23:26.877917: | unreference key: 0x56286c54cab8 @east cnt 1--
Aug 26 13:23:26.877921: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 13:23:26.877924: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 13:23:26.877926: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 13:23:26.877928: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 13:23:26.877930: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 13:23:26.877932: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 13:23:26.877934: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 13:23:26.877936: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 13:23:26.877938: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 13:23:26.877940: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 13:23:26.877942: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 13:23:26.877944: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 13:23:26.877946: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 13:23:26.877948: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 13:23:26.877950: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 13:23:26.877952: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 13:23:26.877954: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 13:23:26.877956: | add pubkey  51 51 48 ef
Aug 26 13:23:26.877967: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 13:23:26.877969: | computed rsa CKAID  8a 82 25 f1
Aug 26 13:23:26.877979: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.877984: | spent 0.0973 milliseconds in whack
Aug 26 13:23:26.953491: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.953509: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.953512: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.953514: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.953515: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:26.953522: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:26.953527: | Added new connection westnet-eastnet-ikev2c with policy PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.953564: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 13:23:26.953566: | from whack: got --esp=
Aug 26 13:23:26.953588: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 13:23:26.953592: | counting wild cards for @west is 0
Aug 26 13:23:26.953594: | counting wild cards for @east is 0
Aug 26 13:23:26.953600: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:26.953603: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@0x56286c54c678: westnet-eastnet-ikev2b
Aug 26 13:23:26.953605: added connection description "westnet-eastnet-ikev2c"
Aug 26 13:23:26.953612: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:26.953619: | 192.0.212.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 13:23:26.953624: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.953633: | spent 0.15 milliseconds in whack
Aug 26 13:23:26.953711: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.953723: add keyid @west
Aug 26 13:23:26.953728: | unreference key: 0x56286c4a3c48 @west cnt 1--
Aug 26 13:23:26.953733: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 13:23:26.953735: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 13:23:26.953737: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 13:23:26.953738: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 13:23:26.953740: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 13:23:26.953741: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 13:23:26.953743: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 13:23:26.953744: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 13:23:26.953746: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 13:23:26.953747: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 13:23:26.953749: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 13:23:26.953750: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 13:23:26.953752: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 13:23:26.953754: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 13:23:26.953755: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 13:23:26.953757: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 13:23:26.953758: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 13:23:26.953760: | add pubkey  15 04 37 f9
Aug 26 13:23:26.953775: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 13:23:26.953777: | computed rsa CKAID  7f 0f 03 50
Aug 26 13:23:26.953785: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.953789: | spent 0.0826 milliseconds in whack
Aug 26 13:23:26.953873: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:26.953888: add keyid @east
Aug 26 13:23:26.953906: | unreference key: 0x56286c54cab8 @east cnt 1--
Aug 26 13:23:26.953912: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 13:23:26.953915: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 13:23:26.953918: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 13:23:26.953921: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 13:23:26.953924: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 13:23:26.953927: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 13:23:26.953930: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 13:23:26.953933: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 13:23:26.953936: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 13:23:26.953938: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 13:23:26.953941: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 13:23:26.953944: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 13:23:26.953947: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 13:23:26.953950: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 13:23:26.953953: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 13:23:26.953956: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 13:23:26.953959: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 13:23:26.953962: | add pubkey  51 51 48 ef
Aug 26 13:23:26.953973: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 13:23:26.953980: | computed rsa CKAID  8a 82 25 f1
Aug 26 13:23:26.953992: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:26.953998: | spent 0.144 milliseconds in whack
Aug 26 13:23:28.677325: | spent 0.0131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:23:28.677447: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:23:28.677466: |   59 f7 c6 c0  66 87 83 a1  00 00 00 00  00 00 00 00
Aug 26 13:23:28.677480: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 13:23:28.677493: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 13:23:28.677506: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 13:23:28.677518: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 13:23:28.677531: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 13:23:28.677543: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 13:23:28.677556: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 13:23:28.677567: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 13:23:28.677579: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 13:23:28.677590: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 13:23:28.677598: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 13:23:28.677606: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 13:23:28.677613: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 13:23:28.677621: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 13:23:28.677628: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 13:23:28.677636: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 13:23:28.677643: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 13:23:28.677651: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 13:23:28.677658: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 13:23:28.677666: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 13:23:28.677674: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 13:23:28.677681: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 13:23:28.677689: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 13:23:28.677696: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 13:23:28.677704: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 13:23:28.677711: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 13:23:28.677719: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 13:23:28.677726: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 13:23:28.677734: |   28 00 01 08  00 0e 00 00  fb 88 9b 55  6f 4a 80 be
Aug 26 13:23:28.677741: |   c5 ad ba 5d  81 45 f3 70  3c 9e ad e2  52 97 58 57
Aug 26 13:23:28.677749: |   c4 5e 3c d2  d7 01 a0 c1  62 2a 9e c1  fa 41 3e f7
Aug 26 13:23:28.677757: |   9f 7c 22 7f  a9 ab 8f 7d  c1 b7 d2 72  2c 72 22 a3
Aug 26 13:23:28.677764: |   6d bd 71 ae  ea 37 dc 1b  48 ab 52 15  76 5c 8b cc
Aug 26 13:23:28.677772: |   09 e4 c3 a1  6d 74 10 c8  89 de 58 0a  aa 08 77 75
Aug 26 13:23:28.677779: |   9e a7 81 39  ea 07 f2 fd  39 41 bd 29  b1 ef b7 3d
Aug 26 13:23:28.677787: |   5e df d4 71  2b 2d 96 a0  f5 b7 36 33  a5 87 c7 f6
Aug 26 13:23:28.677794: |   7a 18 e9 01  2c 0e ce 28  93 71 dd 9b  a4 3e a9 ed
Aug 26 13:23:28.677802: |   9b f8 2e 36  69 fb 52 29  b8 03 fa 50  46 cf 4d d3
Aug 26 13:23:28.677809: |   fd 82 a2 9e  68 d6 73 42  1b d3 67 7e  5b db 63 11
Aug 26 13:23:28.677817: |   3c 62 6b 5c  ea 9b 83 59  ea 35 2f bf  68 8a fe c2
Aug 26 13:23:28.677824: |   b3 98 21 ee  d6 f4 f9 7b  d1 86 11 21  fd 43 57 08
Aug 26 13:23:28.677832: |   91 27 02 63  ce 77 52 7a  02 cf e4 82  63 c6 99 30
Aug 26 13:23:28.677840: |   96 57 32 15  0b a6 61 38  9f 2f 52 7a  e6 1a e6 6b
Aug 26 13:23:28.677847: |   eb 0d 10 19  b1 5c 47 e2  f9 eb 13 78  e1 6f 72 c9
Aug 26 13:23:28.677855: |   b9 58 42 a4  3b f2 cd d0  29 00 00 24  66 94 b2 b2
Aug 26 13:23:28.677862: |   21 cc 32 5c  0d 0d 16 28  d1 bf 62 62  2b 06 6f 82
Aug 26 13:23:28.677882: |   0c 32 c2 30  05 07 08 60  74 e1 75 a4  29 00 00 08
Aug 26 13:23:28.677890: |   00 00 40 2e  29 00 00 1c  00 00 40 04  28 43 cc 4f
Aug 26 13:23:28.677898: |   ff 53 cf ad  8f cd e3 af  5a 62 e6 87  03 41 3c 7d
Aug 26 13:23:28.677905: |   00 00 00 1c  00 00 40 05  7e eb 36 16  0a 96 e8 0e
Aug 26 13:23:28.677913: |   b1 6a 16 d3  ba 36 41 a2  fe ff b9 bd
Aug 26 13:23:28.677935: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:23:28.677947: | **parse ISAKMP Message:
Aug 26 13:23:28.677956: |    initiator cookie:
Aug 26 13:23:28.677964: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.677972: |    responder cookie:
Aug 26 13:23:28.677980: |   00 00 00 00  00 00 00 00
Aug 26 13:23:28.677989: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:28.677998: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:28.678007: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 13:23:28.678016: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:23:28.678025: |    Message ID: 0 (0x0)
Aug 26 13:23:28.678033: |    length: 828 (0x33c)
Aug 26 13:23:28.678043: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 13:23:28.678053: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 13:23:28.678064: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 13:23:28.678073: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:23:28.678084: | ***parse IKEv2 Security Association Payload:
Aug 26 13:23:28.678093: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 13:23:28.678101: |    flags: none (0x0)
Aug 26 13:23:28.678109: |    length: 436 (0x1b4)
Aug 26 13:23:28.678117: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 13:23:28.678125: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 13:23:28.678134: | ***parse IKEv2 Key Exchange Payload:
Aug 26 13:23:28.678143: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 13:23:28.678150: |    flags: none (0x0)
Aug 26 13:23:28.678158: |    length: 264 (0x108)
Aug 26 13:23:28.678166: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.678175: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 13:23:28.678182: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 13:23:28.678190: | ***parse IKEv2 Nonce Payload:
Aug 26 13:23:28.678199: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:28.678206: |    flags: none (0x0)
Aug 26 13:23:28.678214: |    length: 36 (0x24)
Aug 26 13:23:28.678222: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 13:23:28.678230: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:28.678238: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:28.678246: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:28.678254: |    flags: none (0x0)
Aug 26 13:23:28.678262: |    length: 8 (0x8)
Aug 26 13:23:28.678270: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.678278: |    SPI size: 0 (0x0)
Aug 26 13:23:28.678287: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 13:23:28.678326: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 13:23:28.678335: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:28.678343: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:28.678359: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:28.678367: |    flags: none (0x0)
Aug 26 13:23:28.678374: |    length: 28 (0x1c)
Aug 26 13:23:28.678382: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.678390: |    SPI size: 0 (0x0)
Aug 26 13:23:28.678398: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 13:23:28.678407: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 13:23:28.678414: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:28.678422: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:28.678430: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.678438: |    flags: none (0x0)
Aug 26 13:23:28.678446: |    length: 28 (0x1c)
Aug 26 13:23:28.678465: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.678473: |    SPI size: 0 (0x0)
Aug 26 13:23:28.678481: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 13:23:28.678490: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 13:23:28.678498: | DDOS disabled and no cookie sent, continuing
Aug 26 13:23:28.678516: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:28.678532: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:28.678542: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 13:23:28.678554: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 13:23:28.678564: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 13:23:28.678575: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 13:23:28.678583: | find_next_host_connection returns empty
Aug 26 13:23:28.678596: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:28.678605: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 13:23:28.678613: | find_next_host_connection returns empty
Aug 26 13:23:28.678625: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 13:23:28.678639: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:28.678653: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:28.678662: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 13:23:28.678671: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 13:23:28.678681: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 13:23:28.678691: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 13:23:28.678698: | find_next_host_connection returns empty
Aug 26 13:23:28.678710: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:28.678719: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 13:23:28.678727: | find_next_host_connection returns empty
Aug 26 13:23:28.678739: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Aug 26 13:23:28.678753: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:28.678766: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:28.678774: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:28.678784: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 13:23:28.678793: | find_next_host_connection returns westnet-eastnet-ikev2c
Aug 26 13:23:28.678801: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:28.678810: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 13:23:28.678819: | find_next_host_connection returns westnet-eastnet-ikev2b
Aug 26 13:23:28.678827: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:28.678836: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 13:23:28.678844: | find_next_host_connection returns westnet-eastnet-ikev2a
Aug 26 13:23:28.678852: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:28.678860: | find_next_host_connection returns empty
Aug 26 13:23:28.678870: | found connection: westnet-eastnet-ikev2c with policy PSK+IKEV2_ALLOW
Aug 26 13:23:28.678932: | creating state object #1 at 0x56286c5526c8
Aug 26 13:23:28.678943: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 13:23:28.678970: | pstats #1 ikev2.ike started
Aug 26 13:23:28.678981: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 13:23:28.678991: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 13:23:28.679009: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:23:28.679028: | #1 spent 1.64 milliseconds
Aug 26 13:23:28.679046: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:23:28.679056: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:23:28.679070: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:23:28.679080: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 13:23:28.679093: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 13:23:28.679108: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 13:23:28.679117: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 13:23:28.679126: | selected state microcode Respond to IKE_SA_INIT
Aug 26 13:23:28.679134: | Now let's proceed with state specific processing
Aug 26 13:23:28.679142: | calling processor Respond to IKE_SA_INIT
Aug 26 13:23:28.679154: |   #1 spent 1.77 milliseconds
Aug 26 13:23:28.679171: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:23:28.679181: | constructing local IKE proposals for westnet-eastnet-ikev2c (IKE SA responder matching remote proposals)
Aug 26 13:23:28.679204: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:28.679226: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:28.679239: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:28.679255: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:28.679268: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:28.679284: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:28.679311: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:28.679329: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:28.679359: "westnet-eastnet-ikev2c": constructed local IKE proposals for westnet-eastnet-ikev2c (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:28.679382: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 13:23:28.679394: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:23:28.679403: | local proposal 1 type PRF has 2 transforms
Aug 26 13:23:28.679411: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:23:28.679420: | local proposal 1 type DH has 8 transforms
Aug 26 13:23:28.679428: | local proposal 1 type ESN has 0 transforms
Aug 26 13:23:28.679439: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:23:28.679447: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:23:28.679455: | local proposal 2 type PRF has 2 transforms
Aug 26 13:23:28.679464: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:23:28.679472: | local proposal 2 type DH has 8 transforms
Aug 26 13:23:28.679480: | local proposal 2 type ESN has 0 transforms
Aug 26 13:23:28.679489: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:23:28.679497: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:23:28.679505: | local proposal 3 type PRF has 2 transforms
Aug 26 13:23:28.679513: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:23:28.679521: | local proposal 3 type DH has 8 transforms
Aug 26 13:23:28.679529: | local proposal 3 type ESN has 0 transforms
Aug 26 13:23:28.679539: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:23:28.679547: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:23:28.679555: | local proposal 4 type PRF has 2 transforms
Aug 26 13:23:28.679563: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:23:28.679571: | local proposal 4 type DH has 8 transforms
Aug 26 13:23:28.679579: | local proposal 4 type ESN has 0 transforms
Aug 26 13:23:28.679588: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:23:28.679599: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.679608: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.679616: |    length: 100 (0x64)
Aug 26 13:23:28.679625: |    prop #: 1 (0x1)
Aug 26 13:23:28.679633: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:28.679641: |    spi size: 0 (0x0)
Aug 26 13:23:28.679649: |    # transforms: 11 (0xb)
Aug 26 13:23:28.679660: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:23:28.679670: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.679679: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.679687: |    length: 12 (0xc)
Aug 26 13:23:28.679695: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.679703: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.679712: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.679721: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.679729: |    length/value: 256 (0x100)
Aug 26 13:23:28.679743: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:23:28.679752: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.679761: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.679768: |    length: 8 (0x8)
Aug 26 13:23:28.679776: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.679785: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:28.679796: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 13:23:28.679807: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 13:23:28.679817: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 13:23:28.679827: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 13:23:28.679840: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.679848: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.679856: |    length: 8 (0x8)
Aug 26 13:23:28.679864: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.679872: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:28.679881: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.679889: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.679897: |    length: 8 (0x8)
Aug 26 13:23:28.679905: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.679913: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.679924: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 13:23:28.679934: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 13:23:28.679944: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 13:23:28.679954: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 13:23:28.679963: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.679971: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.679978: |    length: 8 (0x8)
Aug 26 13:23:28.679986: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.679995: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:28.680003: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680011: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680019: |    length: 8 (0x8)
Aug 26 13:23:28.680027: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680035: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:28.680044: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680052: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680060: |    length: 8 (0x8)
Aug 26 13:23:28.680068: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680076: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:28.680084: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680092: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680100: |    length: 8 (0x8)
Aug 26 13:23:28.680108: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680116: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:28.680125: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680133: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680141: |    length: 8 (0x8)
Aug 26 13:23:28.680148: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680157: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:28.680165: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680174: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680181: |    length: 8 (0x8)
Aug 26 13:23:28.680189: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680197: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:28.680206: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680214: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.680221: |    length: 8 (0x8)
Aug 26 13:23:28.680229: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680237: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:28.680249: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 13:23:28.680263: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 13:23:28.680272: | remote proposal 1 matches local proposal 1
Aug 26 13:23:28.680282: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.680304: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.680316: |    length: 100 (0x64)
Aug 26 13:23:28.680328: |    prop #: 2 (0x2)
Aug 26 13:23:28.680337: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:28.680344: |    spi size: 0 (0x0)
Aug 26 13:23:28.680356: |    # transforms: 11 (0xb)
Aug 26 13:23:28.680367: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.680377: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680385: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680392: |    length: 12 (0xc)
Aug 26 13:23:28.680401: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.680409: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.680417: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.680426: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.680434: |    length/value: 128 (0x80)
Aug 26 13:23:28.680443: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680452: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680459: |    length: 8 (0x8)
Aug 26 13:23:28.680467: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.680475: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:28.680484: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680492: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680500: |    length: 8 (0x8)
Aug 26 13:23:28.680508: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.680516: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:28.680524: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680532: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680540: |    length: 8 (0x8)
Aug 26 13:23:28.680548: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680556: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.680565: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680573: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680580: |    length: 8 (0x8)
Aug 26 13:23:28.680588: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680597: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:28.680605: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680613: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680621: |    length: 8 (0x8)
Aug 26 13:23:28.680629: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680637: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:28.680645: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680653: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680661: |    length: 8 (0x8)
Aug 26 13:23:28.680669: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680677: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:28.680686: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680693: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680701: |    length: 8 (0x8)
Aug 26 13:23:28.680709: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680717: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:28.680726: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680734: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680741: |    length: 8 (0x8)
Aug 26 13:23:28.680749: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680757: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:28.680767: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680779: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.680792: |    length: 8 (0x8)
Aug 26 13:23:28.680802: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680813: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:28.680827: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.680839: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.680857: |    length: 8 (0x8)
Aug 26 13:23:28.680868: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.680881: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:28.680898: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 13:23:28.680912: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 13:23:28.680927: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.680939: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.680951: |    length: 116 (0x74)
Aug 26 13:23:28.680963: |    prop #: 3 (0x3)
Aug 26 13:23:28.680976: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:28.680987: |    spi size: 0 (0x0)
Aug 26 13:23:28.680999: |    # transforms: 13 (0xd)
Aug 26 13:23:28.681016: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.681030: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681042: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681054: |    length: 12 (0xc)
Aug 26 13:23:28.681067: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.681079: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:28.681092: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.681106: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.681119: |    length/value: 256 (0x100)
Aug 26 13:23:28.681135: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681148: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681160: |    length: 8 (0x8)
Aug 26 13:23:28.681172: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.681186: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:28.681201: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681213: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681225: |    length: 8 (0x8)
Aug 26 13:23:28.681238: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.681251: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:28.681264: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681277: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681307: |    length: 8 (0x8)
Aug 26 13:23:28.681330: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.681345: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:28.681360: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681373: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681385: |    length: 8 (0x8)
Aug 26 13:23:28.681397: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.681410: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:28.681424: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681437: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681448: |    length: 8 (0x8)
Aug 26 13:23:28.681461: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681474: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.681488: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681501: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681513: |    length: 8 (0x8)
Aug 26 13:23:28.681525: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681538: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:28.681552: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681565: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681576: |    length: 8 (0x8)
Aug 26 13:23:28.681589: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681602: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:28.681617: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681629: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681641: |    length: 8 (0x8)
Aug 26 13:23:28.681655: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681677: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:28.681692: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681706: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681719: |    length: 8 (0x8)
Aug 26 13:23:28.681732: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681745: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:28.681759: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681771: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681782: |    length: 8 (0x8)
Aug 26 13:23:28.681790: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681798: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:28.681807: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681815: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.681823: |    length: 8 (0x8)
Aug 26 13:23:28.681830: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681838: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:28.681847: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.681855: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.681863: |    length: 8 (0x8)
Aug 26 13:23:28.681871: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.681879: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:28.681892: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:23:28.681904: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:23:28.681918: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.681931: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:28.681943: |    length: 116 (0x74)
Aug 26 13:23:28.681955: |    prop #: 4 (0x4)
Aug 26 13:23:28.681968: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:28.681980: |    spi size: 0 (0x0)
Aug 26 13:23:28.681993: |    # transforms: 13 (0xd)
Aug 26 13:23:28.682011: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.682026: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682039: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682050: |    length: 12 (0xc)
Aug 26 13:23:28.682063: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.682076: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:28.682090: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.682104: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.682117: |    length/value: 128 (0x80)
Aug 26 13:23:28.682133: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682146: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682158: |    length: 8 (0x8)
Aug 26 13:23:28.682171: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.682185: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:28.682200: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682213: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682225: |    length: 8 (0x8)
Aug 26 13:23:28.682238: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.682251: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:28.682265: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682279: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682303: |    length: 8 (0x8)
Aug 26 13:23:28.682317: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.682331: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:28.682354: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682368: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682381: |    length: 8 (0x8)
Aug 26 13:23:28.682395: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.682408: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:28.682439: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682454: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682468: |    length: 8 (0x8)
Aug 26 13:23:28.682481: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682494: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.682509: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682522: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682535: |    length: 8 (0x8)
Aug 26 13:23:28.682549: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682562: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:28.682577: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682591: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682604: |    length: 8 (0x8)
Aug 26 13:23:28.682617: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682630: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:28.682645: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682658: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682671: |    length: 8 (0x8)
Aug 26 13:23:28.682684: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682698: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:28.682713: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682726: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682738: |    length: 8 (0x8)
Aug 26 13:23:28.682751: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682764: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:28.682779: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682792: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682805: |    length: 8 (0x8)
Aug 26 13:23:28.682818: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682831: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:28.682846: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682859: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.682873: |    length: 8 (0x8)
Aug 26 13:23:28.682886: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682898: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:28.682912: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.682925: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.682937: |    length: 8 (0x8)
Aug 26 13:23:28.682950: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.682963: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:28.682982: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:23:28.682998: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:23:28.683023: "westnet-eastnet-ikev2c" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 13:23:28.683048: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 13:23:28.683063: | converting proposal to internal trans attrs
Aug 26 13:23:28.683082: | natd_hash: rcookie is zero
Aug 26 13:23:28.683139: | natd_hash: hasher=0x56286a571800(20)
Aug 26 13:23:28.683157: | natd_hash: icookie=  59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.683170: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 13:23:28.683182: | natd_hash: ip=  c0 01 02 17
Aug 26 13:23:28.683194: | natd_hash: port=500
Aug 26 13:23:28.683207: | natd_hash: hash=  7e eb 36 16  0a 96 e8 0e  b1 6a 16 d3  ba 36 41 a2
Aug 26 13:23:28.683220: | natd_hash: hash=  fe ff b9 bd
Aug 26 13:23:28.683232: | natd_hash: rcookie is zero
Aug 26 13:23:28.683267: | natd_hash: hasher=0x56286a571800(20)
Aug 26 13:23:28.683283: | natd_hash: icookie=  59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.683319: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 13:23:28.683333: | natd_hash: ip=  c0 01 02 2d
Aug 26 13:23:28.683344: | natd_hash: port=500
Aug 26 13:23:28.683355: | natd_hash: hash=  28 43 cc 4f  ff 53 cf ad  8f cd e3 af  5a 62 e6 87
Aug 26 13:23:28.683363: | natd_hash: hash=  03 41 3c 7d
Aug 26 13:23:28.683372: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 13:23:28.683379: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 13:23:28.683387: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 13:23:28.683398: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 13:23:28.683421: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 13:23:28.683432: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56286c54c758
Aug 26 13:23:28.683446: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 13:23:28.683457: | libevent_malloc: new ptr-libevent@0x56286c54ed68 size 128
Aug 26 13:23:28.683498: |   #1 spent 4.28 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 13:23:28.683509: | crypto helper 0 resuming
Aug 26 13:23:28.683533: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:28.683548: | crypto helper 0 starting work-order 1 for state #1
Aug 26 13:23:28.683582: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 13:23:28.683551: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 13:23:28.683622: | suspending state #1 and saving MD
Aug 26 13:23:28.683637: | #1 is busy; has a suspended MD
Aug 26 13:23:28.683661: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:23:28.683681: | "westnet-eastnet-ikev2c" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:23:28.683705: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:23:28.683727: | #1 spent 6.27 milliseconds in ikev2_process_packet()
Aug 26 13:23:28.683748: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:23:28.683764: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:23:28.683779: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:23:28.683801: | spent 6.34 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:23:28.686344: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.002761 seconds
Aug 26 13:23:28.686382: | (#1) spent 2.77 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 13:23:28.686393: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
Aug 26 13:23:28.686404: | scheduling resume sending helper answer for #1
Aug 26 13:23:28.686415: | libevent_malloc: new ptr-libevent@0x7f95ac002888 size 128
Aug 26 13:23:28.686442: | crypto helper 0 waiting (nothing to do)
Aug 26 13:23:28.686475: | processing resume sending helper answer for #1
Aug 26 13:23:28.686503: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:23:28.686516: | crypto helper 0 replies to request ID 1
Aug 26 13:23:28.686533: | calling continuation function 0x56286a49cb50
Aug 26 13:23:28.686543: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 13:23:28.686655: | **emit ISAKMP Message:
Aug 26 13:23:28.686666: |    initiator cookie:
Aug 26 13:23:28.686674: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.686682: |    responder cookie:
Aug 26 13:23:28.686689: |   02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.686698: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:23:28.686708: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:28.686716: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 13:23:28.686725: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:23:28.686734: |    Message ID: 0 (0x0)
Aug 26 13:23:28.686743: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:23:28.686753: | Emitting ikev2_proposal ...
Aug 26 13:23:28.686762: | ***emit IKEv2 Security Association Payload:
Aug 26 13:23:28.686770: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.686778: |    flags: none (0x0)
Aug 26 13:23:28.686789: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:23:28.686799: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.686809: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.686818: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:28.686826: |    prop #: 1 (0x1)
Aug 26 13:23:28.686834: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:28.686842: |    spi size: 0 (0x0)
Aug 26 13:23:28.686850: |    # transforms: 3 (0x3)
Aug 26 13:23:28.686860: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:23:28.686870: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.686878: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.686887: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.686895: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.686905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:28.686914: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.686924: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.686932: |    length/value: 256 (0x100)
Aug 26 13:23:28.686941: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:23:28.686950: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.686958: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.686966: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:28.686974: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:28.686985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.686994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:28.687003: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:28.687011: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.687019: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.687028: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:28.687036: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.687046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.687055: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:28.687064: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:28.687077: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 13:23:28.687087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:23:28.687095: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 13:23:28.687104: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:23:28.687114: | ***emit IKEv2 Key Exchange Payload:
Aug 26 13:23:28.687123: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.687131: |    flags: none (0x0)
Aug 26 13:23:28.687139: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:28.687150: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 13:23:28.687159: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.687170: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 13:23:28.687179: | ikev2 g^x  80 e1 93 e8  bb 36 f3 6d  70 3f aa 8d  a4 97 9f e3
Aug 26 13:23:28.687187: | ikev2 g^x  56 7d 5e 41  e5 ef 6d 9c  08 b7 5b d0  27 78 96 01
Aug 26 13:23:28.687195: | ikev2 g^x  e1 a6 b9 5a  a9 e8 1e 02  e9 11 03 4b  bc 19 11 bb
Aug 26 13:23:28.687203: | ikev2 g^x  01 51 72 7f  1b 6b c1 fb  2a 86 49 4f  0a 21 a7 9e
Aug 26 13:23:28.687210: | ikev2 g^x  e5 2c 46 f2  d4 ea cd fc  fc 52 d8 cd  25 8d f3 28
Aug 26 13:23:28.687218: | ikev2 g^x  9d 3d b6 17  4c 83 c7 c0  5c c3 51 1e  1f 35 01 0c
Aug 26 13:23:28.687226: | ikev2 g^x  8b 5a d2 55  37 0d a5 a4  0b 22 5e e9  bd 52 ad b5
Aug 26 13:23:28.687234: | ikev2 g^x  91 68 6f 52  d7 62 d0 2b  8b 38 c1 22  03 f5 2e a5
Aug 26 13:23:28.687241: | ikev2 g^x  5d a7 d5 61  f3 3c 70 c7  b2 89 2b b6  37 e8 3c 9e
Aug 26 13:23:28.687249: | ikev2 g^x  f6 c0 2b 87  3d 6c 15 ec  49 96 83 34  1a c7 12 3f
Aug 26 13:23:28.687257: | ikev2 g^x  49 9e a2 0d  11 e4 db 10  40 28 9a 15  5f 0b 4b 7b
Aug 26 13:23:28.687264: | ikev2 g^x  08 8d e4 27  2b 96 17 81  6e 87 d9 55  e0 ed 82 b9
Aug 26 13:23:28.687272: | ikev2 g^x  a4 10 b0 76  60 0f cb cb  66 b1 da 74  d2 2e 65 34
Aug 26 13:23:28.687280: | ikev2 g^x  fd 19 e7 f3  c2 38 7a 44  ec 30 3f 99  79 f8 8c 13
Aug 26 13:23:28.687310: | ikev2 g^x  3c fb 39 9d  65 c9 19 08  1e f2 fb ca  d6 6e 8b c7
Aug 26 13:23:28.687326: | ikev2 g^x  4f 42 a7 52  76 3a e1 9c  04 db 7e 7f  c6 42 33 f1
Aug 26 13:23:28.687336: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 13:23:28.687352: | ***emit IKEv2 Nonce Payload:
Aug 26 13:23:28.687362: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:28.687370: |    flags: none (0x0)
Aug 26 13:23:28.687379: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 13:23:28.687390: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 13:23:28.687399: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.687409: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 13:23:28.687417: | IKEv2 nonce  84 bf ac a2  83 40 cb 09  85 ab 4e 49  94 e3 35 78
Aug 26 13:23:28.687425: | IKEv2 nonce  7c e7 eb 1f  60 d0 75 ce  33 11 68 5c  3f af b2 87
Aug 26 13:23:28.687433: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 13:23:28.687441: | Adding a v2N Payload
Aug 26 13:23:28.687449: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:28.687458: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.687465: |    flags: none (0x0)
Aug 26 13:23:28.687474: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.687482: |    SPI size: 0 (0x0)
Aug 26 13:23:28.687491: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 13:23:28.687501: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:28.687515: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.687525: | emitting length of IKEv2 Notify Payload: 8
Aug 26 13:23:28.687534: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 13:23:28.687567: | natd_hash: hasher=0x56286a571800(20)
Aug 26 13:23:28.687576: | natd_hash: icookie=  59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.687585: | natd_hash: rcookie=  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.687592: | natd_hash: ip=  c0 01 02 17
Aug 26 13:23:28.687600: | natd_hash: port=500
Aug 26 13:23:28.687609: | natd_hash: hash=  c7 7b 3e 90  d9 72 a2 49  73 62 cb 0d  54 fb 03 4a
Aug 26 13:23:28.687616: | natd_hash: hash=  b2 9c ea 1d
Aug 26 13:23:28.687624: | Adding a v2N Payload
Aug 26 13:23:28.687632: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:28.687640: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.687648: |    flags: none (0x0)
Aug 26 13:23:28.687656: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.687664: |    SPI size: 0 (0x0)
Aug 26 13:23:28.687673: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 13:23:28.687682: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:28.687691: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.687701: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 13:23:28.687709: | Notify data  c7 7b 3e 90  d9 72 a2 49  73 62 cb 0d  54 fb 03 4a
Aug 26 13:23:28.687717: | Notify data  b2 9c ea 1d
Aug 26 13:23:28.687725: | emitting length of IKEv2 Notify Payload: 28
Aug 26 13:23:28.687743: | natd_hash: hasher=0x56286a571800(20)
Aug 26 13:23:28.687751: | natd_hash: icookie=  59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.687759: | natd_hash: rcookie=  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.687766: | natd_hash: ip=  c0 01 02 2d
Aug 26 13:23:28.687774: | natd_hash: port=500
Aug 26 13:23:28.687782: | natd_hash: hash=  a7 51 2f fb  ed 23 c5 35  9a cd 89 34  7d ff 22 40
Aug 26 13:23:28.687790: | natd_hash: hash=  87 18 9d 9b
Aug 26 13:23:28.687797: | Adding a v2N Payload
Aug 26 13:23:28.687805: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:28.687813: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.687821: |    flags: none (0x0)
Aug 26 13:23:28.687829: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:28.687836: |    SPI size: 0 (0x0)
Aug 26 13:23:28.687845: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 13:23:28.687855: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:28.687864: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.687873: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 13:23:28.687881: | Notify data  a7 51 2f fb  ed 23 c5 35  9a cd 89 34  7d ff 22 40
Aug 26 13:23:28.687888: | Notify data  87 18 9d 9b
Aug 26 13:23:28.687896: | emitting length of IKEv2 Notify Payload: 28
Aug 26 13:23:28.687904: | emitting length of ISAKMP Message: 432
Aug 26 13:23:28.687926: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:28.687938: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 13:23:28.687947: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 13:23:28.687958: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 13:23:28.687967: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 13:23:28.687983: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 13:23:28.687997: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 13:23:28.688016: "westnet-eastnet-ikev2c" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 13:23:28.688032: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:23:28.688049: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:23:28.688068: |   59 f7 c6 c0  66 87 83 a1  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.688076: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 13:23:28.688084: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 13:23:28.688091: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 13:23:28.688099: |   04 00 00 0e  28 00 01 08  00 0e 00 00  80 e1 93 e8
Aug 26 13:23:28.688107: |   bb 36 f3 6d  70 3f aa 8d  a4 97 9f e3  56 7d 5e 41
Aug 26 13:23:28.688114: |   e5 ef 6d 9c  08 b7 5b d0  27 78 96 01  e1 a6 b9 5a
Aug 26 13:23:28.688122: |   a9 e8 1e 02  e9 11 03 4b  bc 19 11 bb  01 51 72 7f
Aug 26 13:23:28.688129: |   1b 6b c1 fb  2a 86 49 4f  0a 21 a7 9e  e5 2c 46 f2
Aug 26 13:23:28.688137: |   d4 ea cd fc  fc 52 d8 cd  25 8d f3 28  9d 3d b6 17
Aug 26 13:23:28.688145: |   4c 83 c7 c0  5c c3 51 1e  1f 35 01 0c  8b 5a d2 55
Aug 26 13:23:28.688152: |   37 0d a5 a4  0b 22 5e e9  bd 52 ad b5  91 68 6f 52
Aug 26 13:23:28.688160: |   d7 62 d0 2b  8b 38 c1 22  03 f5 2e a5  5d a7 d5 61
Aug 26 13:23:28.688167: |   f3 3c 70 c7  b2 89 2b b6  37 e8 3c 9e  f6 c0 2b 87
Aug 26 13:23:28.688175: |   3d 6c 15 ec  49 96 83 34  1a c7 12 3f  49 9e a2 0d
Aug 26 13:23:28.688182: |   11 e4 db 10  40 28 9a 15  5f 0b 4b 7b  08 8d e4 27
Aug 26 13:23:28.688190: |   2b 96 17 81  6e 87 d9 55  e0 ed 82 b9  a4 10 b0 76
Aug 26 13:23:28.688198: |   60 0f cb cb  66 b1 da 74  d2 2e 65 34  fd 19 e7 f3
Aug 26 13:23:28.688205: |   c2 38 7a 44  ec 30 3f 99  79 f8 8c 13  3c fb 39 9d
Aug 26 13:23:28.688213: |   65 c9 19 08  1e f2 fb ca  d6 6e 8b c7  4f 42 a7 52
Aug 26 13:23:28.688220: |   76 3a e1 9c  04 db 7e 7f  c6 42 33 f1  29 00 00 24
Aug 26 13:23:28.688228: |   84 bf ac a2  83 40 cb 09  85 ab 4e 49  94 e3 35 78
Aug 26 13:23:28.688236: |   7c e7 eb 1f  60 d0 75 ce  33 11 68 5c  3f af b2 87
Aug 26 13:23:28.688243: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 13:23:28.688251: |   c7 7b 3e 90  d9 72 a2 49  73 62 cb 0d  54 fb 03 4a
Aug 26 13:23:28.688258: |   b2 9c ea 1d  00 00 00 1c  00 00 40 05  a7 51 2f fb
Aug 26 13:23:28.688266: |   ed 23 c5 35  9a cd 89 34  7d ff 22 40  87 18 9d 9b
Aug 26 13:23:28.688368: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:23:28.688401: | libevent_free: release ptr-libevent@0x56286c54ed68
Aug 26 13:23:28.688418: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56286c54c758
Aug 26 13:23:28.688433: | event_schedule: new EVENT_SO_DISCARD-pe@0x56286c54c758
Aug 26 13:23:28.688451: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 13:23:28.688467: | libevent_malloc: new ptr-libevent@0x56286c552498 size 128
Aug 26 13:23:28.688487: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 13:23:28.688514: | #1 spent 1.93 milliseconds in resume sending helper answer
Aug 26 13:23:28.688539: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:23:28.688555: | libevent_free: release ptr-libevent@0x7f95ac002888
Aug 26 13:23:28.700348: | spent 0.00937 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:23:28.700431: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:23:28.700449: |   59 f7 c6 c0  66 87 83 a1  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.700463: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Aug 26 13:23:28.700476: |   13 13 7e 47  fb 92 bf ac  5d f7 5d f1  04 8e 13 25
Aug 26 13:23:28.700489: |   1a 35 b7 0a  c4 46 98 74  fb 7e a6 dc  ed 83 b4 33
Aug 26 13:23:28.700502: |   56 56 2c e9  23 e8 d5 bb  8a fb f5 2b  55 1a 97 69
Aug 26 13:23:28.700524: |   6f 09 e5 53  cd 8b 53 1c  3f 65 62 82  cf 5d 82 63
Aug 26 13:23:28.700538: |   bf 63 20 d5  b1 f2 e1 1e  e8 44 b4 89  da 59 8e b3
Aug 26 13:23:28.700549: |   2c e8 7a 73  95 d3 7a c9  24 20 79 82  24 da bd a9
Aug 26 13:23:28.700562: |   6f 71 31 36  b4 35 35 99  79 b8 7d 68  c2 0c 1f ec
Aug 26 13:23:28.700576: |   8a 8f 98 9c  cd 88 4d 5f  ba 4b 86 e8  70 c0 6e 69
Aug 26 13:23:28.700585: |   27 fb 45 36  cf 67 9c e8  5c 43 16 56  ee 81 a5 24
Aug 26 13:23:28.700592: |   2f 4f e2 48  e7 d3 6c c9  0b 48 07 ec  a7 d9 fe eb
Aug 26 13:23:28.700600: |   d3 7e 86 a5  56 75 e5 64  29 52 0a 1b  5e 6b f3 b8
Aug 26 13:23:28.700607: |   30 7d ef 27  eb 4b 40 50  7b 24 31 79  2c a4 75 ee
Aug 26 13:23:28.700615: |   cc 23 1d a3  aa 21 08 be  39 de e1 df  93 8d 25 5d
Aug 26 13:23:28.700623: |   b0 37 27 7e  d1 3f 29 91  f1 3a b5 6e  24 33 3d 8c
Aug 26 13:23:28.700630: |   36 90 5d 9e  1c 2c 8e 1e  28 39 85 ca  57 59 f2 6e
Aug 26 13:23:28.700638: |   36 92 ba 17  29 d7 70 3a  99 1a 13 26  76 5f f3 90
Aug 26 13:23:28.700645: |   ed 1c a2 81  c8 4b f5 82  5a 50 25 67  9a ad 22 28
Aug 26 13:23:28.700653: |   9c c7 39 45  d6 19 db 64  69 26 cd ec  3e b2 3b e1
Aug 26 13:23:28.700661: |   2d 2f f9 86  94 84 32 8c  e2 5b 40 4b  d8 d9 ac c1
Aug 26 13:23:28.700668: |   62 05 d8 ea  e7 22 08 3c  8c 37 cf 53  f1 4b 6d 4e
Aug 26 13:23:28.700676: |   dd f9 39 1b  ab a8 84 f0  b5 03 a3 58  f2
Aug 26 13:23:28.700691: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:23:28.700703: | **parse ISAKMP Message:
Aug 26 13:23:28.700712: |    initiator cookie:
Aug 26 13:23:28.700720: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.700728: |    responder cookie:
Aug 26 13:23:28.700735: |   02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.700744: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:23:28.700754: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:28.700762: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 13:23:28.700771: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:23:28.700779: |    Message ID: 1 (0x1)
Aug 26 13:23:28.700788: |    length: 365 (0x16d)
Aug 26 13:23:28.700798: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 13:23:28.700808: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 13:23:28.700820: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 13:23:28.700840: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:23:28.700850: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:23:28.700864: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:23:28.700875: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 13:23:28.700888: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 13:23:28.700896: | unpacking clear payload
Aug 26 13:23:28.700904: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:23:28.700914: | ***parse IKEv2 Encryption Payload:
Aug 26 13:23:28.700923: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 13:23:28.700931: |    flags: none (0x0)
Aug 26 13:23:28.700939: |    length: 337 (0x151)
Aug 26 13:23:28.700948: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Aug 26 13:23:28.700962: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 13:23:28.700971: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 13:23:28.700981: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 13:23:28.700990: | Now let's proceed with state specific processing
Aug 26 13:23:28.700998: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 13:23:28.701009: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 13:23:28.701027: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 13:23:28.701039: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 13:23:28.701048: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 13:23:28.701059: | libevent_free: release ptr-libevent@0x56286c552498
Aug 26 13:23:28.701069: | free_event_entry: release EVENT_SO_DISCARD-pe@0x56286c54c758
Aug 26 13:23:28.701080: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56286c54c758
Aug 26 13:23:28.701092: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 13:23:28.701102: | libevent_malloc: new ptr-libevent@0x7f95ac002888 size 128
Aug 26 13:23:28.701134: |   #1 spent 0.119 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 13:23:28.701151: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:28.701163: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 13:23:28.701167: | crypto helper 1 resuming
Aug 26 13:23:28.701236: | crypto helper 1 starting work-order 2 for state #1
Aug 26 13:23:28.701172: | suspending state #1 and saving MD
Aug 26 13:23:28.701267: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 13:23:28.701306: | #1 is busy; has a suspended MD
Aug 26 13:23:28.701380: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:23:28.701397: | "westnet-eastnet-ikev2c" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:23:28.701411: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:23:28.701429: | #1 spent 0.97 milliseconds in ikev2_process_packet()
Aug 26 13:23:28.701442: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:23:28.701451: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:23:28.701460: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:23:28.701474: | spent 1.02 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:23:28.705871: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 13:23:28.708106: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.006835 seconds
Aug 26 13:23:28.708163: | (#1) spent 6.79 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 13:23:28.708184: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
Aug 26 13:23:28.708201: | scheduling resume sending helper answer for #1
Aug 26 13:23:28.708221: | libevent_malloc: new ptr-libevent@0x7f95a4000f48 size 128
Aug 26 13:23:28.708257: | crypto helper 1 waiting (nothing to do)
Aug 26 13:23:28.708344: | processing resume sending helper answer for #1
Aug 26 13:23:28.708402: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:23:28.708421: | crypto helper 1 replies to request ID 2
Aug 26 13:23:28.708430: | calling continuation function 0x56286a49cb50
Aug 26 13:23:28.708439: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 13:23:28.708449: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 13:23:28.708499: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 13:23:28.708511: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 13:23:28.708521: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 13:23:28.708531: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 13:23:28.708540: |    flags: none (0x0)
Aug 26 13:23:28.708549: |    length: 12 (0xc)
Aug 26 13:23:28.708557: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:28.708576: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 13:23:28.708584: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 13:23:28.708593: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 13:23:28.708602: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 13:23:28.708609: |    flags: none (0x0)
Aug 26 13:23:28.708617: |    length: 12 (0xc)
Aug 26 13:23:28.708625: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:28.708633: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 13:23:28.708641: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 13:23:28.708650: | **parse IKEv2 Authentication Payload:
Aug 26 13:23:28.708658: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:28.708666: |    flags: none (0x0)
Aug 26 13:23:28.708673: |    length: 72 (0x48)
Aug 26 13:23:28.708682: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 13:23:28.708690: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Aug 26 13:23:28.708698: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:23:28.708706: | **parse IKEv2 Security Association Payload:
Aug 26 13:23:28.708714: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 13:23:28.708722: |    flags: none (0x0)
Aug 26 13:23:28.708730: |    length: 164 (0xa4)
Aug 26 13:23:28.708738: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 13:23:28.708746: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 13:23:28.708755: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 13:23:28.708763: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 13:23:28.708770: |    flags: none (0x0)
Aug 26 13:23:28.708778: |    length: 24 (0x18)
Aug 26 13:23:28.708786: |    number of TS: 1 (0x1)
Aug 26 13:23:28.708794: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 13:23:28.708802: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 13:23:28.708810: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 13:23:28.708818: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.708826: |    flags: none (0x0)
Aug 26 13:23:28.708834: |    length: 24 (0x18)
Aug 26 13:23:28.708841: |    number of TS: 1 (0x1)
Aug 26 13:23:28.708849: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 13:23:28.708858: | selected state microcode Responder: process IKE_AUTH request
Aug 26 13:23:28.708866: | Now let's proceed with state specific processing
Aug 26 13:23:28.708874: | calling processor Responder: process IKE_AUTH request
Aug 26 13:23:28.708891: "westnet-eastnet-ikev2c" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 13:23:28.708911: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:23:28.708921: | received IDr payload - extracting our alleged ID
Aug 26 13:23:28.708932: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2c"
Aug 26 13:23:28.708945: |    match_id a=@west
Aug 26 13:23:28.708953: |             b=@west
Aug 26 13:23:28.708961: |    results  matched
Aug 26 13:23:28.708974: | refine_host_connection: checking "westnet-eastnet-ikev2c" against "westnet-eastnet-ikev2c", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 13:23:28.708983: | Warning: not switching back to template of current instance
Aug 26 13:23:28.708992: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 13:23:28.709001: | This connection's local id is @east (ID_FQDN)
Aug 26 13:23:28.709012: | refine_host_connection: checked westnet-eastnet-ikev2c against westnet-eastnet-ikev2c, now for see if best
Aug 26 13:23:28.709022: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.709031: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.709042: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:28.709052: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:28.709061: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:28.709069: | line 1: match=014
Aug 26 13:23:28.709080: | match 014 beats previous best_match 000 match=0x56286c4a3b58 (line=1)
Aug 26 13:23:28.709094: | concluding with best_match=014 best=0x56286c4a3b58 (lineno=1)
Aug 26 13:23:28.709103: | returning because exact peer id match
Aug 26 13:23:28.709112: | offered CA: '%none'
Aug 26 13:23:28.709122: "westnet-eastnet-ikev2c" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 13:23:28.709198: | verifying AUTH payload
Aug 26 13:23:28.709214: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Aug 26 13:23:28.709224: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.709233: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.709243: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:28.709252: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:28.709261: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:28.709268: | line 1: match=014
Aug 26 13:23:28.709277: | match 014 beats previous best_match 000 match=0x56286c4a3b58 (line=1)
Aug 26 13:23:28.709286: | concluding with best_match=014 best=0x56286c4a3b58 (lineno=1)
Aug 26 13:23:28.709445: "westnet-eastnet-ikev2c" #1: Authenticated using authby=secret
Aug 26 13:23:28.709463: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 13:23:28.709474: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key)
Aug 26 13:23:28.709481: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:23:28.709489: | libevent_free: release ptr-libevent@0x7f95ac002888
Aug 26 13:23:28.709496: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56286c54c758
Aug 26 13:23:28.709502: | event_schedule: new EVENT_SA_REKEY-pe@0x56286c54c758
Aug 26 13:23:28.709511: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1
Aug 26 13:23:28.709517: | libevent_malloc: new ptr-libevent@0x56286c54ed68 size 128
Aug 26 13:23:28.709729: | pstats #1 ikev2.ike established
Aug 26 13:23:28.709759: | **emit ISAKMP Message:
Aug 26 13:23:28.709778: |    initiator cookie:
Aug 26 13:23:28.709788: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:28.709798: |    responder cookie:
Aug 26 13:23:28.709807: |   02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.709819: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:23:28.709830: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:28.709841: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 13:23:28.709852: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:23:28.709861: |    Message ID: 1 (0x1)
Aug 26 13:23:28.709873: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:23:28.709884: | IKEv2 CERT: send a certificate?
Aug 26 13:23:28.709895: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Aug 26 13:23:28.709906: | ***emit IKEv2 Encryption Payload:
Aug 26 13:23:28.709918: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.709927: |    flags: none (0x0)
Aug 26 13:23:28.709942: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:23:28.709955: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.709969: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:23:28.709995: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 13:23:28.710040: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 13:23:28.710055: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.710065: |    flags: none (0x0)
Aug 26 13:23:28.710076: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:28.710089: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 13:23:28.710099: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.710108: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 13:23:28.710120: | my identity  65 61 73 74
Aug 26 13:23:28.710127: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 13:23:28.710147: | assembled IDr payload
Aug 26 13:23:28.710154: | CHILD SA proposals received
Aug 26 13:23:28.710159: | going to assemble AUTH payload
Aug 26 13:23:28.710165: | ****emit IKEv2 Authentication Payload:
Aug 26 13:23:28.710171: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:28.710177: |    flags: none (0x0)
Aug 26 13:23:28.710182: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 13:23:28.710189: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 13:23:28.710196: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 13:23:28.710202: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.710209: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Aug 26 13:23:28.710217: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.710224: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:28.710230: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:28.710237: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:28.710243: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:28.710249: | line 1: match=014
Aug 26 13:23:28.710255: | match 014 beats previous best_match 000 match=0x56286c4a3b58 (line=1)
Aug 26 13:23:28.710261: | concluding with best_match=014 best=0x56286c4a3b58 (lineno=1)
Aug 26 13:23:28.710396: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Aug 26 13:23:28.710415: | PSK auth  d6 7f b3 15  9b 07 c6 0c  2b 2c 72 99  50 ef 57 72
Aug 26 13:23:28.710421: | PSK auth  f2 61 41 83  71 05 45 0a  ca 51 15 28  55 79 cf 3e
Aug 26 13:23:28.710426: | PSK auth  56 2f 9b 3d  4f 33 9c 86  c8 47 6e 88  2b 18 2d 26
Aug 26 13:23:28.710431: | PSK auth  db 03 ee 3f  50 75 d5 3c  8b 1c e2 2f  6f 40 f3 11
Aug 26 13:23:28.710438: | emitting length of IKEv2 Authentication Payload: 72
Aug 26 13:23:28.710448: | creating state object #2 at 0x56286c5563c8
Aug 26 13:23:28.710454: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 13:23:28.710462: | pstats #2 ikev2.child started
Aug 26 13:23:28.710468: | duplicating state object #1 "westnet-eastnet-ikev2c" as #2 for IPSEC SA
Aug 26 13:23:28.710479: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 13:23:28.710493: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:23:28.710503: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 13:23:28.710512: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 13:23:28.710519: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 13:23:28.710525: | TSi: parsing 1 traffic selectors
Aug 26 13:23:28.710531: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:28.710537: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:28.710543: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:28.710549: |    length: 16 (0x10)
Aug 26 13:23:28.710554: |    start port: 0 (0x0)
Aug 26 13:23:28.710560: |    end port: 65535 (0xffff)
Aug 26 13:23:28.710566: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:28.710571: | TS low  c0 00 01 00
Aug 26 13:23:28.710577: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:28.710583: | TS high  c0 00 01 ff
Aug 26 13:23:28.710588: | TSi: parsed 1 traffic selectors
Aug 26 13:23:28.710599: | TSr: parsing 1 traffic selectors
Aug 26 13:23:28.710606: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:28.710611: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:28.710616: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:28.710621: |    length: 16 (0x10)
Aug 26 13:23:28.710627: |    start port: 0 (0x0)
Aug 26 13:23:28.710632: |    end port: 65535 (0xffff)
Aug 26 13:23:28.710637: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:28.710642: | TS low  c0 00 02 00
Aug 26 13:23:28.710648: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:28.710653: | TS high  c0 00 02 ff
Aug 26 13:23:28.710658: | TSr: parsed 1 traffic selectors
Aug 26 13:23:28.710663: | looking for best SPD in current connection
Aug 26 13:23:28.710675: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 13:23:28.710685: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710698: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:28.710705: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:28.710711: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:28.710718: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:28.710725: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:28.710734: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710744: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 13:23:28.710750: | looking for better host pair
Aug 26 13:23:28.710760: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:28.710769: |   checking hostpair 192.0.212.0/24 -> 192.0.1.0/24 is found
Aug 26 13:23:28.710775: |   investigating connection "westnet-eastnet-ikev2c" as a better match
Aug 26 13:23:28.710782: |    match_id a=@west
Aug 26 13:23:28.710787: |             b=@west
Aug 26 13:23:28.710792: |    results  matched
Aug 26 13:23:28.710802: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 13:23:28.710811: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710821: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:28.710828: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:28.710833: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:28.710839: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:28.710846: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:28.710854: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710865: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 13:23:28.710871: |   investigating connection "westnet-eastnet-ikev2b" as a better match
Aug 26 13:23:28.710877: |    match_id a=@west
Aug 26 13:23:28.710882: |             b=@west
Aug 26 13:23:28.710886: |    results  matched
Aug 26 13:23:28.710896: | evaluating our conn="westnet-eastnet-ikev2b" I=192.0.1.0/24:0/0 R=192.0.211.0/24:0/0 to their:
Aug 26 13:23:28.710904: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710915: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:28.710921: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:28.710927: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:28.710932: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:28.710939: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:28.710947: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.710957: |         match address end->client=192.0.211.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 13:23:28.710966: |   investigating connection "westnet-eastnet-ikev2a" as a better match
Aug 26 13:23:28.710973: |    match_id a=@west
Aug 26 13:23:28.710977: |             b=@west
Aug 26 13:23:28.710982: |    results  matched
Aug 26 13:23:28.710991: | evaluating our conn="westnet-eastnet-ikev2a" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 13:23:28.711000: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.711010: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:28.711017: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:28.711022: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:28.711028: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:28.711034: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:28.711042: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:28.711053: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 13:23:28.711059: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 13:23:28.711064: |           TSr[0] port match: YES fitness 65536
Aug 26 13:23:28.711070: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 13:23:28.711076: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:28.711082: | best fit so far: TSi[0] TSr[0]
Aug 26 13:23:28.711088: |     protocol fitness found better match d westnet-eastnet-ikev2a, TSi[0],TSr[0]
Aug 26 13:23:28.711100: | in connection_discard for connection westnet-eastnet-ikev2c
Aug 26 13:23:28.711106: | printing contents struct traffic_selector
Aug 26 13:23:28.711111: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 13:23:28.711116: |   ipprotoid: 0
Aug 26 13:23:28.711121: |   port range: 0-65535
Aug 26 13:23:28.711129: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 13:23:28.711134: | printing contents struct traffic_selector
Aug 26 13:23:28.711139: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 13:23:28.711144: |   ipprotoid: 0
Aug 26 13:23:28.711149: |   port range: 0-65535
Aug 26 13:23:28.711157: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 13:23:28.711165: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ikev2a (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 13:23:28.711179: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 13:23:28.711191: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:28.711197: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 13:23:28.711206: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:28.711213: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:28.711222: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:28.711228: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:28.711237: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:28.711252: "westnet-eastnet-ikev2a": constructed local ESP/AH proposals for westnet-eastnet-ikev2a (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:28.711260: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 13:23:28.711271: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:23:28.711278: | local proposal 1 type PRF has 0 transforms
Aug 26 13:23:28.711287: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:23:28.711307: | local proposal 1 type DH has 1 transforms
Aug 26 13:23:28.711317: | local proposal 1 type ESN has 1 transforms
Aug 26 13:23:28.711328: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:28.711338: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:23:28.711353: | local proposal 2 type PRF has 0 transforms
Aug 26 13:23:28.711360: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:23:28.711366: | local proposal 2 type DH has 1 transforms
Aug 26 13:23:28.711372: | local proposal 2 type ESN has 1 transforms
Aug 26 13:23:28.711378: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:28.711384: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:23:28.711389: | local proposal 3 type PRF has 0 transforms
Aug 26 13:23:28.711395: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:23:28.711400: | local proposal 3 type DH has 1 transforms
Aug 26 13:23:28.711405: | local proposal 3 type ESN has 1 transforms
Aug 26 13:23:28.711412: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:28.711417: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:23:28.711422: | local proposal 4 type PRF has 0 transforms
Aug 26 13:23:28.711428: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:23:28.711433: | local proposal 4 type DH has 1 transforms
Aug 26 13:23:28.711439: | local proposal 4 type ESN has 1 transforms
Aug 26 13:23:28.711445: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:28.711451: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.711458: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.711463: |    length: 32 (0x20)
Aug 26 13:23:28.711469: |    prop #: 1 (0x1)
Aug 26 13:23:28.711475: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:28.711480: |    spi size: 4 (0x4)
Aug 26 13:23:28.711485: |    # transforms: 2 (0x2)
Aug 26 13:23:28.711492: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:28.711498: | remote SPI  51 b9 24 12
Aug 26 13:23:28.711505: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:23:28.711511: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711517: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.711522: |    length: 12 (0xc)
Aug 26 13:23:28.711528: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.711534: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.711540: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.711546: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.711551: |    length/value: 256 (0x100)
Aug 26 13:23:28.711561: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:23:28.711567: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711573: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.711578: |    length: 8 (0x8)
Aug 26 13:23:28.711583: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:28.711589: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:28.711596: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 13:23:28.711603: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 13:23:28.711610: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 13:23:28.711616: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 13:23:28.711624: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 13:23:28.711633: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 13:23:28.711639: | remote proposal 1 matches local proposal 1
Aug 26 13:23:28.711650: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.711656: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.711661: |    length: 32 (0x20)
Aug 26 13:23:28.711666: |    prop #: 2 (0x2)
Aug 26 13:23:28.711672: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:28.711677: |    spi size: 4 (0x4)
Aug 26 13:23:28.711682: |    # transforms: 2 (0x2)
Aug 26 13:23:28.711689: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:28.711694: | remote SPI  51 b9 24 12
Aug 26 13:23:28.711701: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.711706: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711712: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.711717: |    length: 12 (0xc)
Aug 26 13:23:28.711722: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.711728: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.711733: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.711739: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.711744: |    length/value: 128 (0x80)
Aug 26 13:23:28.711751: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711756: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.711761: |    length: 8 (0x8)
Aug 26 13:23:28.711767: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:28.711772: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:28.711779: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 13:23:28.711786: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 13:23:28.711792: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.711797: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:28.711802: |    length: 48 (0x30)
Aug 26 13:23:28.711807: |    prop #: 3 (0x3)
Aug 26 13:23:28.711813: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:28.711818: |    spi size: 4 (0x4)
Aug 26 13:23:28.711823: |    # transforms: 4 (0x4)
Aug 26 13:23:28.711829: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:28.711834: | remote SPI  51 b9 24 12
Aug 26 13:23:28.711841: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.711846: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711852: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.711857: |    length: 12 (0xc)
Aug 26 13:23:28.711862: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.711868: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:28.711873: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.711879: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.711884: |    length/value: 256 (0x100)
Aug 26 13:23:28.711890: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711895: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.711900: |    length: 8 (0x8)
Aug 26 13:23:28.711906: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.711911: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:28.711917: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711923: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.711928: |    length: 8 (0x8)
Aug 26 13:23:28.711933: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.711938: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:28.711944: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.711950: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.711955: |    length: 8 (0x8)
Aug 26 13:23:28.711960: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:28.711965: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:28.711973: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:28.711983: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:28.711989: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.711994: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:28.711999: |    length: 48 (0x30)
Aug 26 13:23:28.712004: |    prop #: 4 (0x4)
Aug 26 13:23:28.712010: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:28.712015: |    spi size: 4 (0x4)
Aug 26 13:23:28.712020: |    # transforms: 4 (0x4)
Aug 26 13:23:28.712026: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:28.712031: | remote SPI  51 b9 24 12
Aug 26 13:23:28.712037: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:28.712043: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712048: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.712053: |    length: 12 (0xc)
Aug 26 13:23:28.712059: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.712064: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:28.712070: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.712075: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.712080: |    length/value: 128 (0x80)
Aug 26 13:23:28.712086: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712092: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.712097: |    length: 8 (0x8)
Aug 26 13:23:28.712102: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.712107: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:28.712113: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712119: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.712124: |    length: 8 (0x8)
Aug 26 13:23:28.712129: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:28.712134: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:28.712140: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712145: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.712150: |    length: 8 (0x8)
Aug 26 13:23:28.712156: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:28.712161: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:28.712168: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:28.712174: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:28.712185: "westnet-eastnet-ikev2c" #1: proposal 1:ESP:SPI=51b92412;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 13:23:28.712195: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=51b92412;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 13:23:28.712201: | converting proposal to internal trans attrs
Aug 26 13:23:28.712240: | netlink_get_spi: allocated 0xb691d2db for esp.0@192.1.2.23
Aug 26 13:23:28.712247: | Emitting ikev2_proposal ...
Aug 26 13:23:28.712253: | ****emit IKEv2 Security Association Payload:
Aug 26 13:23:28.712259: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.712264: |    flags: none (0x0)
Aug 26 13:23:28.712272: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:23:28.712278: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.712285: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:23:28.712309: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:28.712318: |    prop #: 1 (0x1)
Aug 26 13:23:28.712324: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:28.712330: |    spi size: 4 (0x4)
Aug 26 13:23:28.712339: |    # transforms: 2 (0x2)
Aug 26 13:23:28.712351: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:23:28.712359: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 13:23:28.712364: | our spi  b6 91 d2 db
Aug 26 13:23:28.712370: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712376: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.712381: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:28.712387: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:28.712393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:28.712399: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:23:28.712405: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:28.712410: |    length/value: 256 (0x100)
Aug 26 13:23:28.712417: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:23:28.712422: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:28.712428: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:28.712433: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:28.712438: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:28.712445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:28.712452: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:28.712457: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:28.712463: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 13:23:28.712469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:23:28.712475: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 13:23:28.712481: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:23:28.712488: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 13:23:28.712493: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.712499: |    flags: none (0x0)
Aug 26 13:23:28.712504: |    number of TS: 1 (0x1)
Aug 26 13:23:28.712511: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 13:23:28.712518: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.712524: | *****emit IKEv2 Traffic Selector:
Aug 26 13:23:28.712529: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:28.712535: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:28.712540: |    start port: 0 (0x0)
Aug 26 13:23:28.712545: |    end port: 65535 (0xffff)
Aug 26 13:23:28.712552: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 13:23:28.712557: | ipv4 start  c0 00 01 00
Aug 26 13:23:28.712563: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 13:23:28.712568: | ipv4 end  c0 00 01 ff
Aug 26 13:23:28.712574: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 13:23:28.712579: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 13:23:28.712585: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 13:23:28.712590: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:28.712595: |    flags: none (0x0)
Aug 26 13:23:28.712601: |    number of TS: 1 (0x1)
Aug 26 13:23:28.712608: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 13:23:28.712614: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:28.712622: | *****emit IKEv2 Traffic Selector:
Aug 26 13:23:28.712628: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:28.712633: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:28.712638: |    start port: 0 (0x0)
Aug 26 13:23:28.712644: |    end port: 65535 (0xffff)
Aug 26 13:23:28.712649: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 13:23:28.712655: | ipv4 start  c0 00 02 00
Aug 26 13:23:28.712660: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 13:23:28.712665: | ipv4 end  c0 00 02 ff
Aug 26 13:23:28.712671: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 13:23:28.712676: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 13:23:28.712682: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 13:23:28.712690: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 13:23:28.713000: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 13:23:28.713020: |     #1 spent 4.09 milliseconds
Aug 26 13:23:28.713027: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 13:23:28.713035: | could_route called for westnet-eastnet-ikev2a (kind=CK_PERMANENT)
Aug 26 13:23:28.713040: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 13:23:28.713048: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713054: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Aug 26 13:23:28.713060: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713066: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Aug 26 13:23:28.713072: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713078: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Aug 26 13:23:28.713086: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Aug 26 13:23:28.713093: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 13:23:28.713101: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 13:23:28.713106: | AES_GCM_16 requires 4 salt bytes
Aug 26 13:23:28.713112: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 13:23:28.713121: | setting IPsec SA replay-window to 32
Aug 26 13:23:28.713128: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Aug 26 13:23:28.713135: | netlink: enabling tunnel mode
Aug 26 13:23:28.713141: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 13:23:28.713148: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 13:23:28.713274: | netlink response for Add SA esp.51b92412@192.1.2.45 included non-error error
Aug 26 13:23:28.713285: | set up outgoing SA, ref=0/0
Aug 26 13:23:28.713312: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 13:23:28.713323: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 13:23:28.713333: | AES_GCM_16 requires 4 salt bytes
Aug 26 13:23:28.713345: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 13:23:28.713359: | setting IPsec SA replay-window to 32
Aug 26 13:23:28.713373: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Aug 26 13:23:28.713383: | netlink: enabling tunnel mode
Aug 26 13:23:28.713394: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 13:23:28.713405: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 13:23:28.713536: | netlink response for Add SA esp.b691d2db@192.1.2.23 included non-error error
Aug 26 13:23:28.713558: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Aug 26 13:23:28.713586: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 13:23:28.713600: | IPsec Sa SPD priority set to 1042407
Aug 26 13:23:28.713673: | raw_eroute result=success
Aug 26 13:23:28.713690: | set up incoming SA, ref=0/0
Aug 26 13:23:28.713716: | sr for #2: unrouted
Aug 26 13:23:28.713729: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 13:23:28.713739: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 13:23:28.713751: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713762: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Aug 26 13:23:28.713775: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713787: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Aug 26 13:23:28.713799: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 13:23:28.713811: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Aug 26 13:23:28.713826: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Aug 26 13:23:28.713842: | route_and_eroute with c: westnet-eastnet-ikev2a (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 13:23:28.713856: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Aug 26 13:23:28.713883: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 13:23:28.713895: | IPsec Sa SPD priority set to 1042407
Aug 26 13:23:28.713941: | raw_eroute result=success
Aug 26 13:23:28.713956: | running updown command "ipsec _updown" for verb up 
Aug 26 13:23:28.713966: | command executing up-client
Aug 26 13:23:28.714063: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN
Aug 26 13:23:28.714081: | popen cmd is 1045 chars long
Aug 26 13:23:28.714095: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike:
Aug 26 13:23:28.714108: | cmd(  80):v2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PL:
Aug 26 13:23:28.714119: | cmd( 160):UTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0':
Aug 26 13:23:28.714130: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL:
Aug 26 13:23:28.714137: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID=':
Aug 26 13:23:28.714143: | cmd( 400):@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_:
Aug 26 13:23:28.714149: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU:
Aug 26 13:23:28.714154: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCR:
Aug 26 13:23:28.714160: | cmd( 640):YPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_:
Aug 26 13:23:28.714166: | cmd( 720):KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CI:
Aug 26 13:23:28.714171: | cmd( 800):SCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PL:
Aug 26 13:23:28.714177: | cmd( 880):UTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI:
Aug 26 13:23:28.714182: | cmd( 960):_ROUTING='no' VTI_SHARED='no' SPI_IN=0x51b92412 SPI_OUT=0xb691d2db ipsec _updown:
Aug 26 13:23:28.714194: | cmd(1040): 2>&1:
Aug 26 13:23:28.732801: | route_and_eroute: firewall_notified: true
Aug 26 13:23:28.732825: | running updown command "ipsec _updown" for verb prepare 
Aug 26 13:23:28.732830: | command executing prepare-client
Aug 26 13:23:28.732871: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='
Aug 26 13:23:28.732876: | popen cmd is 1050 chars long
Aug 26 13:23:28.732880: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Aug 26 13:23:28.732884: | cmd(  80):t-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.2:
Aug 26 13:23:28.732888: | cmd( 160):3' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0:
Aug 26 13:23:28.732891: | cmd( 240):.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=':
Aug 26 13:23:28.732894: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER:
Aug 26 13:23:28.732898: | cmd( 400):_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' P:
Aug 26 13:23:28.732901: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0:
Aug 26 13:23:28.732904: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK:
Aug 26 13:23:28.732908: | cmd( 640):+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_:
Aug 26 13:23:28.732911: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE:
Aug 26 13:23:28.732915: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=:
Aug 26 13:23:28.732918: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=':
Aug 26 13:23:28.732921: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x51b92412 SPI_OUT=0xb691d2db ipsec _u:
Aug 26 13:23:28.732924: | cmd(1040):pdown 2>&1:
Aug 26 13:23:28.744104: | running updown command "ipsec _updown" for verb route 
Aug 26 13:23:28.744128: | command executing route-client
Aug 26 13:23:28.744165: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' 
Aug 26 13:23:28.744173: | popen cmd is 1048 chars long
Aug 26 13:23:28.744176: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Aug 26 13:23:28.744179: | cmd(  80):ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23':
Aug 26 13:23:28.744182: | cmd( 160): PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2:
Aug 26 13:23:28.744185: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
Aug 26 13:23:28.744188: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_I:
Aug 26 13:23:28.744191: | cmd( 400):D='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLU:
Aug 26 13:23:28.744194: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' :
Aug 26 13:23:28.744196: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+E:
Aug 26 13:23:28.744199: | cmd( 640):NCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO:
Aug 26 13:23:28.744202: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER:
Aug 26 13:23:28.744205: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='':
Aug 26 13:23:28.744208: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' :
Aug 26 13:23:28.744210: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x51b92412 SPI_OUT=0xb691d2db ipsec _upd:
Aug 26 13:23:28.744213: | cmd(1040):own 2>&1:
Aug 26 13:23:28.758558: | route_and_eroute: instance "westnet-eastnet-ikev2a", setting eroute_owner {spd=0x56286c54a958,sr=0x56286c54a958} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 13:23:28.758639: |     #1 spent 3.08 milliseconds in install_ipsec_sa()
Aug 26 13:23:28.758648: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2a[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 13:23:28.758652: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:23:28.758655: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:23:28.758660: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:23:28.758663: | emitting length of IKEv2 Encryption Payload: 197
Aug 26 13:23:28.758667: | emitting length of ISAKMP Message: 225
Aug 26 13:23:28.758711: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 13:23:28.758721: |   #1 spent 7.25 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 13:23:28.758733: | suspend processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:28.758742: | start processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:28.758749: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 13:23:28.758755: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 13:23:28.758761: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 13:23:28.758769: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 13:23:28.758778: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 13:23:28.758787: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 13:23:28.758792: | pstats #2 ikev2.child established
Aug 26 13:23:28.758805: "westnet-eastnet-ikev2a" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 13:23:28.758812: | NAT-T: encaps is 'auto'
Aug 26 13:23:28.758823: "westnet-eastnet-ikev2a" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x51b92412 <0xb691d2db xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 13:23:28.758832: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:23:28.758845: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:23:28.758850: |   59 f7 c6 c0  66 87 83 a1  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:28.758855: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Aug 26 13:23:28.758859: |   a5 be 94 6a  b8 b7 1d 22  fc 51 2a eb  16 81 02 33
Aug 26 13:23:28.758864: |   cb 57 11 e7  f7 cf f3 4e  30 6e f5 21  ae 95 92 ae
Aug 26 13:23:28.758867: |   08 dc 53 51  11 35 69 74  73 2b 26 a4  77 ab d6 c8
Aug 26 13:23:28.758870: |   af 17 0b b6  ac 15 7c 2e  67 c9 21 f3  4a e5 01 43
Aug 26 13:23:28.758873: |   20 e8 21 64  23 af d5 e5  53 00 7b 4c  5f b7 6f 5a
Aug 26 13:23:28.758875: |   a4 47 6a df  79 5b 5e 19  d9 41 c2 23  23 7f 00 4a
Aug 26 13:23:28.758877: |   55 ba 1d d5  92 a9 c8 4b  22 9d 10 91  d3 7f bb d4
Aug 26 13:23:28.758879: |   7b 70 78 55  c8 98 72 90  9c 2f 8d 02  d0 6c 92 04
Aug 26 13:23:28.758881: |   de 8e 88 06  aa a8 88 f6  93 57 67 37  b0 46 03 ef
Aug 26 13:23:28.758883: |   22 e4 9c 7a  9b 2f 56 c2  c1 8e 15 b6  d3 54 bf 2c
Aug 26 13:23:28.758886: |   02 2e cd 1a  5d 8b 50 fa  bd bb d3 e8  a1 61 b3 5b
Aug 26 13:23:28.758888: |   16 2e 6f ec  f0 89 66 06  63 73 ce d8  d1 f9 0e 7a
Aug 26 13:23:28.758890: |   c2
Aug 26 13:23:28.758932: | releasing whack for #2 (sock=fd@-1)
Aug 26 13:23:28.758941: | releasing whack and unpending for parent #1
Aug 26 13:23:28.758946: | unpending state #1 connection "westnet-eastnet-ikev2a"
Aug 26 13:23:28.758952: | #2 will expire in 28800 seconds (policy doesn't allow re-key)
Aug 26 13:23:28.758957: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f95ac002b78
Aug 26 13:23:28.758962: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #2
Aug 26 13:23:28.758968: | libevent_malloc: new ptr-libevent@0x56286c556318 size 128
Aug 26 13:23:28.758987: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 13:23:28.758999: | #1 spent 7.98 milliseconds in resume sending helper answer
Aug 26 13:23:28.759007: | stop processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:23:28.759014: | libevent_free: release ptr-libevent@0x7f95a4000f48
Aug 26 13:23:28.759032: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:28.759040: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:28.759046: | spent 0.00714 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:28.759050: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:28.759055: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:28.759061: | spent 0.00526 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:28.759065: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:28.759070: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:28.759075: | spent 0.00536 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:30.049498: | spent 0.00973 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:23:30.049579: | *received 305 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:23:30.049592: |   59 f7 c6 c0  66 87 83 a1  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:30.049601: |   2e 20 24 08  00 00 00 02  00 00 01 31  21 00 01 15
Aug 26 13:23:30.049608: |   9f 2f b5 99  b8 ac 3f 30  8f cd c9 0e  59 54 56 3d
Aug 26 13:23:30.049614: |   a5 8c b9 a1  83 fa 20 d9  72 7f 66 c1  da 8e 93 46
Aug 26 13:23:30.049621: |   eb 0d 5a 48  d6 17 1d 01  1f f9 e6 49  bb c1 80 b8
Aug 26 13:23:30.049628: |   51 62 b1 c4  42 10 fd a1  d4 87 93 28  18 97 a3 0c
Aug 26 13:23:30.049635: |   9e dd 3c e2  16 2b 29 44  65 4f 04 ad  e3 c7 54 62
Aug 26 13:23:30.049641: |   14 40 62 db  a7 09 32 86  f0 b4 44 03  57 99 24 98
Aug 26 13:23:30.049648: |   a2 0a de f2  b8 4a 8b 8a  cb b7 2e fe  d3 28 b0 fc
Aug 26 13:23:30.049664: |   cf f6 e7 59  2b 36 7e 81  93 40 0f ec  52 5e 57 64
Aug 26 13:23:30.049671: |   1e 7a c1 d0  1e 20 30 6e  da 24 29 a7  78 17 b2 cd
Aug 26 13:23:30.049678: |   4a 36 44 40  34 54 02 0b  e2 6d 20 7a  f0 96 1e 0b
Aug 26 13:23:30.049685: |   c7 9f 25 b0  d3 ef b5 d3  6a d4 ad 36  e8 8e 94 19
Aug 26 13:23:30.049691: |   69 c2 06 e5  8d ff 1f 75  f7 6c 01 2e  fd b3 22 49
Aug 26 13:23:30.049698: |   71 58 b3 0d  a9 c0 7c f4  be d3 bd 13  c9 b1 d0 e5
Aug 26 13:23:30.049705: |   9d c9 92 1e  b7 b2 aa 35  6b 44 ac ed  02 d4 86 ee
Aug 26 13:23:30.049712: |   b4 f5 4a 25  5d bc dd 8c  a4 e8 d8 4c  f0 b6 1b 5d
Aug 26 13:23:30.049719: |   47 ef 4f bc  ac fa 96 a3  07 b5 7d bb  c5 12 25 f5
Aug 26 13:23:30.049725: |   57 11 4f ff  ab 2c 66 49  40 ae c2 74  d0 a9 b5 9f
Aug 26 13:23:30.049732: |   a5
Aug 26 13:23:30.049746: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:23:30.049756: | **parse ISAKMP Message:
Aug 26 13:23:30.049765: |    initiator cookie:
Aug 26 13:23:30.049771: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:30.049779: |    responder cookie:
Aug 26 13:23:30.049785: |   02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:30.049794: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:23:30.049802: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:30.049810: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:23:30.049825: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:23:30.049833: |    Message ID: 2 (0x2)
Aug 26 13:23:30.049841: |    length: 305 (0x131)
Aug 26 13:23:30.049849: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Aug 26 13:23:30.049859: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request 
Aug 26 13:23:30.049871: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 13:23:30.049889: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:23:30.049898: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:23:30.049911: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:23:30.049920: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Aug 26 13:23:30.049932: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Aug 26 13:23:30.049939: | unpacking clear payload
Aug 26 13:23:30.049947: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:23:30.049956: | ***parse IKEv2 Encryption Payload:
Aug 26 13:23:30.049964: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:30.049971: |    flags: none (0x0)
Aug 26 13:23:30.049978: |    length: 277 (0x115)
Aug 26 13:23:30.049986: | processing payload: ISAKMP_NEXT_v2SK (len=273)
Aug 26 13:23:30.049999: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Aug 26 13:23:30.050008: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:23:30.050053: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Aug 26 13:23:30.050063: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:23:30.050072: | **parse IKEv2 Security Association Payload:
Aug 26 13:23:30.050079: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 13:23:30.050086: |    flags: none (0x0)
Aug 26 13:23:30.050093: |    length: 164 (0xa4)
Aug 26 13:23:30.050101: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 13:23:30.050108: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 13:23:30.050115: | **parse IKEv2 Nonce Payload:
Aug 26 13:23:30.050122: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 13:23:30.050129: |    flags: none (0x0)
Aug 26 13:23:30.050136: |    length: 36 (0x24)
Aug 26 13:23:30.050143: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 13:23:30.050150: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 13:23:30.050163: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 13:23:30.050171: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 13:23:30.050178: |    flags: none (0x0)
Aug 26 13:23:30.050185: |    length: 24 (0x18)
Aug 26 13:23:30.050192: |    number of TS: 1 (0x1)
Aug 26 13:23:30.050200: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 13:23:30.050207: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 13:23:30.050214: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 13:23:30.050221: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:30.050228: |    flags: none (0x0)
Aug 26 13:23:30.050235: |    length: 24 (0x18)
Aug 26 13:23:30.050242: |    number of TS: 1 (0x1)
Aug 26 13:23:30.050249: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 13:23:30.050259: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state
Aug 26 13:23:30.050267: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request
Aug 26 13:23:30.050283: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:23:30.050314: | creating state object #3 at 0x56286c554818
Aug 26 13:23:30.050331: | State DB: adding IKEv2 state #3 in UNDEFINED
Aug 26 13:23:30.050359: | pstats #3 ikev2.child started
Aug 26 13:23:30.050369: | duplicating state object #1 "westnet-eastnet-ikev2c" as #3 for IPSEC SA
Aug 26 13:23:30.050382: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 13:23:30.050414: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:23:30.050424: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA)
Aug 26 13:23:30.050439: | "westnet-eastnet-ikev2c" #1 received Child SA Request CREATE_CHILD_SA from 192.1.2.45:500 Child "westnet-eastnet-ikev2c" #3 in STATE_V2_CREATE_R will process it further
Aug 26 13:23:30.050452: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1
Aug 26 13:23:30.050464: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2
Aug 26 13:23:30.050472: | forcing ST #1 to CHILD #1.#3 in FSM processor
Aug 26 13:23:30.050479: | Now let's proceed with state specific processing
Aug 26 13:23:30.050486: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request
Aug 26 13:23:30.050500: | create child proposal's DH changed from no-PFS to NONE, flushing
Aug 26 13:23:30.050514: | constructing ESP/AH proposals with default DH NONE  for westnet-eastnet-ikev2c (CREATE_CHILD_SA responder matching remote ESP/AH proposals)
Aug 26 13:23:30.050527: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 13:23:30.050543: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:30.050552: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 13:23:30.050563: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:30.050573: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:30.050585: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:30.050593: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:30.050604: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:30.050625: "westnet-eastnet-ikev2c": constructed local ESP/AH proposals for westnet-eastnet-ikev2c (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:30.050640: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals
Aug 26 13:23:30.050658: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:23:30.050667: | local proposal 1 type PRF has 0 transforms
Aug 26 13:23:30.050675: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:23:30.050682: | local proposal 1 type DH has 1 transforms
Aug 26 13:23:30.050690: | local proposal 1 type ESN has 1 transforms
Aug 26 13:23:30.050699: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:30.050707: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:23:30.050715: | local proposal 2 type PRF has 0 transforms
Aug 26 13:23:30.050722: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:23:30.050729: | local proposal 2 type DH has 1 transforms
Aug 26 13:23:30.050736: | local proposal 2 type ESN has 1 transforms
Aug 26 13:23:30.050745: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:30.050752: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:23:30.050759: | local proposal 3 type PRF has 0 transforms
Aug 26 13:23:30.050767: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:23:30.050774: | local proposal 3 type DH has 1 transforms
Aug 26 13:23:30.050781: | local proposal 3 type ESN has 1 transforms
Aug 26 13:23:30.050790: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:30.050797: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:23:30.050805: | local proposal 4 type PRF has 0 transforms
Aug 26 13:23:30.050812: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:23:30.050819: | local proposal 4 type DH has 1 transforms
Aug 26 13:23:30.050826: | local proposal 4 type ESN has 1 transforms
Aug 26 13:23:30.050835: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:30.050844: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:30.050852: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:30.050859: |    length: 32 (0x20)
Aug 26 13:23:30.050866: |    prop #: 1 (0x1)
Aug 26 13:23:30.050874: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:30.050881: |    spi size: 4 (0x4)
Aug 26 13:23:30.050888: |    # transforms: 2 (0x2)
Aug 26 13:23:30.050897: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:30.050905: | remote SPI  f0 dd 7c 2f
Aug 26 13:23:30.050914: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:23:30.050923: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.050931: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.050938: |    length: 12 (0xc)
Aug 26 13:23:30.050945: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:30.050953: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:30.050961: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:30.050969: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:30.050976: |    length/value: 256 (0x100)
Aug 26 13:23:30.050988: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:23:30.050996: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051003: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:30.051010: |    length: 8 (0x8)
Aug 26 13:23:30.051018: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:30.051025: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:30.051035: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 13:23:30.051044: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 13:23:30.051053: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 13:23:30.051062: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 13:23:30.051084: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 13:23:30.051097: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 13:23:30.051105: | remote proposal 1 matches local proposal 1
Aug 26 13:23:30.051114: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:30.051121: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:30.051128: |    length: 32 (0x20)
Aug 26 13:23:30.051135: |    prop #: 2 (0x2)
Aug 26 13:23:30.051142: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:30.051149: |    spi size: 4 (0x4)
Aug 26 13:23:30.051156: |    # transforms: 2 (0x2)
Aug 26 13:23:30.051165: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:30.051172: | remote SPI  f0 dd 7c 2f
Aug 26 13:23:30.051181: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:30.051189: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051196: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051203: |    length: 12 (0xc)
Aug 26 13:23:30.051210: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:30.051217: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:30.051225: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:30.051232: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:30.051239: |    length/value: 128 (0x80)
Aug 26 13:23:30.051248: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051255: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:30.051262: |    length: 8 (0x8)
Aug 26 13:23:30.051269: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:30.051276: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:30.051286: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 13:23:30.051310: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 13:23:30.051319: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:30.051327: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:30.051333: |    length: 48 (0x30)
Aug 26 13:23:30.051340: |    prop #: 3 (0x3)
Aug 26 13:23:30.051352: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:30.051359: |    spi size: 4 (0x4)
Aug 26 13:23:30.051366: |    # transforms: 4 (0x4)
Aug 26 13:23:30.051374: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:30.051381: | remote SPI  f0 dd 7c 2f
Aug 26 13:23:30.051390: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:30.051397: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051405: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051412: |    length: 12 (0xc)
Aug 26 13:23:30.051419: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:30.051426: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:30.051433: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:30.051441: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:30.051448: |    length/value: 256 (0x100)
Aug 26 13:23:30.051456: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051463: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051470: |    length: 8 (0x8)
Aug 26 13:23:30.051477: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:30.051485: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:30.051493: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051500: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051506: |    length: 8 (0x8)
Aug 26 13:23:30.051514: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:30.051521: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:30.051529: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051540: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:30.051548: |    length: 8 (0x8)
Aug 26 13:23:30.051555: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:30.051562: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:30.051572: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:30.051581: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:30.051588: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:30.051596: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:30.051602: |    length: 48 (0x30)
Aug 26 13:23:30.051609: |    prop #: 4 (0x4)
Aug 26 13:23:30.051616: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:30.051623: |    spi size: 4 (0x4)
Aug 26 13:23:30.051630: |    # transforms: 4 (0x4)
Aug 26 13:23:30.051638: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:30.051645: | remote SPI  f0 dd 7c 2f
Aug 26 13:23:30.051654: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:30.051661: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051668: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051675: |    length: 12 (0xc)
Aug 26 13:23:30.051682: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:30.051689: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:30.051696: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:30.051704: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:30.051711: |    length/value: 128 (0x80)
Aug 26 13:23:30.051719: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051726: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051733: |    length: 8 (0x8)
Aug 26 13:23:30.051740: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:30.051747: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:30.051755: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051762: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:30.051769: |    length: 8 (0x8)
Aug 26 13:23:30.051776: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:30.051783: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:30.051791: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:30.051798: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:30.051805: |    length: 8 (0x8)
Aug 26 13:23:30.051812: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:30.051819: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:30.051829: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:30.051837: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:30.051851: "westnet-eastnet-ikev2c" #1: proposal 1:ESP:SPI=f0dd7c2f;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 13:23:30.051864: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=f0dd7c2f;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 13:23:30.051872: | converting proposal to internal trans attrs
Aug 26 13:23:30.051885: | Child SA TS Request has child->sa == md->st; so using child connection
Aug 26 13:23:30.051894: | TSi: parsing 1 traffic selectors
Aug 26 13:23:30.051902: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:30.051909: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:30.051917: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:30.051924: |    length: 16 (0x10)
Aug 26 13:23:30.051931: |    start port: 0 (0x0)
Aug 26 13:23:30.051938: |    end port: 65535 (0xffff)
Aug 26 13:23:30.051946: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:30.051957: | TS low  c0 00 01 00
Aug 26 13:23:30.051965: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:30.051972: | TS high  c0 00 01 ff
Aug 26 13:23:30.051980: | TSi: parsed 1 traffic selectors
Aug 26 13:23:30.051987: | TSr: parsing 1 traffic selectors
Aug 26 13:23:30.051994: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:30.052001: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:30.052008: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:30.052015: |    length: 16 (0x10)
Aug 26 13:23:30.052022: |    start port: 0 (0x0)
Aug 26 13:23:30.052029: |    end port: 65535 (0xffff)
Aug 26 13:23:30.052036: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:30.052043: | TS low  c0 00 c8 00
Aug 26 13:23:30.052050: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:30.052057: | TS high  c0 00 c8 ff
Aug 26 13:23:30.052064: | TSr: parsed 1 traffic selectors
Aug 26 13:23:30.052071: | looking for best SPD in current connection
Aug 26 13:23:30.052087: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 13:23:30.052100: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052118: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:30.052127: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:30.052135: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:30.052143: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:30.052152: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:30.052164: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052179: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 13:23:30.052186: | looking for better host pair
Aug 26 13:23:30.052200: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:30.052212: |   checking hostpair 192.0.212.0/24 -> 192.0.1.0/24 is found
Aug 26 13:23:30.052220: |   investigating connection "westnet-eastnet-ikev2c" as a better match
Aug 26 13:23:30.052231: |    match_id a=@west
Aug 26 13:23:30.052238: |             b=@west
Aug 26 13:23:30.052245: |    results  matched
Aug 26 13:23:30.052258: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 13:23:30.052269: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052284: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:30.052309: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:30.052318: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:30.052326: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:30.052334: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:30.052346: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052360: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 13:23:30.052368: |   investigating connection "westnet-eastnet-ikev2b" as a better match
Aug 26 13:23:30.052376: |    match_id a=@west
Aug 26 13:23:30.052382: |             b=@west
Aug 26 13:23:30.052389: |    results  matched
Aug 26 13:23:30.052402: | evaluating our conn="westnet-eastnet-ikev2b" I=192.0.1.0/24:0/0 R=192.0.211.0/24:0/0 to their:
Aug 26 13:23:30.052413: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052427: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:30.052436: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:30.052443: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:30.052455: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:30.052464: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:30.052475: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052489: |         match address end->client=192.0.211.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 13:23:30.052497: |   investigating connection "westnet-eastnet-ikev2a" as a better match
Aug 26 13:23:30.052505: |    match_id a=@west
Aug 26 13:23:30.052512: |             b=@west
Aug 26 13:23:30.052518: |    results  matched
Aug 26 13:23:30.052530: | evaluating our conn="westnet-eastnet-ikev2a" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 13:23:30.052542: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052556: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:30.052564: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:30.052571: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:30.052579: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:30.052587: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:30.052599: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:30.052612: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 13:23:30.052620: |   did not find a better connection using host pair
Aug 26 13:23:30.052628: | no best spd route; but the current CK_PERMANENT connection "westnet-eastnet-ikev2c" is not a CK_INSTANCE
Aug 26 13:23:30.052635: | giving up
Aug 26 13:23:30.052651: | #3 spent 2.13 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet()
Aug 26 13:23:30.052666: | suspend processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:30.052679: | start processing: state #3 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:30.052689: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_FAIL+v2N_TS_UNACCEPTABLE
Aug 26 13:23:30.053430: | sending a notification reply
Aug 26 13:23:30.053461: "westnet-eastnet-ikev2c" #3: responding to CREATE_CHILD_SA message (ID 2) from 192.1.2.45:500 with encrypted notification TS_UNACCEPTABLE
Aug 26 13:23:30.053471: | Opening output PBS encrypted notification
Aug 26 13:23:30.053480: | **emit ISAKMP Message:
Aug 26 13:23:30.053488: |    initiator cookie:
Aug 26 13:23:30.053496: |   59 f7 c6 c0  66 87 83 a1
Aug 26 13:23:30.053522: |    responder cookie:
Aug 26 13:23:30.053538: |   02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:30.053553: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:23:30.053568: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:30.053583: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:23:30.053598: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:23:30.053612: |    Message ID: 2 (0x2)
Aug 26 13:23:30.053629: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:23:30.053645: | ***emit IKEv2 Encryption Payload:
Aug 26 13:23:30.053660: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:30.053674: |    flags: none (0x0)
Aug 26 13:23:30.053695: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:23:30.053713: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification'
Aug 26 13:23:30.053730: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:23:30.053775: | Adding a v2N Payload
Aug 26 13:23:30.053784: | ****emit IKEv2 Notify Payload:
Aug 26 13:23:30.053792: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:30.053799: |    flags: none (0x0)
Aug 26 13:23:30.053823: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:30.053831: |    SPI size: 0 (0x0)
Aug 26 13:23:30.053839: |    Notify Message Type: v2N_TS_UNACCEPTABLE (0x26)
Aug 26 13:23:30.053849: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:30.053857: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification'
Aug 26 13:23:30.053866: | emitting length of IKEv2 Notify Payload: 8
Aug 26 13:23:30.053874: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:23:30.053883: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:23:30.053893: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:23:30.053900: | emitting length of IKEv2 Encryption Payload: 37
Aug 26 13:23:30.053908: | emitting length of ISAKMP Message: 65
Aug 26 13:23:30.053945: | sending 65 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:23:30.053954: |   59 f7 c6 c0  66 87 83 a1  02 26 9f 60  d8 0d 17 ce
Aug 26 13:23:30.053962: |   2e 20 24 20  00 00 00 02  00 00 00 41  29 00 00 25
Aug 26 13:23:30.053969: |   b2 50 75 e1  24 77 5a f8  28 0e c7 8b  94 79 bd 5c
Aug 26 13:23:30.053975: |   18 11 8a cb  e5 69 b1 77  4a 09 05 41  be 60 37 50
Aug 26 13:23:30.053982: |   78
Aug 26 13:23:30.054057: | forcing #3 to a discard event
Aug 26 13:23:30.054071: | event_schedule: new EVENT_SO_DISCARD-pe@0x56286c559e18
Aug 26 13:23:30.054083: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #3
Aug 26 13:23:30.054093: | libevent_malloc: new ptr-libevent@0x7f95a4000f48 size 128
Aug 26 13:23:30.054104: | state transition function for STATE_V2_CREATE_R failed: v2N_TS_UNACCEPTABLE
Aug 26 13:23:30.054120: | stop processing: state #3 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:23:30.054137: | #1 spent 4.53 milliseconds in ikev2_process_packet()
Aug 26 13:23:30.054149: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:23:30.054159: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:23:30.054167: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:23:30.054180: | spent 4.57 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:23:46.694388: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:23:46.694408: | expiring aged bare shunts from shunt table
Aug 26 13:23:46.694414: | spent 0.00395 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 13:24:06.692339: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:06.692358: | expiring aged bare shunts from shunt table
Aug 26 13:24:06.692364: | spent 0.00407 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 13:24:26.689351: | processing global timer EVENT_PENDING_DDNS
Aug 26 13:24:26.689371: | FOR_EACH_CONNECTION_... in connection_check_ddns
Aug 26 13:24:26.689375: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 13:24:26.689378: | elapsed time in connection_check_ddns for hostname lookup 0.000007
Aug 26 13:24:26.689383: | spent 0.0107 milliseconds in global timer EVENT_PENDING_DDNS
Aug 26 13:24:26.689386: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:26.689388: | expiring aged bare shunts from shunt table
Aug 26 13:24:26.689391: | spent 0.00284 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 13:24:46.693346: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:46.693375: | expiring aged bare shunts from shunt table
Aug 26 13:24:46.693381: | spent 0.00456 milliseconds in global timer EVENT_SHUNT_SCAN