Aug 26 13:23:47.272957: FIPS Product: YES
Aug 26 13:23:47.273047: FIPS Kernel: NO
Aug 26 13:23:47.273049: FIPS Mode: NO
Aug 26 13:23:47.273051: NSS DB directory: sql:/etc/ipsec.d
Aug 26 13:23:47.273192: Initializing NSS
Aug 26 13:23:47.273199: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 13:23:47.298931: NSS initialized
Aug 26 13:23:47.298945: NSS crypto library initialized
Aug 26 13:23:47.298948: FIPS HMAC integrity support [enabled]
Aug 26 13:23:47.298949: FIPS mode disabled for pluto daemon
Aug 26 13:23:47.323647: FIPS HMAC integrity verification self-test FAILED
Aug 26 13:23:47.323726: libcap-ng support [enabled]
Aug 26 13:23:47.323732: Linux audit support [enabled]
Aug 26 13:23:47.324015: Linux audit activated
Aug 26 13:23:47.324023: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:20818
Aug 26 13:23:47.324025: core dump dir: /tmp
Aug 26 13:23:47.324027: secrets file: /etc/ipsec.secrets
Aug 26 13:23:47.324028: leak-detective enabled
Aug 26 13:23:47.324030: NSS crypto [enabled]
Aug 26 13:23:47.324031: XAUTH PAM support [enabled]
Aug 26 13:23:47.324087: | libevent is using pluto's memory allocator
Aug 26 13:23:47.324092: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 13:23:47.324106: | libevent_malloc: new ptr-libevent@0x555f2c8d8868 size 40
Aug 26 13:23:47.324109: | libevent_malloc: new ptr-libevent@0x555f2c8d7cd8 size 40
Aug 26 13:23:47.324112: | libevent_malloc: new ptr-libevent@0x555f2c8d7dd8 size 40
Aug 26 13:23:47.324113: | creating event base
Aug 26 13:23:47.324115: | libevent_malloc: new ptr-libevent@0x555f2c95c6d8 size 56
Aug 26 13:23:47.324118: | libevent_malloc: new ptr-libevent@0x555f2c9006b8 size 664
Aug 26 13:23:47.324127: | libevent_malloc: new ptr-libevent@0x555f2c95c748 size 24
Aug 26 13:23:47.324129: | libevent_malloc: new ptr-libevent@0x555f2c95c798 size 384
Aug 26 13:23:47.324136: | libevent_malloc: new ptr-libevent@0x555f2c95c698 size 16
Aug 26 13:23:47.324138: | libevent_malloc: new ptr-libevent@0x555f2c8d7908 size 40
Aug 26 13:23:47.324140: | libevent_malloc: new ptr-libevent@0x555f2c8d7d38 size 48
Aug 26 13:23:47.324143: | libevent_realloc: new ptr-libevent@0x555f2c900348 size 256
Aug 26 13:23:47.324145: | libevent_malloc: new ptr-libevent@0x555f2c95c948 size 16
Aug 26 13:23:47.324149: | libevent_free: release ptr-libevent@0x555f2c95c6d8
Aug 26 13:23:47.324152: | libevent initialized
Aug 26 13:23:47.324155: | libevent_realloc: new ptr-libevent@0x555f2c95c6d8 size 64
Aug 26 13:23:47.324159: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 13:23:47.324169: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 13:23:47.324171: NAT-Traversal support  [enabled]
Aug 26 13:23:47.324173: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 13:23:47.324178: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 13:23:47.324181: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 13:23:47.324207: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 13:23:47.324209: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 13:23:47.324211: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 13:23:47.324243: Encryption algorithms:
Aug 26 13:23:47.324250:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 13:23:47.324252:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 13:23:47.324255:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 13:23:47.324257:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 13:23:47.324259:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 13:23:47.324266:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 13:23:47.324269:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 13:23:47.324271:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 13:23:47.324274:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 13:23:47.324276:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 13:23:47.324278:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 13:23:47.324280:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 13:23:47.324282:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 13:23:47.324285:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 13:23:47.324287:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 13:23:47.324295:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 13:23:47.324298:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 13:23:47.324322: Hash algorithms:
Aug 26 13:23:47.324324:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 13:23:47.324326:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 13:23:47.324330:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 13:23:47.324332:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 13:23:47.324334:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 13:23:47.324342: PRF algorithms:
Aug 26 13:23:47.324344:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 13:23:47.324359:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 13:23:47.324361:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 13:23:47.324363:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 13:23:47.324365:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 13:23:47.324367:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 13:23:47.324383: Integrity algorithms:
Aug 26 13:23:47.324385:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 13:23:47.324388:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 13:23:47.324390:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 13:23:47.324392:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 13:23:47.324395:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 13:23:47.324397:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 13:23:47.324399:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 13:23:47.324401:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 13:23:47.324403:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 13:23:47.324410: DH algorithms:
Aug 26 13:23:47.324412:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 13:23:47.324414:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 13:23:47.324416:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 13:23:47.324420:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 13:23:47.324422:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 13:23:47.324424:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 13:23:47.324426:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 13:23:47.324428:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 13:23:47.324430:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 13:23:47.324432:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 13:23:47.324434:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 13:23:47.324435: testing CAMELLIA_CBC:
Aug 26 13:23:47.324437:   Camellia: 16 bytes with 128-bit key
Aug 26 13:23:47.324526:   Camellia: 16 bytes with 128-bit key
Aug 26 13:23:47.324545:   Camellia: 16 bytes with 256-bit key
Aug 26 13:23:47.324564:   Camellia: 16 bytes with 256-bit key
Aug 26 13:23:47.324581: testing AES_GCM_16:
Aug 26 13:23:47.324584:   empty string
Aug 26 13:23:47.324604:   one block
Aug 26 13:23:47.324620:   two blocks
Aug 26 13:23:47.324636:   two blocks with associated data
Aug 26 13:23:47.324652: testing AES_CTR:
Aug 26 13:23:47.324654:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 13:23:47.324670:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 13:23:47.324687:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 13:23:47.324704:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 13:23:47.324719:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 13:23:47.324736:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 13:23:47.324753:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 13:23:47.324785:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 13:23:47.324815:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 13:23:47.324831: testing AES_CBC:
Aug 26 13:23:47.324833:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 13:23:47.324849:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:47.324866:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:47.324883:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 13:23:47.324903: testing AES_XCBC:
Aug 26 13:23:47.324905:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 13:23:47.324976:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 13:23:47.325059:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 13:23:47.325140:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 13:23:47.325223:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 13:23:47.325327:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 13:23:47.325420:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 13:23:47.325585:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 13:23:47.325661:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 13:23:47.325741:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 13:23:47.325881: testing HMAC_MD5:
Aug 26 13:23:47.325884:   RFC 2104: MD5_HMAC test 1
Aug 26 13:23:47.325988:   RFC 2104: MD5_HMAC test 2
Aug 26 13:23:47.326081:   RFC 2104: MD5_HMAC test 3
Aug 26 13:23:47.326250: 8 CPU cores online
Aug 26 13:23:47.326253: starting up 7 crypto helpers
Aug 26 13:23:47.326279: started thread for crypto helper 0
Aug 26 13:23:47.326300: started thread for crypto helper 1
Aug 26 13:23:47.326328: | starting up helper thread 1
Aug 26 13:23:47.326331: | starting up helper thread 0
Aug 26 13:23:47.326367: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 13:23:47.326347: started thread for crypto helper 2
Aug 26 13:23:47.326393: | starting up helper thread 2
Aug 26 13:23:47.326394: | crypto helper 1 waiting (nothing to do)
Aug 26 13:23:47.326422: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 13:23:47.326446: | crypto helper 2 waiting (nothing to do)
Aug 26 13:23:47.326446: started thread for crypto helper 3
Aug 26 13:23:47.326449: | starting up helper thread 3
Aug 26 13:23:47.326390: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 13:23:47.326458: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 13:23:47.326466: | crypto helper 0 waiting (nothing to do)
Aug 26 13:23:47.326483: started thread for crypto helper 4
Aug 26 13:23:47.326487: | crypto helper 3 waiting (nothing to do)
Aug 26 13:23:47.326488: | starting up helper thread 4
Aug 26 13:23:47.326498: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 13:23:47.326500: | crypto helper 4 waiting (nothing to do)
Aug 26 13:23:47.326501: | starting up helper thread 5
Aug 26 13:23:47.326499: started thread for crypto helper 5
Aug 26 13:23:47.326507: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 13:23:47.326513: | crypto helper 5 waiting (nothing to do)
Aug 26 13:23:47.326527: started thread for crypto helper 6
Aug 26 13:23:47.326533: | checking IKEv1 state table
Aug 26 13:23:47.326538: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326540: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 13:23:47.326542: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326543: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 13:23:47.326545: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 13:23:47.326547: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 13:23:47.326548: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:47.326550: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:47.326551: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 13:23:47.326553: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 13:23:47.326554: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:47.326556: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 13:23:47.326557: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 13:23:47.326559: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:47.326560: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:47.326562: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 13:23:47.326563: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 13:23:47.326565: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:47.326566: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:47.326568: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 13:23:47.326569: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 13:23:47.326571: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326573: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 13:23:47.326574: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326576: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326577: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 13:23:47.326579: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326580: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 13:23:47.326582: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 13:23:47.326583: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 13:23:47.326585: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 13:23:47.326586: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 13:23:47.326588: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 13:23:47.326589: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326591: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 13:23:47.326592: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326594: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 13:23:47.326596: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 13:23:47.326597: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 13:23:47.326599: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 13:23:47.326600: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 13:23:47.326604: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 13:23:47.326606: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 13:23:47.326608: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326609: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 13:23:47.326611: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326612: |   INFO: category: informational flags: 0:
Aug 26 13:23:47.326614: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326615: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 13:23:47.326617: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326619: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 13:23:47.326620: |     -> XAUTH_R1 EVENT_NULL
Aug 26 13:23:47.326622: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 13:23:47.326623: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 13:23:47.326625: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 13:23:47.326626: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 13:23:47.326628: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 13:23:47.326630: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 13:23:47.326631: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 13:23:47.326633: |     -> UNDEFINED EVENT_NULL
Aug 26 13:23:47.326634: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 13:23:47.326636: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 13:23:47.326638: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 13:23:47.326639: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 13:23:47.326641: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 13:23:47.326642: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 13:23:47.326646: | checking IKEv2 state table
Aug 26 13:23:47.326650: |   PARENT_I0: category: ignore flags: 0:
Aug 26 13:23:47.326652: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 13:23:47.326654: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326656: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 13:23:47.326658: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 13:23:47.326659: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 13:23:47.326661: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 13:23:47.326663: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 13:23:47.326665: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 13:23:47.326666: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 13:23:47.326668: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 13:23:47.326670: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 13:23:47.326671: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 13:23:47.326673: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 13:23:47.326675: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 13:23:47.326676: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 13:23:47.326678: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326680: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 13:23:47.326681: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 13:23:47.326683: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 13:23:47.326685: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 13:23:47.326687: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 13:23:47.326688: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 13:23:47.326690: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 13:23:47.326692: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 13:23:47.326695: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 13:23:47.326697: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 13:23:47.326698: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 13:23:47.326700: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 13:23:47.326702: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 13:23:47.326704: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 13:23:47.326705: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 13:23:47.326707: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 13:23:47.326709: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 13:23:47.326711: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 13:23:47.326712: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 13:23:47.326714: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 13:23:47.326716: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 13:23:47.326718: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 13:23:47.326720: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 13:23:47.326721: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 13:23:47.326723: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 13:23:47.326725: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 13:23:47.326727: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 13:23:47.326729: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 13:23:47.326730: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 13:23:47.326732: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 13:23:47.326741: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 13:23:47.327004: | Hard-wiring algorithms
Aug 26 13:23:47.327007: | adding AES_CCM_16 to kernel algorithm db
Aug 26 13:23:47.327010: | adding AES_CCM_12 to kernel algorithm db
Aug 26 13:23:47.327012: | adding AES_CCM_8 to kernel algorithm db
Aug 26 13:23:47.327014: | adding 3DES_CBC to kernel algorithm db
Aug 26 13:23:47.327016: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 13:23:47.327017: | adding AES_GCM_16 to kernel algorithm db
Aug 26 13:23:47.327019: | adding AES_GCM_12 to kernel algorithm db
Aug 26 13:23:47.327020: | adding AES_GCM_8 to kernel algorithm db
Aug 26 13:23:47.327022: | adding AES_CTR to kernel algorithm db
Aug 26 13:23:47.327024: | adding AES_CBC to kernel algorithm db
Aug 26 13:23:47.327026: | adding SERPENT_CBC to kernel algorithm db
Aug 26 13:23:47.327027: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 13:23:47.327029: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 13:23:47.327031: | adding NULL to kernel algorithm db
Aug 26 13:23:47.327032: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 13:23:47.327034: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 13:23:47.327036: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 13:23:47.327037: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 13:23:47.327039: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 13:23:47.327041: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 13:23:47.327042: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 13:23:47.327044: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 13:23:47.327045: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 13:23:47.327047: | adding NONE to kernel algorithm db
Aug 26 13:23:47.327062: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 13:23:47.327066: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 13:23:47.327068: | setup kernel fd callback
Aug 26 13:23:47.327072: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555f2c9613a8
Aug 26 13:23:47.327075: | libevent_malloc: new ptr-libevent@0x555f2c945808 size 128
Aug 26 13:23:47.327077: | libevent_malloc: new ptr-libevent@0x555f2c9614b8 size 16
Aug 26 13:23:47.327081: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555f2c961ee8
Aug 26 13:23:47.327083: | libevent_malloc: new ptr-libevent@0x555f2c903868 size 128
Aug 26 13:23:47.327085: | libevent_malloc: new ptr-libevent@0x555f2c961ea8 size 16
Aug 26 13:23:47.327135: | starting up helper thread 6
Aug 26 13:23:47.327146: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 13:23:47.327148: | crypto helper 6 waiting (nothing to do)
Aug 26 13:23:47.327246: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 13:23:47.327253: selinux support is enabled.
Aug 26 13:23:47.327496: | unbound context created - setting debug level to 5
Aug 26 13:23:47.327519: | /etc/hosts lookups activated
Aug 26 13:23:47.327530: | /etc/resolv.conf usage activated
Aug 26 13:23:47.327566: | outgoing-port-avoid set 0-65535
Aug 26 13:23:47.327583: | outgoing-port-permit set 32768-60999
Aug 26 13:23:47.327585: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 13:23:47.327587: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 13:23:47.327589: | Setting up events, loop start
Aug 26 13:23:47.327591: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555f2c961f58
Aug 26 13:23:47.327593: | libevent_malloc: new ptr-libevent@0x555f2c96e168 size 128
Aug 26 13:23:47.327595: | libevent_malloc: new ptr-libevent@0x555f2c979438 size 16
Aug 26 13:23:47.327599: | libevent_realloc: new ptr-libevent@0x555f2c979478 size 256
Aug 26 13:23:47.327601: | libevent_malloc: new ptr-libevent@0x555f2c9795a8 size 8
Aug 26 13:23:47.327603: | libevent_realloc: new ptr-libevent@0x555f2c8d3918 size 144
Aug 26 13:23:47.327605: | libevent_malloc: new ptr-libevent@0x555f2c904e98 size 152
Aug 26 13:23:47.327608: | libevent_malloc: new ptr-libevent@0x555f2c9795e8 size 16
Aug 26 13:23:47.327610: | signal event handler PLUTO_SIGCHLD installed
Aug 26 13:23:47.327612: | libevent_malloc: new ptr-libevent@0x555f2c979628 size 8
Aug 26 13:23:47.327614: | libevent_malloc: new ptr-libevent@0x555f2c979668 size 152
Aug 26 13:23:47.327616: | signal event handler PLUTO_SIGTERM installed
Aug 26 13:23:47.327618: | libevent_malloc: new ptr-libevent@0x555f2c979738 size 8
Aug 26 13:23:47.327619: | libevent_malloc: new ptr-libevent@0x555f2c979778 size 152
Aug 26 13:23:47.327621: | signal event handler PLUTO_SIGHUP installed
Aug 26 13:23:47.327623: | libevent_malloc: new ptr-libevent@0x555f2c979848 size 8
Aug 26 13:23:47.327625: | libevent_realloc: release ptr-libevent@0x555f2c8d3918
Aug 26 13:23:47.327626: | libevent_realloc: new ptr-libevent@0x555f2c979888 size 256
Aug 26 13:23:47.327628: | libevent_malloc: new ptr-libevent@0x555f2c9799b8 size 152
Aug 26 13:23:47.327630: | signal event handler PLUTO_SIGSYS installed
Aug 26 13:23:47.327860: | created addconn helper (pid:20850) using fork+execve
Aug 26 13:23:47.327872: | forked child 20850
Aug 26 13:23:47.331001: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:47.331022: listening for IKE messages
Aug 26 13:23:47.331054: | Inspecting interface lo 
Aug 26 13:23:47.331059: | found lo with address 127.0.0.1
Aug 26 13:23:47.331062: | Inspecting interface eth0 
Aug 26 13:23:47.331065: | found eth0 with address 192.0.2.254
Aug 26 13:23:47.331068: | Inspecting interface eth1 
Aug 26 13:23:47.331070: | found eth1 with address 192.1.2.23
Aug 26 13:23:47.331139: Kernel supports NIC esp-hw-offload
Aug 26 13:23:47.331147: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 13:23:47.331162: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:47.331166: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:47.331168: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 13:23:47.331191: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 13:23:47.331206: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:47.331208: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:47.331211: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 13:23:47.331228: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 13:23:47.331242: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 13:23:47.331245: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 13:23:47.331247: adding interface lo/lo 127.0.0.1:4500
Aug 26 13:23:47.331312: | no interfaces to sort
Aug 26 13:23:47.331318: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 13:23:47.331324: | add_fd_read_event_handler: new ethX-pe@0x555f2c979f08
Aug 26 13:23:47.331326: | libevent_malloc: new ptr-libevent@0x555f2c96e0b8 size 128
Aug 26 13:23:47.331329: | libevent_malloc: new ptr-libevent@0x555f2c979f78 size 16
Aug 26 13:23:47.331334: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 13:23:47.331349: | add_fd_read_event_handler: new ethX-pe@0x555f2c979fb8
Aug 26 13:23:47.331351: | libevent_malloc: new ptr-libevent@0x555f2c900aa8 size 128
Aug 26 13:23:47.331353: | libevent_malloc: new ptr-libevent@0x555f2c97a028 size 16
Aug 26 13:23:47.331355: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 13:23:47.331357: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a068
Aug 26 13:23:47.331359: | libevent_malloc: new ptr-libevent@0x555f2c903f38 size 128
Aug 26 13:23:47.331361: | libevent_malloc: new ptr-libevent@0x555f2c97a0d8 size 16
Aug 26 13:23:47.331363: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 13:23:47.331365: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a118
Aug 26 13:23:47.331368: | libevent_malloc: new ptr-libevent@0x555f2c904a08 size 128
Aug 26 13:23:47.331370: | libevent_malloc: new ptr-libevent@0x555f2c97a188 size 16
Aug 26 13:23:47.331372: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 13:23:47.331374: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a1c8
Aug 26 13:23:47.331377: | libevent_malloc: new ptr-libevent@0x555f2c8d84e8 size 128
Aug 26 13:23:47.331378: | libevent_malloc: new ptr-libevent@0x555f2c97a238 size 16
Aug 26 13:23:47.331381: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 13:23:47.331383: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a278
Aug 26 13:23:47.331384: | libevent_malloc: new ptr-libevent@0x555f2c8d81d8 size 128
Aug 26 13:23:47.331386: | libevent_malloc: new ptr-libevent@0x555f2c97a2e8 size 16
Aug 26 13:23:47.331389: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 13:23:47.331392: | certs and keys locked by 'free_preshared_secrets'
Aug 26 13:23:47.331394: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 13:23:47.331407: loading secrets from "/etc/ipsec.secrets"
Aug 26 13:23:47.331415: | id type added to secret(0x555f2c8d3b58) PKK_PSK: @west
Aug 26 13:23:47.331417: | id type added to secret(0x555f2c8d3b58) PKK_PSK: @east
Aug 26 13:23:47.331420: | Processing PSK at line 1: passed
Aug 26 13:23:47.331422: | certs and keys locked by 'process_secret'
Aug 26 13:23:47.331424: | certs and keys unlocked by 'process_secret'
Aug 26 13:23:47.331431: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:47.331436: | spent 0.422 milliseconds in whack
Aug 26 13:23:47.345299: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:47.345334: listening for IKE messages
Aug 26 13:23:47.345372: | Inspecting interface lo 
Aug 26 13:23:47.345377: | found lo with address 127.0.0.1
Aug 26 13:23:47.345379: | Inspecting interface eth0 
Aug 26 13:23:47.345382: | found eth0 with address 192.0.2.254
Aug 26 13:23:47.345384: | Inspecting interface eth1 
Aug 26 13:23:47.345386: | found eth1 with address 192.1.2.23
Aug 26 13:23:47.345424: | no interfaces to sort
Aug 26 13:23:47.345433: | libevent_free: release ptr-libevent@0x555f2c96e0b8
Aug 26 13:23:47.345436: | free_event_entry: release EVENT_NULL-pe@0x555f2c979f08
Aug 26 13:23:47.345438: | add_fd_read_event_handler: new ethX-pe@0x555f2c979f08
Aug 26 13:23:47.345440: | libevent_malloc: new ptr-libevent@0x555f2c96e0b8 size 128
Aug 26 13:23:47.345445: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 13:23:47.345447: | libevent_free: release ptr-libevent@0x555f2c900aa8
Aug 26 13:23:47.345449: | free_event_entry: release EVENT_NULL-pe@0x555f2c979fb8
Aug 26 13:23:47.345451: | add_fd_read_event_handler: new ethX-pe@0x555f2c979fb8
Aug 26 13:23:47.345452: | libevent_malloc: new ptr-libevent@0x555f2c900aa8 size 128
Aug 26 13:23:47.345455: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 13:23:47.345458: | libevent_free: release ptr-libevent@0x555f2c903f38
Aug 26 13:23:47.345459: | free_event_entry: release EVENT_NULL-pe@0x555f2c97a068
Aug 26 13:23:47.345461: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a068
Aug 26 13:23:47.345463: | libevent_malloc: new ptr-libevent@0x555f2c903f38 size 128
Aug 26 13:23:47.345466: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 13:23:47.345468: | libevent_free: release ptr-libevent@0x555f2c904a08
Aug 26 13:23:47.345470: | free_event_entry: release EVENT_NULL-pe@0x555f2c97a118
Aug 26 13:23:47.345471: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a118
Aug 26 13:23:47.345473: | libevent_malloc: new ptr-libevent@0x555f2c904a08 size 128
Aug 26 13:23:47.345476: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 13:23:47.345478: | libevent_free: release ptr-libevent@0x555f2c8d84e8
Aug 26 13:23:47.345480: | free_event_entry: release EVENT_NULL-pe@0x555f2c97a1c8
Aug 26 13:23:47.345481: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a1c8
Aug 26 13:23:47.345483: | libevent_malloc: new ptr-libevent@0x555f2c8d84e8 size 128
Aug 26 13:23:47.345486: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 13:23:47.345488: | libevent_free: release ptr-libevent@0x555f2c8d81d8
Aug 26 13:23:47.345490: | free_event_entry: release EVENT_NULL-pe@0x555f2c97a278
Aug 26 13:23:47.345492: | add_fd_read_event_handler: new ethX-pe@0x555f2c97a278
Aug 26 13:23:47.345493: | libevent_malloc: new ptr-libevent@0x555f2c8d81d8 size 128
Aug 26 13:23:47.345496: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 13:23:47.345498: | certs and keys locked by 'free_preshared_secrets'
Aug 26 13:23:47.345500: forgetting secrets
Aug 26 13:23:47.345505: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 13:23:47.345514: loading secrets from "/etc/ipsec.secrets"
Aug 26 13:23:47.345520: | id type added to secret(0x555f2c8d3b58) PKK_PSK: @west
Aug 26 13:23:47.345522: | id type added to secret(0x555f2c8d3b58) PKK_PSK: @east
Aug 26 13:23:47.345525: | Processing PSK at line 1: passed
Aug 26 13:23:47.345527: | certs and keys locked by 'process_secret'
Aug 26 13:23:47.345528: | certs and keys unlocked by 'process_secret'
Aug 26 13:23:47.345535: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:47.345539: | spent 0.248 milliseconds in whack
Aug 26 13:23:47.345917: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:47.345929: | waitpid returned pid 20850 (exited with status 0)
Aug 26 13:23:47.345932: | reaped addconn helper child (status 0)
Aug 26 13:23:47.345935: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:47.345939: | spent 0.0132 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:47.405876: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:47.405899: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:47.405902: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:47.405903: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:47.405905: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 13:23:47.405908: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 13:23:47.405914: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:47.405956: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 13:23:47.405959: | from whack: got --esp=
Aug 26 13:23:47.405983: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 13:23:47.405986: | counting wild cards for @west is 0
Aug 26 13:23:47.405989: | counting wild cards for @east is 0
Aug 26 13:23:47.405995: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 13:23:47.405997: | new hp@0x555f2c97c5c8
Aug 26 13:23:47.406000: added connection description "east"
Aug 26 13:23:47.406007: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 13:23:47.406015: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 13:23:47.406020: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:47.406025: | spent 0.156 milliseconds in whack
Aug 26 13:23:47.406100: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:47.406108: add keyid @west
Aug 26 13:23:47.406124: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 13:23:47.406126: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 13:23:47.406127: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 13:23:47.406129: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 13:23:47.406130: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 13:23:47.406132: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 13:23:47.406133: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 13:23:47.406135: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 13:23:47.406136: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 13:23:47.406138: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 13:23:47.406139: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 13:23:47.406141: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 13:23:47.406142: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 13:23:47.406144: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 13:23:47.406145: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 13:23:47.406147: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 13:23:47.406148: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 13:23:47.406150: | add pubkey  15 04 37 f9
Aug 26 13:23:47.406180: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 13:23:47.406182: | computed rsa CKAID  7f 0f 03 50
Aug 26 13:23:47.406190: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:47.406194: | spent 0.0976 milliseconds in whack
Aug 26 13:23:47.406219: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 13:23:47.406225: add keyid @east
Aug 26 13:23:47.406227: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 13:23:47.406229: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 13:23:47.406230: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 13:23:47.406231: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 13:23:47.406235: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 13:23:47.406237: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 13:23:47.406239: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 13:23:47.406240: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 13:23:47.406242: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 13:23:47.406243: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 13:23:47.406245: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 13:23:47.406246: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 13:23:47.406248: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 13:23:47.406249: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 13:23:47.406251: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 13:23:47.406252: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 13:23:47.406254: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 13:23:47.406255: | add pubkey  51 51 48 ef
Aug 26 13:23:47.406261: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 13:23:47.406263: | computed rsa CKAID  8a 82 25 f1
Aug 26 13:23:47.406268: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 13:23:47.406272: | spent 0.0543 milliseconds in whack
Aug 26 13:23:48.711976: | spent 0.0111 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:23:48.712088: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:23:48.712102: |   70 79 23 d6  e9 10 04 82  00 00 00 00  00 00 00 00
Aug 26 13:23:48.712111: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 13:23:48.712118: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 13:23:48.712126: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 13:23:48.712133: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 13:23:48.712140: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 13:23:48.712148: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 13:23:48.712155: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 13:23:48.712162: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 13:23:48.712170: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 13:23:48.712177: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 13:23:48.712184: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 13:23:48.712192: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 13:23:48.712199: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 13:23:48.712206: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 13:23:48.712214: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 13:23:48.712221: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 13:23:48.712228: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 13:23:48.712236: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 13:23:48.712243: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 13:23:48.712250: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 13:23:48.712258: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 13:23:48.712265: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 13:23:48.712272: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 13:23:48.712280: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 13:23:48.712287: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 13:23:48.712322: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 13:23:48.712331: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 13:23:48.712338: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 13:23:48.712345: |   28 00 01 08  00 0e 00 00  9e 55 8d cd  de b0 4b c2
Aug 26 13:23:48.712366: |   48 ab 6d b5  33 24 01 75  a1 f0 13 d8  0c 72 4f 15
Aug 26 13:23:48.712374: |   2b 62 a1 23  c9 07 62 2c  1c a9 5c 3e  01 f1 51 7c
Aug 26 13:23:48.712382: |   a0 6d 1b 33  56 c8 40 59  42 76 28 4e  c9 ff 10 3c
Aug 26 13:23:48.712389: |   97 b9 f8 de  15 41 22 42  59 67 2d 39  93 cf 98 de
Aug 26 13:23:48.712396: |   65 93 04 13  45 ea 62 ab  69 26 06 e6  c9 ce a5 85
Aug 26 13:23:48.712404: |   d0 f5 2a 5e  b0 cb 48 4d  54 f2 b2 aa  d2 78 7b ed
Aug 26 13:23:48.712411: |   2b 12 a5 5d  ad 8a fb d0  e7 bb 73 1f  89 c3 ca 09
Aug 26 13:23:48.712418: |   d7 a1 46 f7  9b e2 18 c9  57 67 c0 ac  55 66 69 4b
Aug 26 13:23:48.712426: |   9c 19 bd 0a  5d 31 72 08  33 18 d4 a8  f4 8f f6 88
Aug 26 13:23:48.712433: |   cd ad e1 19  d1 4d 08 37  3f ce d4 6e  5c 1d 4b 3c
Aug 26 13:23:48.712441: |   3c f8 9d a8  76 06 1f 6c  a1 bd 29 3e  00 55 d3 8a
Aug 26 13:23:48.712448: |   69 bd 35 bf  1c 8e de 70  32 4f ff 8e  d2 26 53 08
Aug 26 13:23:48.712455: |   ab f0 8e 52  6c 9a ab 48  79 15 a9 ca  fc 05 7d 61
Aug 26 13:23:48.712463: |   d0 18 9d 68  88 67 aa 1c  0d a8 e0 89  66 0b 39 c1
Aug 26 13:23:48.712470: |   6d 72 ca 81  61 3e 78 b2  7e 7a 38 f3  6c 5d b1 fa
Aug 26 13:23:48.712477: |   e4 29 d6 6f  7e 96 a3 a6  29 00 00 24  d9 e6 be 30
Aug 26 13:23:48.712485: |   22 61 0d 20  08 c7 cc ed  cf fe d0 fa  d2 85 8e f2
Aug 26 13:23:48.712492: |   be 70 db 8c  ff 82 86 eb  7f 4c 22 50  29 00 00 08
Aug 26 13:23:48.712499: |   00 00 40 2e  29 00 00 1c  00 00 40 04  ac 64 93 33
Aug 26 13:23:48.712507: |   0b 03 40 d4  a6 c2 7a 69  1e 19 6f 81  2d c0 f2 2a
Aug 26 13:23:48.712514: |   00 00 00 1c  00 00 40 05  b0 60 70 5e  0d 33 90 64
Aug 26 13:23:48.712521: |   c1 d9 c4 f4  70 42 d1 e5  1d d8 5d 19
Aug 26 13:23:48.712545: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:23:48.712557: | **parse ISAKMP Message:
Aug 26 13:23:48.712566: |    initiator cookie:
Aug 26 13:23:48.712573: |   70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.712582: |    responder cookie:
Aug 26 13:23:48.712589: |   00 00 00 00  00 00 00 00
Aug 26 13:23:48.712598: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:48.712607: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:48.712615: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 13:23:48.712624: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:23:48.712632: |    Message ID: 0 (0x0)
Aug 26 13:23:48.712641: |    length: 828 (0x33c)
Aug 26 13:23:48.712650: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 13:23:48.712661: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 13:23:48.712671: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 13:23:48.712680: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:23:48.712692: | ***parse IKEv2 Security Association Payload:
Aug 26 13:23:48.712700: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 13:23:48.712708: |    flags: none (0x0)
Aug 26 13:23:48.712716: |    length: 436 (0x1b4)
Aug 26 13:23:48.712725: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 13:23:48.712737: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 13:23:48.712751: | ***parse IKEv2 Key Exchange Payload:
Aug 26 13:23:48.712763: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 13:23:48.712773: |    flags: none (0x0)
Aug 26 13:23:48.712784: |    length: 264 (0x108)
Aug 26 13:23:48.712796: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.712808: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 13:23:48.712819: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 13:23:48.712832: | ***parse IKEv2 Nonce Payload:
Aug 26 13:23:48.712845: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:48.712857: |    flags: none (0x0)
Aug 26 13:23:48.712869: |    length: 36 (0x24)
Aug 26 13:23:48.712881: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 13:23:48.712894: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:48.712908: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:48.712927: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:48.712935: |    flags: none (0x0)
Aug 26 13:23:48.712943: |    length: 8 (0x8)
Aug 26 13:23:48.712952: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.712963: |    SPI size: 0 (0x0)
Aug 26 13:23:48.712978: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 13:23:48.712992: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 13:23:48.713003: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:48.713017: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:48.713030: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:48.713042: |    flags: none (0x0)
Aug 26 13:23:48.713055: |    length: 28 (0x1c)
Aug 26 13:23:48.713067: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.713079: |    SPI size: 0 (0x0)
Aug 26 13:23:48.713091: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 13:23:48.713105: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 13:23:48.713118: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 13:23:48.713132: | ***parse IKEv2 Notify Payload:
Aug 26 13:23:48.713146: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.713160: |    flags: none (0x0)
Aug 26 13:23:48.713173: |    length: 28 (0x1c)
Aug 26 13:23:48.713186: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.713198: |    SPI size: 0 (0x0)
Aug 26 13:23:48.713213: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 13:23:48.713226: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 13:23:48.713241: | DDOS disabled and no cookie sent, continuing
Aug 26 13:23:48.713270: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:48.713327: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:48.713354: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 13:23:48.713372: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 13:23:48.713387: | find_next_host_connection returns empty
Aug 26 13:23:48.713407: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:48.713422: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 13:23:48.713434: | find_next_host_connection returns empty
Aug 26 13:23:48.713454: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 13:23:48.713480: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:48.713503: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:48.713517: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 13:23:48.713532: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 13:23:48.713545: | find_next_host_connection returns empty
Aug 26 13:23:48.713564: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:48.713578: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 13:23:48.713591: | find_next_host_connection returns empty
Aug 26 13:23:48.713610: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Aug 26 13:23:48.713635: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Aug 26 13:23:48.713657: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:48.713672: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:48.713687: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 13:23:48.713701: | find_next_host_connection returns east
Aug 26 13:23:48.713713: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 13:23:48.713736: | find_next_host_connection returns empty
Aug 26 13:23:48.713752: | found connection: east with policy PSK+IKEV2_ALLOW
Aug 26 13:23:48.713836: | creating state object #1 at 0x555f2c97e828
Aug 26 13:23:48.713855: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 13:23:48.713895: | pstats #1 ikev2.ike started
Aug 26 13:23:48.713913: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 13:23:48.713930: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 13:23:48.713957: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:23:48.713994: | #1 spent 1.92 milliseconds
Aug 26 13:23:48.714022: | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:23:48.714040: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:23:48.714066: | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:23:48.714084: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 13:23:48.714104: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 13:23:48.714128: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 13:23:48.714144: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 13:23:48.714158: | selected state microcode Respond to IKE_SA_INIT
Aug 26 13:23:48.714172: | Now let's proceed with state specific processing
Aug 26 13:23:48.714185: | calling processor Respond to IKE_SA_INIT
Aug 26 13:23:48.714206: |   #1 spent 2.14 milliseconds
Aug 26 13:23:48.714250: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:23:48.714268: | constructing local IKE proposals for east (IKE SA responder matching remote proposals)
Aug 26 13:23:48.714319: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:48.714354: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:48.714383: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:48.714413: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:48.714433: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:48.714461: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:48.714481: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 13:23:48.714508: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:48.714561: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:23:48.714594: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 13:23:48.714613: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:23:48.714625: | local proposal 1 type PRF has 2 transforms
Aug 26 13:23:48.714639: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:23:48.714652: | local proposal 1 type DH has 8 transforms
Aug 26 13:23:48.714665: | local proposal 1 type ESN has 0 transforms
Aug 26 13:23:48.714683: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:23:48.714696: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:23:48.714709: | local proposal 2 type PRF has 2 transforms
Aug 26 13:23:48.714722: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:23:48.714734: | local proposal 2 type DH has 8 transforms
Aug 26 13:23:48.714746: | local proposal 2 type ESN has 0 transforms
Aug 26 13:23:48.714761: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:23:48.714773: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:23:48.714785: | local proposal 3 type PRF has 2 transforms
Aug 26 13:23:48.714798: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:23:48.714810: | local proposal 3 type DH has 8 transforms
Aug 26 13:23:48.714824: | local proposal 3 type ESN has 0 transforms
Aug 26 13:23:48.714841: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:23:48.714856: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:23:48.714869: | local proposal 4 type PRF has 2 transforms
Aug 26 13:23:48.714882: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:23:48.714895: | local proposal 4 type DH has 8 transforms
Aug 26 13:23:48.714909: | local proposal 4 type ESN has 0 transforms
Aug 26 13:23:48.714925: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:23:48.714940: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.714955: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.714969: |    length: 100 (0x64)
Aug 26 13:23:48.714983: |    prop #: 1 (0x1)
Aug 26 13:23:48.714996: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:48.715008: |    spi size: 0 (0x0)
Aug 26 13:23:48.715021: |    # transforms: 11 (0xb)
Aug 26 13:23:48.715039: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:23:48.715057: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715073: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715086: |    length: 12 (0xc)
Aug 26 13:23:48.715101: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.715115: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.715130: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.715144: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.715158: |    length/value: 256 (0x100)
Aug 26 13:23:48.715182: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:23:48.715198: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715212: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715226: |    length: 8 (0x8)
Aug 26 13:23:48.715241: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.715255: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:48.715274: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 13:23:48.715307: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 13:23:48.715327: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 13:23:48.715344: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 13:23:48.715372: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715396: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715410: |    length: 8 (0x8)
Aug 26 13:23:48.715423: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.715438: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:48.715455: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715469: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715481: |    length: 8 (0x8)
Aug 26 13:23:48.715495: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715510: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.715530: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 13:23:48.715549: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 13:23:48.715565: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 13:23:48.715584: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 13:23:48.715599: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715613: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715625: |    length: 8 (0x8)
Aug 26 13:23:48.715641: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715655: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:48.715671: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715685: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715698: |    length: 8 (0x8)
Aug 26 13:23:48.715711: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715724: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:48.715741: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715755: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715768: |    length: 8 (0x8)
Aug 26 13:23:48.715780: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715795: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:48.715811: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715825: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715837: |    length: 8 (0x8)
Aug 26 13:23:48.715851: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715866: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:48.715881: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715895: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715906: |    length: 8 (0x8)
Aug 26 13:23:48.715919: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715932: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:48.715946: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715957: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.715965: |    length: 8 (0x8)
Aug 26 13:23:48.715972: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.715980: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:48.715989: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.715997: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.716004: |    length: 8 (0x8)
Aug 26 13:23:48.716012: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716020: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:48.716032: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 13:23:48.716046: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 13:23:48.716055: | remote proposal 1 matches local proposal 1
Aug 26 13:23:48.716065: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.716072: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.716080: |    length: 100 (0x64)
Aug 26 13:23:48.716099: |    prop #: 2 (0x2)
Aug 26 13:23:48.716108: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:48.716116: |    spi size: 0 (0x0)
Aug 26 13:23:48.716123: |    # transforms: 11 (0xb)
Aug 26 13:23:48.716134: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.716143: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716151: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716158: |    length: 12 (0xc)
Aug 26 13:23:48.716166: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.716174: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.716182: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.716190: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.716198: |    length/value: 128 (0x80)
Aug 26 13:23:48.716208: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716215: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716222: |    length: 8 (0x8)
Aug 26 13:23:48.716230: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.716238: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:48.716247: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716254: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716261: |    length: 8 (0x8)
Aug 26 13:23:48.716269: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.716277: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:48.716285: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716316: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716329: |    length: 8 (0x8)
Aug 26 13:23:48.716337: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716345: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.716354: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716368: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716375: |    length: 8 (0x8)
Aug 26 13:23:48.716383: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716391: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:48.716399: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716407: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716414: |    length: 8 (0x8)
Aug 26 13:23:48.716422: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716430: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:48.716438: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716446: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716453: |    length: 8 (0x8)
Aug 26 13:23:48.716460: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716468: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:48.716477: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716484: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716491: |    length: 8 (0x8)
Aug 26 13:23:48.716499: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716507: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:48.716515: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716523: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716530: |    length: 8 (0x8)
Aug 26 13:23:48.716538: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716545: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:48.716554: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716562: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716569: |    length: 8 (0x8)
Aug 26 13:23:48.716576: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716584: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:48.716592: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716600: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.716613: |    length: 8 (0x8)
Aug 26 13:23:48.716621: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716629: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:48.716640: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 13:23:48.716650: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 13:23:48.716659: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.716667: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.716674: |    length: 116 (0x74)
Aug 26 13:23:48.716681: |    prop #: 3 (0x3)
Aug 26 13:23:48.716689: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:48.716696: |    spi size: 0 (0x0)
Aug 26 13:23:48.716704: |    # transforms: 13 (0xd)
Aug 26 13:23:48.716714: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.716722: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716730: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716737: |    length: 12 (0xc)
Aug 26 13:23:48.716745: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.716753: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:48.716761: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.716769: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.716776: |    length/value: 256 (0x100)
Aug 26 13:23:48.716785: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716793: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716800: |    length: 8 (0x8)
Aug 26 13:23:48.716808: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.716816: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:48.716824: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716832: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716839: |    length: 8 (0x8)
Aug 26 13:23:48.716847: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.716854: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:48.716863: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716870: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716878: |    length: 8 (0x8)
Aug 26 13:23:48.716885: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.716893: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:48.716902: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716909: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716916: |    length: 8 (0x8)
Aug 26 13:23:48.716924: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.716932: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:48.716940: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716948: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716955: |    length: 8 (0x8)
Aug 26 13:23:48.716963: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.716971: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.716979: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.716987: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.716994: |    length: 8 (0x8)
Aug 26 13:23:48.717002: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717009: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:48.717018: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717025: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717032: |    length: 8 (0x8)
Aug 26 13:23:48.717040: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717048: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:48.717056: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717064: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717071: |    length: 8 (0x8)
Aug 26 13:23:48.717078: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717090: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:48.717099: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717106: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717114: |    length: 8 (0x8)
Aug 26 13:23:48.717121: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717129: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:48.717137: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717145: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717152: |    length: 8 (0x8)
Aug 26 13:23:48.717160: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717168: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:48.717176: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717184: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717191: |    length: 8 (0x8)
Aug 26 13:23:48.717198: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717206: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:48.717215: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717222: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.717230: |    length: 8 (0x8)
Aug 26 13:23:48.717237: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717245: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:48.717257: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:23:48.717266: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:23:48.717275: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.717283: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:48.717301: |    length: 116 (0x74)
Aug 26 13:23:48.717312: |    prop #: 4 (0x4)
Aug 26 13:23:48.717319: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:48.717327: |    spi size: 0 (0x0)
Aug 26 13:23:48.717334: |    # transforms: 13 (0xd)
Aug 26 13:23:48.717344: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.717353: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717364: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717371: |    length: 12 (0xc)
Aug 26 13:23:48.717379: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.717387: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:48.717395: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.717403: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.717410: |    length/value: 128 (0x80)
Aug 26 13:23:48.717420: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717427: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717434: |    length: 8 (0x8)
Aug 26 13:23:48.717442: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.717450: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:48.717458: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717466: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717473: |    length: 8 (0x8)
Aug 26 13:23:48.717481: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.717489: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:23:48.717497: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717505: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717512: |    length: 8 (0x8)
Aug 26 13:23:48.717519: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.717527: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:48.717536: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717543: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717551: |    length: 8 (0x8)
Aug 26 13:23:48.717558: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.717566: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:48.717579: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717587: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717594: |    length: 8 (0x8)
Aug 26 13:23:48.717602: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717609: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.717618: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717625: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717632: |    length: 8 (0x8)
Aug 26 13:23:48.717640: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717648: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:23:48.717656: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717664: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717671: |    length: 8 (0x8)
Aug 26 13:23:48.717678: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717686: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:23:48.717695: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717702: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717709: |    length: 8 (0x8)
Aug 26 13:23:48.717717: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717725: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:23:48.717733: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717741: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717748: |    length: 8 (0x8)
Aug 26 13:23:48.717755: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717763: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:23:48.717771: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717779: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717786: |    length: 8 (0x8)
Aug 26 13:23:48.717794: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717801: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:23:48.717810: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717817: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.717824: |    length: 8 (0x8)
Aug 26 13:23:48.717832: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717840: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:23:48.717848: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.717856: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.717863: |    length: 8 (0x8)
Aug 26 13:23:48.717871: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.717879: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:23:48.717890: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:23:48.717900: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:23:48.717915: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 13:23:48.717930: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 13:23:48.717938: | converting proposal to internal trans attrs
Aug 26 13:23:48.717950: | natd_hash: rcookie is zero
Aug 26 13:23:48.717989: | natd_hash: hasher=0x555f2bfe9800(20)
Aug 26 13:23:48.717999: | natd_hash: icookie=  70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.718007: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 13:23:48.718014: | natd_hash: ip=  c0 01 02 17
Aug 26 13:23:48.718022: | natd_hash: port=500
Aug 26 13:23:48.718030: | natd_hash: hash=  b0 60 70 5e  0d 33 90 64  c1 d9 c4 f4  70 42 d1 e5
Aug 26 13:23:48.718037: | natd_hash: hash=  1d d8 5d 19
Aug 26 13:23:48.718045: | natd_hash: rcookie is zero
Aug 26 13:23:48.718061: | natd_hash: hasher=0x555f2bfe9800(20)
Aug 26 13:23:48.718069: | natd_hash: icookie=  70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.718077: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 13:23:48.718084: | natd_hash: ip=  c0 01 02 2d
Aug 26 13:23:48.718091: | natd_hash: port=500
Aug 26 13:23:48.718099: | natd_hash: hash=  ac 64 93 33  0b 03 40 d4  a6 c2 7a 69  1e 19 6f 81
Aug 26 13:23:48.718106: | natd_hash: hash=  2d c0 f2 2a
Aug 26 13:23:48.718114: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 13:23:48.718122: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 13:23:48.718129: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 13:23:48.718140: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 13:23:48.718159: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 13:23:48.718169: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f2c97c6a8
Aug 26 13:23:48.718182: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 13:23:48.718192: | libevent_malloc: new ptr-libevent@0x555f2c980928 size 128
Aug 26 13:23:48.718227: |   #1 spent 3.98 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 13:23:48.718252: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:48.718264: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 13:23:48.718272: | suspending state #1 and saving MD
Aug 26 13:23:48.718280: | #1 is busy; has a suspended MD
Aug 26 13:23:48.718311: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:23:48.718321: | crypto helper 1 resuming
Aug 26 13:23:48.718329: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:23:48.718389: | crypto helper 1 starting work-order 1 for state #1
Aug 26 13:23:48.718400: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:23:48.718410: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 13:23:48.718419: | #1 spent 6.29 milliseconds in ikev2_process_packet()
Aug 26 13:23:48.718433: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:23:48.718442: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:23:48.718451: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:23:48.718464: | spent 6.34 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:23:48.721136: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.002726 seconds
Aug 26 13:23:48.721179: | (#1) spent 2.73 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 13:23:48.721191: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
Aug 26 13:23:48.721201: | scheduling resume sending helper answer for #1
Aug 26 13:23:48.721212: | libevent_malloc: new ptr-libevent@0x7f9b98002888 size 128
Aug 26 13:23:48.721236: | crypto helper 1 waiting (nothing to do)
Aug 26 13:23:48.721333: | processing resume sending helper answer for #1
Aug 26 13:23:48.721386: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:23:48.721403: | crypto helper 1 replies to request ID 1
Aug 26 13:23:48.721412: | calling continuation function 0x555f2bf14b50
Aug 26 13:23:48.721431: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 13:23:48.721545: | **emit ISAKMP Message:
Aug 26 13:23:48.721555: |    initiator cookie:
Aug 26 13:23:48.721563: |   70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.721571: |    responder cookie:
Aug 26 13:23:48.721578: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.721588: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:23:48.721597: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:48.721605: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 13:23:48.721614: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:23:48.721622: |    Message ID: 0 (0x0)
Aug 26 13:23:48.721631: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:23:48.721641: | Emitting ikev2_proposal ...
Aug 26 13:23:48.721649: | ***emit IKEv2 Security Association Payload:
Aug 26 13:23:48.721658: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.721666: |    flags: none (0x0)
Aug 26 13:23:48.721676: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:23:48.721685: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.721695: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.721703: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:48.721711: |    prop #: 1 (0x1)
Aug 26 13:23:48.721719: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:23:48.721727: |    spi size: 0 (0x0)
Aug 26 13:23:48.721735: |    # transforms: 3 (0x3)
Aug 26 13:23:48.721744: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:23:48.721754: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.721762: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.721771: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.721779: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.721788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:48.721798: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.721807: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.721815: |    length/value: 256 (0x100)
Aug 26 13:23:48.721824: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:23:48.721832: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.721840: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.721848: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:23:48.721856: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:23:48.721867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.721876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:48.721885: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:48.721893: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.721901: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.721909: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:23:48.721917: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.721926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.721935: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:48.721943: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:48.721952: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 13:23:48.721966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:23:48.721975: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 13:23:48.721984: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:23:48.721994: | ***emit IKEv2 Key Exchange Payload:
Aug 26 13:23:48.722002: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.722010: |    flags: none (0x0)
Aug 26 13:23:48.722018: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:23:48.722028: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 13:23:48.722037: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.722048: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 13:23:48.722057: | ikev2 g^x  05 e8 3d 41  0e d4 6a 29  67 69 4d c0  c3 0f 71 a0
Aug 26 13:23:48.722065: | ikev2 g^x  3f 3e c8 94  bd fc 30 89  26 d2 ae 05  58 4c b3 8b
Aug 26 13:23:48.722072: | ikev2 g^x  5f 6b cf 34  7d 13 f2 a1  2c 50 6e 04  e9 41 f4 ef
Aug 26 13:23:48.722080: | ikev2 g^x  9e 58 4c 7d  c3 cf 7e a3  11 ea ae fa  ac 16 fd fa
Aug 26 13:23:48.722087: | ikev2 g^x  b8 ac fd b0  9e a8 c4 e4  e0 1f b8 74  b5 2b 05 03
Aug 26 13:23:48.722095: | ikev2 g^x  05 34 26 1a  c6 d0 ac 29  ad 3c 8c 39  cc f8 24 78
Aug 26 13:23:48.722102: | ikev2 g^x  a7 c4 8c 9c  02 4c d6 e1  65 28 3d 59  b4 8e f1 b0
Aug 26 13:23:48.722110: | ikev2 g^x  b7 c5 97 b9  21 7a a8 d9  fc 00 eb f6  48 77 15 fc
Aug 26 13:23:48.722117: | ikev2 g^x  d5 4f 7d 7b  dc b0 be ae  85 e9 65 0a  8c c9 6d ed
Aug 26 13:23:48.722125: | ikev2 g^x  be 98 71 a7  44 a4 2d 04  ff 4d c8 f0  c5 76 6b 27
Aug 26 13:23:48.722132: | ikev2 g^x  4c b7 c3 de  35 eb 5d ef  4b e0 1b 75  12 96 4c f3
Aug 26 13:23:48.722140: | ikev2 g^x  93 0a 60 40  a8 d8 c8 9d  2d d6 62 91  fa 1b 33 d1
Aug 26 13:23:48.722147: | ikev2 g^x  53 a2 25 60  f8 80 2b 0c  39 5a 14 4d  91 4e 6f aa
Aug 26 13:23:48.722155: | ikev2 g^x  e0 1b e0 27  86 f6 d9 04  b0 3e ae 35  21 09 9e 7b
Aug 26 13:23:48.722162: | ikev2 g^x  8a 1a 67 06  d6 40 d0 08  9c d6 be 64  18 35 92 e3
Aug 26 13:23:48.722170: | ikev2 g^x  77 16 8c 3f  d9 a2 04 d2  a8 4d d3 f7  56 29 75 2a
Aug 26 13:23:48.722178: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 13:23:48.722186: | ***emit IKEv2 Nonce Payload:
Aug 26 13:23:48.722195: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 13:23:48.722202: |    flags: none (0x0)
Aug 26 13:23:48.722212: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 13:23:48.722222: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 13:23:48.722231: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.722240: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 13:23:48.722248: | IKEv2 nonce  43 05 5e d3  b6 b5 2e c4  a0 ba 50 92  42 c6 e3 fe
Aug 26 13:23:48.722256: | IKEv2 nonce  94 85 ec b1  dc e6 3d df  e8 c7 0b f6  8d e8 01 26
Aug 26 13:23:48.722264: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 13:23:48.722271: | Adding a v2N Payload
Aug 26 13:23:48.722279: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:48.722287: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.722314: |    flags: none (0x0)
Aug 26 13:23:48.722326: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.722336: |    SPI size: 0 (0x0)
Aug 26 13:23:48.722344: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 13:23:48.722355: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:48.722368: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.722384: | emitting length of IKEv2 Notify Payload: 8
Aug 26 13:23:48.722394: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 13:23:48.722430: | natd_hash: hasher=0x555f2bfe9800(20)
Aug 26 13:23:48.722439: | natd_hash: icookie=  70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.722447: | natd_hash: rcookie=  21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.722455: | natd_hash: ip=  c0 01 02 17
Aug 26 13:23:48.722462: | natd_hash: port=500
Aug 26 13:23:48.722470: | natd_hash: hash=  41 f2 45 55  c3 af 3c 69  37 1c ed 83  58 31 7d 82
Aug 26 13:23:48.722478: | natd_hash: hash=  02 b2 fe 15
Aug 26 13:23:48.722485: | Adding a v2N Payload
Aug 26 13:23:48.722493: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:48.722501: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.722509: |    flags: none (0x0)
Aug 26 13:23:48.722516: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.722524: |    SPI size: 0 (0x0)
Aug 26 13:23:48.722532: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 13:23:48.722542: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:48.722550: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.722560: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 13:23:48.722568: | Notify data  41 f2 45 55  c3 af 3c 69  37 1c ed 83  58 31 7d 82
Aug 26 13:23:48.722575: | Notify data  02 b2 fe 15
Aug 26 13:23:48.722583: | emitting length of IKEv2 Notify Payload: 28
Aug 26 13:23:48.722601: | natd_hash: hasher=0x555f2bfe9800(20)
Aug 26 13:23:48.722609: | natd_hash: icookie=  70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.722617: | natd_hash: rcookie=  21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.722624: | natd_hash: ip=  c0 01 02 2d
Aug 26 13:23:48.722631: | natd_hash: port=500
Aug 26 13:23:48.722639: | natd_hash: hash=  62 2a e0 b3  e8 91 7f dc  21 b8 88 b2  4f 86 ed b5
Aug 26 13:23:48.722646: | natd_hash: hash=  cd 1a f8 03
Aug 26 13:23:48.722653: | Adding a v2N Payload
Aug 26 13:23:48.722660: | ***emit IKEv2 Notify Payload:
Aug 26 13:23:48.722668: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.722675: |    flags: none (0x0)
Aug 26 13:23:48.722683: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 13:23:48.722690: |    SPI size: 0 (0x0)
Aug 26 13:23:48.722699: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 13:23:48.722708: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 13:23:48.722717: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.722725: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 13:23:48.722733: | Notify data  62 2a e0 b3  e8 91 7f dc  21 b8 88 b2  4f 86 ed b5
Aug 26 13:23:48.722740: | Notify data  cd 1a f8 03
Aug 26 13:23:48.722748: | emitting length of IKEv2 Notify Payload: 28
Aug 26 13:23:48.722756: | emitting length of ISAKMP Message: 432
Aug 26 13:23:48.722778: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:48.722789: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 13:23:48.722798: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 13:23:48.722808: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 13:23:48.722817: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 13:23:48.722833: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 13:23:48.722847: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 13:23:48.722866: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 13:23:48.722882: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:23:48.722909: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:23:48.722918: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.722925: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 13:23:48.722933: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 13:23:48.722940: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 13:23:48.722948: |   04 00 00 0e  28 00 01 08  00 0e 00 00  05 e8 3d 41
Aug 26 13:23:48.722955: |   0e d4 6a 29  67 69 4d c0  c3 0f 71 a0  3f 3e c8 94
Aug 26 13:23:48.722962: |   bd fc 30 89  26 d2 ae 05  58 4c b3 8b  5f 6b cf 34
Aug 26 13:23:48.722969: |   7d 13 f2 a1  2c 50 6e 04  e9 41 f4 ef  9e 58 4c 7d
Aug 26 13:23:48.722977: |   c3 cf 7e a3  11 ea ae fa  ac 16 fd fa  b8 ac fd b0
Aug 26 13:23:48.722984: |   9e a8 c4 e4  e0 1f b8 74  b5 2b 05 03  05 34 26 1a
Aug 26 13:23:48.722991: |   c6 d0 ac 29  ad 3c 8c 39  cc f8 24 78  a7 c4 8c 9c
Aug 26 13:23:48.722998: |   02 4c d6 e1  65 28 3d 59  b4 8e f1 b0  b7 c5 97 b9
Aug 26 13:23:48.723006: |   21 7a a8 d9  fc 00 eb f6  48 77 15 fc  d5 4f 7d 7b
Aug 26 13:23:48.723013: |   dc b0 be ae  85 e9 65 0a  8c c9 6d ed  be 98 71 a7
Aug 26 13:23:48.723020: |   44 a4 2d 04  ff 4d c8 f0  c5 76 6b 27  4c b7 c3 de
Aug 26 13:23:48.723027: |   35 eb 5d ef  4b e0 1b 75  12 96 4c f3  93 0a 60 40
Aug 26 13:23:48.723035: |   a8 d8 c8 9d  2d d6 62 91  fa 1b 33 d1  53 a2 25 60
Aug 26 13:23:48.723042: |   f8 80 2b 0c  39 5a 14 4d  91 4e 6f aa  e0 1b e0 27
Aug 26 13:23:48.723049: |   86 f6 d9 04  b0 3e ae 35  21 09 9e 7b  8a 1a 67 06
Aug 26 13:23:48.723056: |   d6 40 d0 08  9c d6 be 64  18 35 92 e3  77 16 8c 3f
Aug 26 13:23:48.723064: |   d9 a2 04 d2  a8 4d d3 f7  56 29 75 2a  29 00 00 24
Aug 26 13:23:48.723071: |   43 05 5e d3  b6 b5 2e c4  a0 ba 50 92  42 c6 e3 fe
Aug 26 13:23:48.723078: |   94 85 ec b1  dc e6 3d df  e8 c7 0b f6  8d e8 01 26
Aug 26 13:23:48.723085: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 13:23:48.723093: |   41 f2 45 55  c3 af 3c 69  37 1c ed 83  58 31 7d 82
Aug 26 13:23:48.723100: |   02 b2 fe 15  00 00 00 1c  00 00 40 05  62 2a e0 b3
Aug 26 13:23:48.723107: |   e8 91 7f dc  21 b8 88 b2  4f 86 ed b5  cd 1a f8 03
Aug 26 13:23:48.723192: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:23:48.723208: | libevent_free: release ptr-libevent@0x555f2c980928
Aug 26 13:23:48.723218: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f2c97c6a8
Aug 26 13:23:48.723228: | event_schedule: new EVENT_SO_DISCARD-pe@0x555f2c97c6a8
Aug 26 13:23:48.723241: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 13:23:48.723250: | libevent_malloc: new ptr-libevent@0x555f2c981a18 size 128
Aug 26 13:23:48.723263: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 13:23:48.723283: | #1 spent 1.83 milliseconds in resume sending helper answer
Aug 26 13:23:48.723329: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:23:48.723348: | libevent_free: release ptr-libevent@0x7f9b98002888
Aug 26 13:23:48.733739: | spent 0.0104 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:23:48.733814: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:23:48.733827: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.733835: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Aug 26 13:23:48.733843: |   45 fc c6 3a  d3 a5 63 62  7a 82 d8 af  cd 45 f6 00
Aug 26 13:23:48.733850: |   62 63 c2 29  f2 a4 5f 78  dd cb 5b 20  fd 71 0e 13
Aug 26 13:23:48.733858: |   ce c4 5e 1b  b1 25 a3 a0  fa c2 a5 c3  06 5a f3 bb
Aug 26 13:23:48.733865: |   e8 0e 36 f0  8a a8 66 9f  27 09 dc 5b  4b 6d d0 c5
Aug 26 13:23:48.733872: |   c6 b9 27 4f  da c1 26 f5  3e 06 97 30  8c eb 40 e3
Aug 26 13:23:48.733890: |   3b d7 13 a2  a5 bb 05 f0  af 47 e9 e8  06 78 27 03
Aug 26 13:23:48.733897: |   87 8c 2b ac  5e a4 2e 5d  a4 5c 8d f9  03 2c 27 f2
Aug 26 13:23:48.733905: |   05 b0 66 3b  c0 85 04 c4  c1 5e 87 be  5b 32 81 a8
Aug 26 13:23:48.733912: |   cc 19 e3 9f  d8 67 28 0f  bb 23 84 f7  bd 6e 0e bf
Aug 26 13:23:48.733919: |   89 d6 1b 6c  fc ba 03 12  b2 9c 13 9b  24 14 f4 a4
Aug 26 13:23:48.733927: |   65 c7 26 91  64 2a f7 25  e9 e0 8b e1  08 16 22 91
Aug 26 13:23:48.733934: |   74 03 df 82  a8 22 e8 9c  ae 2d 1b 49  ad 05 2a 19
Aug 26 13:23:48.733941: |   c2 7a d2 51  6b 3e ac c2  cf 5e ac d6  72 64 9c 72
Aug 26 13:23:48.733948: |   7d 31 e6 1e  ae cb 42 d3  22 1a a0 dd  e1 c9 c5 7d
Aug 26 13:23:48.733956: |   bf 8e 58 55  1c 15 e3 99  b6 b5 1a c2  3e fe bf 84
Aug 26 13:23:48.733963: |   f5 78 c1 6f  0a b6 85 7c  61 20 bf 20  87 f8 37 01
Aug 26 13:23:48.733970: |   c2 d2 52 fa  bf 3c d2 34  9e f7 bb c4  26 c8 73 32
Aug 26 13:23:48.733977: |   33 d7 b2 ab  12 37 63 54  6a 29 de 09  e4 23 0d eb
Aug 26 13:23:48.733985: |   25 90 d1 26  f5 3c 21 b4  c3 c3 bb e5  ad 94 f6 c4
Aug 26 13:23:48.733992: |   49 c4 67 10  03 41 41 9e  29 85 f2 47  a5 88 c5 77
Aug 26 13:23:48.733999: |   e5 b3 38 d9  44 c5 49 75  ef ed 27 cc  2b
Aug 26 13:23:48.734014: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:23:48.734025: | **parse ISAKMP Message:
Aug 26 13:23:48.734034: |    initiator cookie:
Aug 26 13:23:48.734041: |   70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.734049: |    responder cookie:
Aug 26 13:23:48.734056: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.734065: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:23:48.734074: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:48.734082: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 13:23:48.734091: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:23:48.734099: |    Message ID: 1 (0x1)
Aug 26 13:23:48.734107: |    length: 365 (0x16d)
Aug 26 13:23:48.734117: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 13:23:48.734127: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 13:23:48.734138: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 13:23:48.734157: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:23:48.734167: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:23:48.734180: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:23:48.734190: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 13:23:48.734203: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 13:23:48.734211: | unpacking clear payload
Aug 26 13:23:48.734219: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:23:48.734228: | ***parse IKEv2 Encryption Payload:
Aug 26 13:23:48.734237: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 13:23:48.734245: |    flags: none (0x0)
Aug 26 13:23:48.734253: |    length: 337 (0x151)
Aug 26 13:23:48.734261: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Aug 26 13:23:48.734276: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 13:23:48.734285: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 13:23:48.734307: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 13:23:48.734315: | Now let's proceed with state specific processing
Aug 26 13:23:48.734323: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 13:23:48.734334: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 13:23:48.734346: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 13:23:48.734362: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 13:23:48.734383: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 13:23:48.734394: | libevent_free: release ptr-libevent@0x555f2c981a18
Aug 26 13:23:48.734405: | free_event_entry: release EVENT_SO_DISCARD-pe@0x555f2c97c6a8
Aug 26 13:23:48.734414: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f2c97c6a8
Aug 26 13:23:48.734426: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 13:23:48.734436: | libevent_malloc: new ptr-libevent@0x7f9b98002888 size 128
Aug 26 13:23:48.734474: |   #1 spent 0.132 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 13:23:48.734497: | crypto helper 2 resuming
Aug 26 13:23:48.734504: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:48.734549: | crypto helper 2 starting work-order 2 for state #1
Aug 26 13:23:48.734564: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 13:23:48.734576: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 13:23:48.734579: | suspending state #1 and saving MD
Aug 26 13:23:48.734615: | #1 is busy; has a suspended MD
Aug 26 13:23:48.734638: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:23:48.734658: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:23:48.734682: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:23:48.734706: | #1 spent 0.872 milliseconds in ikev2_process_packet()
Aug 26 13:23:48.734728: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:23:48.734743: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:23:48.734757: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:23:48.734777: | spent 0.945 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:23:48.737203: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 13:23:48.738484: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.003908 seconds
Aug 26 13:23:48.738517: | (#1) spent 3.89 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 13:23:48.738528: | crypto helper 2 sending results from work-order 2 for state #1 to event queue
Aug 26 13:23:48.738537: | scheduling resume sending helper answer for #1
Aug 26 13:23:48.738548: | libevent_malloc: new ptr-libevent@0x7f9b90000f48 size 128
Aug 26 13:23:48.738574: | crypto helper 2 waiting (nothing to do)
Aug 26 13:23:48.738605: | processing resume sending helper answer for #1
Aug 26 13:23:48.738636: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:23:48.738649: | crypto helper 2 replies to request ID 2
Aug 26 13:23:48.738657: | calling continuation function 0x555f2bf14b50
Aug 26 13:23:48.738666: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 13:23:48.738676: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 13:23:48.738725: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 13:23:48.738736: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 13:23:48.738746: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 13:23:48.738754: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 13:23:48.738763: |    flags: none (0x0)
Aug 26 13:23:48.738771: |    length: 12 (0xc)
Aug 26 13:23:48.738779: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:48.738788: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 13:23:48.738796: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 13:23:48.738804: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 13:23:48.738812: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 13:23:48.738827: |    flags: none (0x0)
Aug 26 13:23:48.738835: |    length: 12 (0xc)
Aug 26 13:23:48.738842: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:48.738850: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 13:23:48.738858: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 13:23:48.738866: | **parse IKEv2 Authentication Payload:
Aug 26 13:23:48.738874: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:48.738881: |    flags: none (0x0)
Aug 26 13:23:48.738889: |    length: 72 (0x48)
Aug 26 13:23:48.738896: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 13:23:48.738904: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Aug 26 13:23:48.738912: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:23:48.738920: | **parse IKEv2 Security Association Payload:
Aug 26 13:23:48.738928: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 13:23:48.738935: |    flags: none (0x0)
Aug 26 13:23:48.738942: |    length: 164 (0xa4)
Aug 26 13:23:48.738950: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 13:23:48.738958: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 13:23:48.738966: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 13:23:48.738974: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 13:23:48.738981: |    flags: none (0x0)
Aug 26 13:23:48.738988: |    length: 24 (0x18)
Aug 26 13:23:48.738996: |    number of TS: 1 (0x1)
Aug 26 13:23:48.739004: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 13:23:48.739012: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 13:23:48.739020: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 13:23:48.739028: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.739035: |    flags: none (0x0)
Aug 26 13:23:48.739042: |    length: 24 (0x18)
Aug 26 13:23:48.739049: |    number of TS: 1 (0x1)
Aug 26 13:23:48.739057: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 13:23:48.739065: | selected state microcode Responder: process IKE_AUTH request
Aug 26 13:23:48.739073: | Now let's proceed with state specific processing
Aug 26 13:23:48.739081: | calling processor Responder: process IKE_AUTH request
Aug 26 13:23:48.739098: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 13:23:48.739116: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:23:48.739126: | received IDr payload - extracting our alleged ID
Aug 26 13:23:48.739136: | refine_host_connection for IKEv2: starting with "east"
Aug 26 13:23:48.739149: |    match_id a=@west
Aug 26 13:23:48.739156: |             b=@west
Aug 26 13:23:48.739164: |    results  matched
Aug 26 13:23:48.739176: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 13:23:48.739184: | Warning: not switching back to template of current instance
Aug 26 13:23:48.739193: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 13:23:48.739201: | This connection's local id is @east (ID_FQDN)
Aug 26 13:23:48.739211: | refine_host_connection: checked east against east, now for see if best
Aug 26 13:23:48.739221: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.739230: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.739240: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:48.739250: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:48.739260: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:48.739268: | line 1: match=014
Aug 26 13:23:48.739278: | match 014 beats previous best_match 000 match=0x555f2c8d3b58 (line=1)
Aug 26 13:23:48.739286: | concluding with best_match=014 best=0x555f2c8d3b58 (lineno=1)
Aug 26 13:23:48.739319: | returning because exact peer id match
Aug 26 13:23:48.739329: | offered CA: '%none'
Aug 26 13:23:48.739339: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 13:23:48.739399: | verifying AUTH payload
Aug 26 13:23:48.739419: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Aug 26 13:23:48.739429: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.739438: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.739448: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:48.739457: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:48.739465: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:48.739472: | line 1: match=014
Aug 26 13:23:48.739481: | match 014 beats previous best_match 000 match=0x555f2c8d3b58 (line=1)
Aug 26 13:23:48.739489: | concluding with best_match=014 best=0x555f2c8d3b58 (lineno=1)
Aug 26 13:23:48.739658: "east" #1: Authenticated using authby=secret
Aug 26 13:23:48.739675: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 13:23:48.739689: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:23:48.739698: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:23:48.739708: | libevent_free: release ptr-libevent@0x7f9b98002888
Aug 26 13:23:48.739718: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f2c97c6a8
Aug 26 13:23:48.739727: | event_schedule: new EVENT_SA_REKEY-pe@0x555f2c97c6a8
Aug 26 13:23:48.739739: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1
Aug 26 13:23:48.739748: | libevent_malloc: new ptr-libevent@0x555f2c981a18 size 128
Aug 26 13:23:48.739984: | pstats #1 ikev2.ike established
Aug 26 13:23:48.740008: | **emit ISAKMP Message:
Aug 26 13:23:48.740018: |    initiator cookie:
Aug 26 13:23:48.740026: |   70 79 23 d6  e9 10 04 82
Aug 26 13:23:48.740034: |    responder cookie:
Aug 26 13:23:48.740041: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.740049: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:23:48.740058: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:23:48.740066: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 13:23:48.740075: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:23:48.740083: |    Message ID: 1 (0x1)
Aug 26 13:23:48.740092: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:23:48.740102: | IKEv2 CERT: send a certificate?
Aug 26 13:23:48.740112: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Aug 26 13:23:48.740120: | ***emit IKEv2 Encryption Payload:
Aug 26 13:23:48.740129: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.740136: |    flags: none (0x0)
Aug 26 13:23:48.740146: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:23:48.740156: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.740166: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:23:48.740187: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 13:23:48.740227: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 13:23:48.740237: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.740245: |    flags: none (0x0)
Aug 26 13:23:48.740253: |    ID type: ID_FQDN (0x2)
Aug 26 13:23:48.740264: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 13:23:48.740274: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.740284: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 13:23:48.740318: | my identity  65 61 73 74
Aug 26 13:23:48.740333: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 13:23:48.740371: | assembled IDr payload
Aug 26 13:23:48.740385: | CHILD SA proposals received
Aug 26 13:23:48.740396: | going to assemble AUTH payload
Aug 26 13:23:48.740408: | ****emit IKEv2 Authentication Payload:
Aug 26 13:23:48.740424: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:23:48.740433: |    flags: none (0x0)
Aug 26 13:23:48.740441: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 13:23:48.740451: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 13:23:48.740461: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 13:23:48.740470: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.740480: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Aug 26 13:23:48.740491: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.740500: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 13:23:48.740509: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 13:23:48.740519: | 1: compared key @east to @east / @west -> 010
Aug 26 13:23:48.740528: | 2: compared key @west to @east / @west -> 014
Aug 26 13:23:48.740535: | line 1: match=014
Aug 26 13:23:48.740544: | match 014 beats previous best_match 000 match=0x555f2c8d3b58 (line=1)
Aug 26 13:23:48.740553: | concluding with best_match=014 best=0x555f2c8d3b58 (lineno=1)
Aug 26 13:23:48.740714: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Aug 26 13:23:48.740726: | PSK auth  54 a5 34 ac  a3 08 2b b8  0f c3 5b 49  cf 0b 33 e4
Aug 26 13:23:48.740734: | PSK auth  09 ce 3d 56  be f5 36 6b  54 ec db e2  72 d3 1b 85
Aug 26 13:23:48.740742: | PSK auth  2c d2 c3 e1  47 d0 c4 53  45 c8 1d 17  dc 52 b2 e7
Aug 26 13:23:48.740749: | PSK auth  49 f8 63 c7  8d 5b 91 c9  eb db 8d 45  06 5e d5 e1
Aug 26 13:23:48.740758: | emitting length of IKEv2 Authentication Payload: 72
Aug 26 13:23:48.740781: | creating state object #2 at 0x555f2c982738
Aug 26 13:23:48.740790: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 13:23:48.740801: | pstats #2 ikev2.child started
Aug 26 13:23:48.740811: | duplicating state object #1 "east" as #2 for IPSEC SA
Aug 26 13:23:48.740826: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 13:23:48.740845: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:23:48.740860: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 13:23:48.740874: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 13:23:48.740883: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 13:23:48.740892: | TSi: parsing 1 traffic selectors
Aug 26 13:23:48.740901: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:48.740909: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:48.740917: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:48.740926: |    length: 16 (0x10)
Aug 26 13:23:48.740933: |    start port: 0 (0x0)
Aug 26 13:23:48.740941: |    end port: 65535 (0xffff)
Aug 26 13:23:48.740950: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:48.740958: | TS low  c0 00 01 00
Aug 26 13:23:48.740966: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:48.740974: | TS high  c0 00 01 ff
Aug 26 13:23:48.740982: | TSi: parsed 1 traffic selectors
Aug 26 13:23:48.740989: | TSr: parsing 1 traffic selectors
Aug 26 13:23:48.740997: | ***parse IKEv2 Traffic Selector:
Aug 26 13:23:48.741005: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:48.741012: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:48.741020: |    length: 16 (0x10)
Aug 26 13:23:48.741027: |    start port: 0 (0x0)
Aug 26 13:23:48.741035: |    end port: 65535 (0xffff)
Aug 26 13:23:48.741042: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 13:23:48.741055: | TS low  c0 00 02 00
Aug 26 13:23:48.741064: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 13:23:48.741071: | TS high  c0 00 02 ff
Aug 26 13:23:48.741078: | TSr: parsed 1 traffic selectors
Aug 26 13:23:48.741085: | looking for best SPD in current connection
Aug 26 13:23:48.741102: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 13:23:48.741118: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:48.741137: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:48.741147: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:48.741156: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:48.741165: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:48.741175: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:48.741188: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:48.741204: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 13:23:48.741213: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 13:23:48.741221: |           TSr[0] port match: YES fitness 65536
Aug 26 13:23:48.741229: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 13:23:48.741238: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:48.741246: | best fit so far: TSi[0] TSr[0]
Aug 26 13:23:48.741254: |     found better spd route for TSi[0],TSr[0]
Aug 26 13:23:48.741262: | looking for better host pair
Aug 26 13:23:48.741276: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 13:23:48.741324: |   checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found
Aug 26 13:23:48.741347: |   investigating connection "east" as a better match
Aug 26 13:23:48.741363: |    match_id a=@west
Aug 26 13:23:48.741375: |             b=@west
Aug 26 13:23:48.741385: |    results  matched
Aug 26 13:23:48.741400: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 13:23:48.741414: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:48.741430: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 13:23:48.741439: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 13:23:48.741447: |           TSi[0] port match: YES fitness 65536
Aug 26 13:23:48.741455: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 13:23:48.741464: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:48.741477: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 13:23:48.741493: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 13:23:48.741502: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 13:23:48.741509: |           TSr[0] port match: YES fitness 65536
Aug 26 13:23:48.741517: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 13:23:48.741526: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 13:23:48.741534: | best fit so far: TSi[0] TSr[0]
Aug 26 13:23:48.741541: |   did not find a better connection using host pair
Aug 26 13:23:48.741549: | printing contents struct traffic_selector
Aug 26 13:23:48.741557: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 13:23:48.741565: |   ipprotoid: 0
Aug 26 13:23:48.741572: |   port range: 0-65535
Aug 26 13:23:48.741584: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 13:23:48.741591: | printing contents struct traffic_selector
Aug 26 13:23:48.741598: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 13:23:48.741605: |   ipprotoid: 0
Aug 26 13:23:48.741612: |   port range: 0-65535
Aug 26 13:23:48.741623: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 13:23:48.741635: | constructing ESP/AH proposals with all DH removed  for east (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 13:23:48.741661: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 13:23:48.741678: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:48.741687: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 13:23:48.741699: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 13:23:48.741709: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:48.741722: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:48.741731: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 13:23:48.741744: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:48.741766: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 13:23:48.741777: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 13:23:48.741788: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:23:48.741796: | local proposal 1 type PRF has 0 transforms
Aug 26 13:23:48.741804: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:23:48.741812: | local proposal 1 type DH has 1 transforms
Aug 26 13:23:48.741820: | local proposal 1 type ESN has 1 transforms
Aug 26 13:23:48.741831: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:48.741839: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:23:48.741847: | local proposal 2 type PRF has 0 transforms
Aug 26 13:23:48.741854: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:23:48.741862: | local proposal 2 type DH has 1 transforms
Aug 26 13:23:48.741870: | local proposal 2 type ESN has 1 transforms
Aug 26 13:23:48.741879: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 13:23:48.741887: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:23:48.741895: | local proposal 3 type PRF has 0 transforms
Aug 26 13:23:48.741903: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:23:48.741911: | local proposal 3 type DH has 1 transforms
Aug 26 13:23:48.741919: | local proposal 3 type ESN has 1 transforms
Aug 26 13:23:48.741928: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:48.741936: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:23:48.741943: | local proposal 4 type PRF has 0 transforms
Aug 26 13:23:48.741951: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:23:48.741959: | local proposal 4 type DH has 1 transforms
Aug 26 13:23:48.741967: | local proposal 4 type ESN has 1 transforms
Aug 26 13:23:48.741975: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 13:23:48.741985: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.741993: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.742001: |    length: 32 (0x20)
Aug 26 13:23:48.742009: |    prop #: 1 (0x1)
Aug 26 13:23:48.742017: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:48.742025: |    spi size: 4 (0x4)
Aug 26 13:23:48.742033: |    # transforms: 2 (0x2)
Aug 26 13:23:48.742043: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:48.742051: | remote SPI  ca 31 3c b5
Aug 26 13:23:48.742060: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:23:48.742069: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742078: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742085: |    length: 12 (0xc)
Aug 26 13:23:48.742098: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.742107: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.742115: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.742124: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.742132: |    length/value: 256 (0x100)
Aug 26 13:23:48.742145: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:23:48.742154: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742162: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.742170: |    length: 8 (0x8)
Aug 26 13:23:48.742178: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:48.742186: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:48.742196: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 13:23:48.742206: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 13:23:48.742216: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 13:23:48.742225: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 13:23:48.742236: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 13:23:48.742249: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 13:23:48.742258: | remote proposal 1 matches local proposal 1
Aug 26 13:23:48.742267: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.742275: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.742282: |    length: 32 (0x20)
Aug 26 13:23:48.742303: |    prop #: 2 (0x2)
Aug 26 13:23:48.742317: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:48.742324: |    spi size: 4 (0x4)
Aug 26 13:23:48.742332: |    # transforms: 2 (0x2)
Aug 26 13:23:48.742341: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:48.742349: | remote SPI  ca 31 3c b5
Aug 26 13:23:48.742358: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.742367: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742374: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742382: |    length: 12 (0xc)
Aug 26 13:23:48.742390: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.742397: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.742406: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.742414: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.742421: |    length/value: 128 (0x80)
Aug 26 13:23:48.742430: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742438: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.742446: |    length: 8 (0x8)
Aug 26 13:23:48.742453: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:48.742461: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:48.742472: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 13:23:48.742481: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 13:23:48.742489: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.742497: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:23:48.742504: |    length: 48 (0x30)
Aug 26 13:23:48.742511: |    prop #: 3 (0x3)
Aug 26 13:23:48.742519: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:48.742526: |    spi size: 4 (0x4)
Aug 26 13:23:48.742533: |    # transforms: 4 (0x4)
Aug 26 13:23:48.742542: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:48.742549: | remote SPI  ca 31 3c b5
Aug 26 13:23:48.742558: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.742566: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742579: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742586: |    length: 12 (0xc)
Aug 26 13:23:48.742594: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.742602: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:48.742610: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.742618: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.742625: |    length/value: 256 (0x100)
Aug 26 13:23:48.742635: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742649: |    length: 8 (0x8)
Aug 26 13:23:48.742657: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.742665: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:48.742674: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742681: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742689: |    length: 8 (0x8)
Aug 26 13:23:48.742696: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.742704: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:48.742713: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742720: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.742728: |    length: 8 (0x8)
Aug 26 13:23:48.742735: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:48.742743: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:48.742754: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:48.742763: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:48.742771: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.742779: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:48.742786: |    length: 48 (0x30)
Aug 26 13:23:48.742794: |    prop #: 4 (0x4)
Aug 26 13:23:48.742801: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:48.742808: |    spi size: 4 (0x4)
Aug 26 13:23:48.742816: |    # transforms: 4 (0x4)
Aug 26 13:23:48.742825: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:23:48.742832: | remote SPI  ca 31 3c b5
Aug 26 13:23:48.742841: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:23:48.742849: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742857: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742864: |    length: 12 (0xc)
Aug 26 13:23:48.742872: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.742879: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:23:48.742887: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.742895: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.742903: |    length/value: 128 (0x80)
Aug 26 13:23:48.742912: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742919: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742926: |    length: 8 (0x8)
Aug 26 13:23:48.742934: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.742942: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:23:48.742950: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742958: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.742965: |    length: 8 (0x8)
Aug 26 13:23:48.742973: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:23:48.742981: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:23:48.742989: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.742996: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.743004: |    length: 8 (0x8)
Aug 26 13:23:48.743011: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:48.743019: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:48.743030: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 13:23:48.743039: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 13:23:48.743063: "east" #1: proposal 1:ESP:SPI=ca313cb5;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 13:23:48.743078: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=ca313cb5;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 13:23:48.743087: | converting proposal to internal trans attrs
Aug 26 13:23:48.743140: | netlink_get_spi: allocated 0x15358dd3 for esp.0@192.1.2.23
Aug 26 13:23:48.743150: | Emitting ikev2_proposal ...
Aug 26 13:23:48.743159: | ****emit IKEv2 Security Association Payload:
Aug 26 13:23:48.743167: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.743175: |    flags: none (0x0)
Aug 26 13:23:48.743185: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:23:48.743195: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.743204: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:23:48.743212: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:23:48.743220: |    prop #: 1 (0x1)
Aug 26 13:23:48.743227: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 13:23:48.743235: |    spi size: 4 (0x4)
Aug 26 13:23:48.743242: |    # transforms: 2 (0x2)
Aug 26 13:23:48.743251: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:23:48.743262: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 13:23:48.743270: | our spi  15 35 8d d3
Aug 26 13:23:48.743278: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.743286: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.743317: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:23:48.743331: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:23:48.743346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:48.743361: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:23:48.743376: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:23:48.743384: |    length/value: 256 (0x100)
Aug 26 13:23:48.743394: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:23:48.743402: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:23:48.743410: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:23:48.743418: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 13:23:48.743425: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 13:23:48.743436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:23:48.743445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:23:48.743454: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:23:48.743462: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 13:23:48.743471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:23:48.743480: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 13:23:48.743489: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:23:48.743498: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 13:23:48.743506: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.743514: |    flags: none (0x0)
Aug 26 13:23:48.743521: |    number of TS: 1 (0x1)
Aug 26 13:23:48.743538: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 13:23:48.743547: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.743556: | *****emit IKEv2 Traffic Selector:
Aug 26 13:23:48.743564: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:48.743572: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:48.743580: |    start port: 0 (0x0)
Aug 26 13:23:48.743587: |    end port: 65535 (0xffff)
Aug 26 13:23:48.743597: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 13:23:48.743605: | ipv4 start  c0 00 01 00
Aug 26 13:23:48.743613: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 13:23:48.743621: | ipv4 end  c0 00 01 ff
Aug 26 13:23:48.743629: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 13:23:48.743637: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 13:23:48.743644: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 13:23:48.743652: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:23:48.743660: |    flags: none (0x0)
Aug 26 13:23:48.743667: |    number of TS: 1 (0x1)
Aug 26 13:23:48.743677: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 13:23:48.743686: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 13:23:48.743694: | *****emit IKEv2 Traffic Selector:
Aug 26 13:23:48.743702: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 13:23:48.743710: |    IP Protocol ID: 0 (0x0)
Aug 26 13:23:48.743717: |    start port: 0 (0x0)
Aug 26 13:23:48.743725: |    end port: 65535 (0xffff)
Aug 26 13:23:48.743733: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 13:23:48.743740: | ipv4 start  c0 00 02 00
Aug 26 13:23:48.743748: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 13:23:48.743756: | ipv4 end  c0 00 02 ff
Aug 26 13:23:48.743763: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 13:23:48.743771: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 13:23:48.743780: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 13:23:48.743791: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 13:23:48.744245: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 13:23:48.744270: |     #1 spent 5.1 milliseconds
Aug 26 13:23:48.744280: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 13:23:48.744304: | could_route called for east (kind=CK_PERMANENT)
Aug 26 13:23:48.744324: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 13:23:48.744340: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 13:23:48.744354: |  conn east mark 0/00000000, 0/00000000
Aug 26 13:23:48.744372: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 13:23:48.744388: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 13:23:48.744399: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 13:23:48.744408: | AES_GCM_16 requires 4 salt bytes
Aug 26 13:23:48.744417: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 13:23:48.744430: | setting IPsec SA replay-window to 32
Aug 26 13:23:48.744439: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 13:23:48.744448: | netlink: enabling tunnel mode
Aug 26 13:23:48.744457: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 13:23:48.744465: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 13:23:48.744630: | netlink response for Add SA esp.ca313cb5@192.1.2.45 included non-error error
Aug 26 13:23:48.744644: | set up outgoing SA, ref=0/0
Aug 26 13:23:48.744661: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 13:23:48.744671: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 13:23:48.744679: | AES_GCM_16 requires 4 salt bytes
Aug 26 13:23:48.744687: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 13:23:48.744698: | setting IPsec SA replay-window to 32
Aug 26 13:23:48.744707: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 13:23:48.744715: | netlink: enabling tunnel mode
Aug 26 13:23:48.744723: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 13:23:48.744731: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 13:23:48.744851: | netlink response for Add SA esp.15358dd3@192.1.2.23 included non-error error
Aug 26 13:23:48.744867: | priority calculation of connection "east" is 0xfe7e7
Aug 26 13:23:48.744887: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 13:23:48.744897: | IPsec Sa SPD priority set to 1042407
Aug 26 13:23:48.744965: | raw_eroute result=success
Aug 26 13:23:48.744976: | set up incoming SA, ref=0/0
Aug 26 13:23:48.744985: | sr for #2: unrouted
Aug 26 13:23:48.744994: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 13:23:48.745002: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 13:23:48.745011: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 13:23:48.745020: |  conn east mark 0/00000000, 0/00000000
Aug 26 13:23:48.745030: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 13:23:48.745041: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 13:23:48.745051: | priority calculation of connection "east" is 0xfe7e7
Aug 26 13:23:48.745071: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 13:23:48.745080: | IPsec Sa SPD priority set to 1042407
Aug 26 13:23:48.745118: | raw_eroute result=success
Aug 26 13:23:48.745130: | running updown command "ipsec _updown" for verb up 
Aug 26 13:23:48.745138: | command executing up-client
Aug 26 13:23:48.745214: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca313cb5 SPI_OUT=0x153
Aug 26 13:23:48.745226: | popen cmd is 1020 chars long
Aug 26 13:23:48.745235: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA:
Aug 26 13:23:48.745244: | cmd(  80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Aug 26 13:23:48.745252: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Aug 26 13:23:48.745260: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Aug 26 13:23:48.745269: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Aug 26 13:23:48.745277: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Aug 26 13:23:48.745285: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Aug 26 13:23:48.745326: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE:
Aug 26 13:23:48.745342: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Aug 26 13:23:48.745355: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Aug 26 13:23:48.745366: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Aug 26 13:23:48.745375: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=:
Aug 26 13:23:48.745383: | cmd( 960):'no' SPI_IN=0xca313cb5 SPI_OUT=0x15358dd3 ipsec _updown 2>&1:
Aug 26 13:23:48.778180: | route_and_eroute: firewall_notified: true
Aug 26 13:23:48.778229: | running updown command "ipsec _updown" for verb prepare 
Aug 26 13:23:48.778241: | command executing prepare-client
Aug 26 13:23:48.778374: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca313cb5 SPI
Aug 26 13:23:48.778395: | popen cmd is 1025 chars long
Aug 26 13:23:48.778405: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN:
Aug 26 13:23:48.778415: | cmd(  80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e:
Aug 26 13:23:48.778423: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI:
Aug 26 13:23:48.778431: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=:
Aug 26 13:23:48.778439: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_:
Aug 26 13:23:48.778447: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M:
Aug 26 13:23:48.778455: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
Aug 26 13:23:48.778464: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Aug 26 13:23:48.778472: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' :
Aug 26 13:23:48.778480: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D:
Aug 26 13:23:48.778488: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P:
Aug 26 13:23:48.778496: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Aug 26 13:23:48.778504: | cmd( 960):ARED='no' SPI_IN=0xca313cb5 SPI_OUT=0x15358dd3 ipsec _updown 2>&1:
Aug 26 13:23:48.796493: | running updown command "ipsec _updown" for verb route 
Aug 26 13:23:48.796514: | command executing route-client
Aug 26 13:23:48.796554: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca313cb5 SPI_OUT
Aug 26 13:23:48.796564: | popen cmd is 1023 chars long
Aug 26 13:23:48.796568: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE:
Aug 26 13:23:48.796572: | cmd(  80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas:
Aug 26 13:23:48.796575: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN:
Aug 26 13:23:48.796579: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1:
Aug 26 13:23:48.796582: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE:
Aug 26 13:23:48.796585: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS:
Aug 26 13:23:48.796589: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
Aug 26 13:23:48.796592: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+:
Aug 26 13:23:48.796595: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL:
Aug 26 13:23:48.796598: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
Aug 26 13:23:48.796602: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
Aug 26 13:23:48.796605: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
Aug 26 13:23:48.796608: | cmd( 960):ED='no' SPI_IN=0xca313cb5 SPI_OUT=0x15358dd3 ipsec _updown 2>&1:
Aug 26 13:23:48.811270: | route_and_eroute: instance "east", setting eroute_owner {spd=0x555f2c97a9a8,sr=0x555f2c97a9a8} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 13:23:48.811377: |     #1 spent 3.75 milliseconds in install_ipsec_sa()
Aug 26 13:23:48.811388: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 13:23:48.811393: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:23:48.811397: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:23:48.811402: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:23:48.811404: | emitting length of IKEv2 Encryption Payload: 197
Aug 26 13:23:48.811407: | emitting length of ISAKMP Message: 225
Aug 26 13:23:48.811443: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 13:23:48.811449: |   #1 spent 8.92 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 13:23:48.811457: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:48.811463: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:23:48.811467: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 13:23:48.811470: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 13:23:48.811473: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 13:23:48.811477: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 13:23:48.811483: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 13:23:48.811490: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 13:23:48.811493: | pstats #2 ikev2.child established
Aug 26 13:23:48.811501: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 13:23:48.811505: | NAT-T: encaps is 'auto'
Aug 26 13:23:48.811509: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xca313cb5 <0x15358dd3 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 13:23:48.811514: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:23:48.811521: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:23:48.811524: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:23:48.811526: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Aug 26 13:23:48.811528: |   ce 2c 63 e2  18 a7 ee 8a  aa 43 ed bd  9f 62 b4 33
Aug 26 13:23:48.811530: |   3a 66 91 b4  f9 e3 b5 1d  b9 9d 33 01  42 e6 e5 b5
Aug 26 13:23:48.811532: |   ec 04 e9 4c  74 6c 4b 24  06 fd 6f 90  e8 c1 17 ad
Aug 26 13:23:48.811534: |   0a c7 6e cf  8a 45 6a bb  18 d7 1c 1f  68 ac a3 58
Aug 26 13:23:48.811537: |   c8 03 af 11  f5 c4 85 21  28 a0 f8 28  cc af 00 7c
Aug 26 13:23:48.811539: |   d2 af a1 6e  04 da 1c ee  73 3c 32 d1  a4 ab f8 ce
Aug 26 13:23:48.811541: |   72 f4 23 02  ed eb 3a fe  e7 21 b3 93  e5 a0 fe db
Aug 26 13:23:48.811543: |   a6 3c 38 12  bf 76 a9 3a  fc 9f ec 6e  c8 e9 a6 d6
Aug 26 13:23:48.811545: |   3b a0 f6 4d  39 21 a1 23  9b a6 96 42  0d d5 64 20
Aug 26 13:23:48.811547: |   e5 0c e1 d7  84 9d 0f 1a  94 cd bb 84  c2 d2 82 84
Aug 26 13:23:48.811549: |   94 b8 17 4d  b3 87 3b 3d  25 da 75 0c  89 b4 b9 f2
Aug 26 13:23:48.811551: |   73 77 b9 ad  ef 9d 19 66  ec bb 75 a3  e7 4d 1f ed
Aug 26 13:23:48.811553: |   cc
Aug 26 13:23:48.811594: | releasing whack for #2 (sock=fd@-1)
Aug 26 13:23:48.811598: | releasing whack and unpending for parent #1
Aug 26 13:23:48.811601: | unpending state #1 connection "east"
Aug 26 13:23:48.811605: | #2 will start re-keying in 28798 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:23:48.811608: | event_schedule: new EVENT_SA_REKEY-pe@0x7f9b98002b78
Aug 26 13:23:48.811611: | inserting event EVENT_SA_REKEY, timeout in 28798 seconds for #2
Aug 26 13:23:48.811615: | libevent_malloc: new ptr-libevent@0x555f2c982688 size 128
Aug 26 13:23:48.811631: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 13:23:48.811637: | #1 spent 9.54 milliseconds in resume sending helper answer
Aug 26 13:23:48.811642: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:23:48.811647: | libevent_free: release ptr-libevent@0x7f9b90000f48
Aug 26 13:23:48.811661: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:48.811667: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:48.811672: | spent 0.00555 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:48.811674: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:48.811677: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:48.811681: | spent 0.00344 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:23:48.811683: | processing signal PLUTO_SIGCHLD
Aug 26 13:23:48.811686: | waitpid returned ECHILD (no child processes left)
Aug 26 13:23:48.811689: | spent 0.00328 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 13:24:07.339959: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:07.340028: | expiring aged bare shunts from shunt table
Aug 26 13:24:07.340050: | spent 0.0173 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 13:24:13.821120: | spent 0.00429 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:24:13.821156: | *received 825 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:24:13.821161: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:13.821168: |   2e 20 24 08  00 00 00 02  00 00 03 39  21 00 03 1d
Aug 26 13:24:13.821171: |   6b ed 3e 2d  f4 3e de 70  5b 6e 04 73  29 a0 70 b0
Aug 26 13:24:13.821174: |   05 53 ad d9  bf be 16 2b  50 f0 12 d0  fb d6 7e 7b
Aug 26 13:24:13.821177: |   4c 8a 55 b6  18 8c 78 81  d5 01 4d 69  84 eb c7 f1
Aug 26 13:24:13.821180: |   ed 4d 26 56  d7 a1 d4 72  d3 31 b7 a2  82 4b d0 3a
Aug 26 13:24:13.821183: |   b5 58 69 a6  85 fc 3b b2  26 61 39 09  80 a4 fc 4e
Aug 26 13:24:13.821186: |   0b a0 67 f8  c0 7f 3b a1  4d a9 c7 cf  13 17 96 4b
Aug 26 13:24:13.821189: |   da 47 b1 fe  94 fe 0c ee  6d 57 5f 56  f6 88 7d 96
Aug 26 13:24:13.821192: |   f8 ce 4a 6a  8b 0b b9 f5  d4 e5 31 e5  00 0e fc 5d
Aug 26 13:24:13.821195: |   c8 e4 a0 a5  8c d4 b5 af  b8 94 8e 45  19 7c 0e f0
Aug 26 13:24:13.821197: |   b5 ea a5 2c  67 4e 67 c5  ee 2d 57 b2  33 70 46 07
Aug 26 13:24:13.821200: |   32 38 53 85  29 c7 d4 38  a3 a1 2b dd  28 5d 72 cb
Aug 26 13:24:13.821203: |   96 60 62 d6  a4 de 2c a5  59 f4 16 b0  26 72 fa e8
Aug 26 13:24:13.821206: |   75 bd 56 15  d9 8d 50 c0  78 4f 37 cb  f4 fc 19 b9
Aug 26 13:24:13.821209: |   77 12 c2 15  f4 9f a8 da  c6 a3 2f b6  6f f9 6d 38
Aug 26 13:24:13.821212: |   df 53 0e 1e  be ab 94 96  29 27 a3 56  fe be e5 9a
Aug 26 13:24:13.821215: |   02 22 21 6b  74 d8 b9 b2  84 06 c8 c2  7e 79 35 43
Aug 26 13:24:13.821218: |   91 74 bb 51  8b 5f fd 48  93 16 86 c8  fc 7c cb 6a
Aug 26 13:24:13.821220: |   95 07 ae a9  6b 91 d5 6a  c6 b7 4b 4d  be d8 82 e2
Aug 26 13:24:13.821223: |   e5 e2 45 f3  03 0d 40 c9  39 b1 03 3d  36 e6 d1 d6
Aug 26 13:24:13.821226: |   4e 11 7b fb  dc 7b f2 a9  bd c8 a6 57  78 8b b4 b2
Aug 26 13:24:13.821229: |   b5 fb 48 45  a4 9d c0 f9  11 1d 08 5c  89 d2 18 34
Aug 26 13:24:13.821232: |   55 06 d3 99  2f b4 cc 3e  0f e9 7a 60  e5 8a 1d d0
Aug 26 13:24:13.821235: |   73 7a a5 92  6d 30 26 e3  5a cb 03 7e  55 28 3e 59
Aug 26 13:24:13.821238: |   97 4b c5 ac  1c 21 cc cf  1e 99 4f 09  2b db f7 e4
Aug 26 13:24:13.821241: |   bf 9a 34 27  08 92 3b a0  b2 f2 2b d1  26 de 07 48
Aug 26 13:24:13.821244: |   0e 4c 4a 32  12 72 50 de  bb 05 58 a3  aa 0f 87 b8
Aug 26 13:24:13.821246: |   e5 51 47 10  96 fc 16 98  47 6e c0 97  53 fb f6 4f
Aug 26 13:24:13.821249: |   00 b7 95 15  0b 0d 23 1e  12 cd 75 81  8f 66 89 31
Aug 26 13:24:13.821252: |   b7 10 e1 95  15 6d 40 81  09 bc 03 9c  de e8 3e 3c
Aug 26 13:24:13.821255: |   47 ed 20 00  c4 3d e6 5a  da fb 20 10  0b d1 af ea
Aug 26 13:24:13.821258: |   e5 e2 08 44  b0 ce 33 0b  8b 4c 78 bd  1f 25 63 49
Aug 26 13:24:13.821261: |   91 87 99 7f  c3 a2 11 7e  0e 06 ba c7  2f f5 62 69
Aug 26 13:24:13.821264: |   3a 79 3c cc  46 f4 df 41  69 32 df a0  da a8 43 73
Aug 26 13:24:13.821267: |   98 7f 4e f1  8f ad 3e 56  9b ea ad 76  9b 44 4c c1
Aug 26 13:24:13.821269: |   e6 35 d9 a0  74 85 7e 2f  47 40 4f cd  12 51 61 bd
Aug 26 13:24:13.821272: |   2d 79 2b 23  32 a6 dc 65  6d 71 09 3f  ee c2 6e 12
Aug 26 13:24:13.821275: |   dd 6b 23 2e  43 40 9c 73  80 fc e1 e0  ec 54 e5 e4
Aug 26 13:24:13.821278: |   5a 45 b6 c4  bb 1c 15 e8  1c c2 12 fd  df a0 9c 77
Aug 26 13:24:13.821281: |   bd f7 3b f7  0c db d9 c5  03 7f 26 5f  6e 57 5a f5
Aug 26 13:24:13.821284: |   f1 29 fa fa  3f f9 2f 36  27 d4 d7 20  33 4e fd b9
Aug 26 13:24:13.821287: |   ff 56 9a a1  7f 4d fc ac  c0 80 8e 35  5a 80 02 32
Aug 26 13:24:13.821299: |   91 7b 79 f7  d0 be 1f 82  30 a8 e8 0b  87 26 aa e4
Aug 26 13:24:13.821302: |   47 b3 dc 98  22 01 78 0c  7d 0a 8a 10  78 5a 4d 61
Aug 26 13:24:13.821305: |   b7 b8 e0 9d  3b 4a 96 59  f5 8e 93 27  66 d6 db 48
Aug 26 13:24:13.821308: |   62 aa 60 96  a4 66 9c fc  05 15 b1 bf  50 c1 4d 43
Aug 26 13:24:13.821310: |   cd 48 77 92  45 68 af 5e  59 98 7c 26  68 f5 b2 e1
Aug 26 13:24:13.821313: |   03 2d 33 b5  1a 41 85 88  ba ba c5 05  ac 1d 42 6a
Aug 26 13:24:13.821316: |   5f ac d2 44  4c a4 59 9a  fb 91 2d 45  ee 50 a8 1c
Aug 26 13:24:13.821319: |   02 8e 50 bc  9a 1c 0d 1d  8a d3 24 13  78 b6 fb 22
Aug 26 13:24:13.821322: |   d4 a1 6f 1b  86 5c df db  c4
Aug 26 13:24:13.821328: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:24:13.821335: | **parse ISAKMP Message:
Aug 26 13:24:13.821338: |    initiator cookie:
Aug 26 13:24:13.821341: |   70 79 23 d6  e9 10 04 82
Aug 26 13:24:13.821344: |    responder cookie:
Aug 26 13:24:13.821347: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:13.821350: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:24:13.821354: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:13.821357: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:24:13.821363: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:24:13.821366: |    Message ID: 2 (0x2)
Aug 26 13:24:13.821369: |    length: 825 (0x339)
Aug 26 13:24:13.821373: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Aug 26 13:24:13.821377: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request 
Aug 26 13:24:13.821382: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 13:24:13.821389: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:24:13.821393: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:24:13.821399: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:24:13.821403: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Aug 26 13:24:13.821408: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Aug 26 13:24:13.821411: | unpacking clear payload
Aug 26 13:24:13.821414: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:24:13.821418: | ***parse IKEv2 Encryption Payload:
Aug 26 13:24:13.821421: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:24:13.821424: |    flags: none (0x0)
Aug 26 13:24:13.821427: |    length: 797 (0x31d)
Aug 26 13:24:13.821430: | processing payload: ISAKMP_NEXT_v2SK (len=793)
Aug 26 13:24:13.821436: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Aug 26 13:24:13.821440: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:13.821465: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Aug 26 13:24:13.821469: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:24:13.821472: | **parse IKEv2 Security Association Payload:
Aug 26 13:24:13.821475: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 13:24:13.821478: |    flags: none (0x0)
Aug 26 13:24:13.821481: |    length: 468 (0x1d4)
Aug 26 13:24:13.821484: | processing payload: ISAKMP_NEXT_v2SA (len=464)
Aug 26 13:24:13.821487: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 13:24:13.821490: | **parse IKEv2 Nonce Payload:
Aug 26 13:24:13.821494: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 13:24:13.821497: |    flags: none (0x0)
Aug 26 13:24:13.821499: |    length: 36 (0x24)
Aug 26 13:24:13.821502: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 13:24:13.821505: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 13:24:13.821509: | **parse IKEv2 Key Exchange Payload:
Aug 26 13:24:13.821512: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:13.821515: |    flags: none (0x0)
Aug 26 13:24:13.821518: |    length: 264 (0x108)
Aug 26 13:24:13.821521: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.821524: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 13:24:13.821528: | state #1 forced to match CREATE_CHILD_SA from V2_REKEY_IKE_R->PARENT_R2 by ignoring from state
Aug 26 13:24:13.821532: | selected state microcode Respond to CREATE_CHILD_SA IKE Rekey
Aug 26 13:24:13.821538: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:24:13.821543: | creating state object #3 at 0x555f2c980ad8
Aug 26 13:24:13.821546: | State DB: adding IKEv2 state #3 in UNDEFINED
Aug 26 13:24:13.821560: | pstats #3 ikev2.ike started
Aug 26 13:24:13.821564: | duplicating state object #1 "east" as #3 for IKE SA
Aug 26 13:24:13.821574: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 13:24:13.821581: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:24:13.821585: | child state #3: UNDEFINED(ignore) => V2_REKEY_IKE_R(established IKE SA)
Aug 26 13:24:13.821591: | "east" #1 received IKE Rekey Request CREATE_CHILD_SA from 192.1.2.45:500 Child "east" #3 in STATE_V2_REKEY_IKE_R will process it further
Aug 26 13:24:13.821597: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1
Aug 26 13:24:13.821602: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2
Aug 26 13:24:13.821605: | forcing ST #1 to CHILD #1.#3 in FSM processor
Aug 26 13:24:13.821608: | Now let's proceed with state specific processing
Aug 26 13:24:13.821611: | calling processor Respond to CREATE_CHILD_SA IKE Rekey
Aug 26 13:24:13.821632: | using existing local IKE proposals for connection east (IKE SA responding to rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:24:13.821637: | Comparing remote proposals against IKE Rekey responder child 4 local proposals
Aug 26 13:24:13.821642: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:24:13.821645: | local proposal 1 type PRF has 2 transforms
Aug 26 13:24:13.821649: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:24:13.821652: | local proposal 1 type DH has 8 transforms
Aug 26 13:24:13.821655: | local proposal 1 type ESN has 0 transforms
Aug 26 13:24:13.821660: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:24:13.821663: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:24:13.821666: | local proposal 2 type PRF has 2 transforms
Aug 26 13:24:13.821669: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:24:13.821672: | local proposal 2 type DH has 8 transforms
Aug 26 13:24:13.821675: | local proposal 2 type ESN has 0 transforms
Aug 26 13:24:13.821678: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:24:13.821681: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:24:13.821684: | local proposal 3 type PRF has 2 transforms
Aug 26 13:24:13.821687: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:24:13.821690: | local proposal 3 type DH has 8 transforms
Aug 26 13:24:13.821693: | local proposal 3 type ESN has 0 transforms
Aug 26 13:24:13.821697: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:24:13.821700: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:24:13.821703: | local proposal 4 type PRF has 2 transforms
Aug 26 13:24:13.821706: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:24:13.821709: | local proposal 4 type DH has 8 transforms
Aug 26 13:24:13.821712: | local proposal 4 type ESN has 0 transforms
Aug 26 13:24:13.821715: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:24:13.821719: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:13.821723: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:13.821726: |    length: 108 (0x6c)
Aug 26 13:24:13.821729: |    prop #: 1 (0x1)
Aug 26 13:24:13.821732: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:13.821737: |    spi size: 8 (0x8)
Aug 26 13:24:13.821740: |    # transforms: 11 (0xb)
Aug 26 13:24:13.821744: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:13.821747: | remote SPI  12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:13.821751: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:24:13.821754: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821758: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821761: |    length: 12 (0xc)
Aug 26 13:24:13.821764: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:13.821767: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:13.821770: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:13.821774: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:13.821776: |    length/value: 256 (0x100)
Aug 26 13:24:13.821782: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:24:13.821785: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821788: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821791: |    length: 8 (0x8)
Aug 26 13:24:13.821794: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.821797: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:13.821801: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 13:24:13.821805: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 13:24:13.821809: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 13:24:13.821812: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 13:24:13.821815: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821818: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821821: |    length: 8 (0x8)
Aug 26 13:24:13.821824: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.821827: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:13.821830: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821833: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821836: |    length: 8 (0x8)
Aug 26 13:24:13.821839: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821842: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.821846: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 13:24:13.821850: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 13:24:13.821854: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 13:24:13.821857: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 13:24:13.821860: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821863: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821866: |    length: 8 (0x8)
Aug 26 13:24:13.821869: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821872: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:13.821875: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821878: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821881: |    length: 8 (0x8)
Aug 26 13:24:13.821884: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821887: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:13.821890: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821893: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821896: |    length: 8 (0x8)
Aug 26 13:24:13.821899: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821902: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:13.821907: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821910: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821913: |    length: 8 (0x8)
Aug 26 13:24:13.821916: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821919: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:13.821922: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821925: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821928: |    length: 8 (0x8)
Aug 26 13:24:13.821931: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821934: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:13.821937: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821940: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.821943: |    length: 8 (0x8)
Aug 26 13:24:13.821946: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821949: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:13.821952: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.821955: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:13.821958: |    length: 8 (0x8)
Aug 26 13:24:13.821961: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.821964: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:13.821968: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 13:24:13.821973: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 13:24:13.821977: | remote proposal 1 matches local proposal 1
Aug 26 13:24:13.821980: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:13.821983: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:13.821986: |    length: 108 (0x6c)
Aug 26 13:24:13.821989: |    prop #: 2 (0x2)
Aug 26 13:24:13.821992: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:13.821995: |    spi size: 8 (0x8)
Aug 26 13:24:13.821998: |    # transforms: 11 (0xb)
Aug 26 13:24:13.822001: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:13.822004: | remote SPI  12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:13.822008: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:13.822011: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822014: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822017: |    length: 12 (0xc)
Aug 26 13:24:13.822020: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:13.822023: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:13.822026: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:13.822029: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:13.822032: |    length/value: 128 (0x80)
Aug 26 13:24:13.822035: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822038: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822041: |    length: 8 (0x8)
Aug 26 13:24:13.822044: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822047: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:13.822050: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822053: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822056: |    length: 8 (0x8)
Aug 26 13:24:13.822059: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822062: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:13.822065: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822068: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822071: |    length: 8 (0x8)
Aug 26 13:24:13.822074: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822077: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.822080: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822083: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822087: |    length: 8 (0x8)
Aug 26 13:24:13.822091: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822094: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:13.822097: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822100: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822102: |    length: 8 (0x8)
Aug 26 13:24:13.822105: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822108: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:13.822112: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822114: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822117: |    length: 8 (0x8)
Aug 26 13:24:13.822120: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822123: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:13.822126: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822129: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822132: |    length: 8 (0x8)
Aug 26 13:24:13.822135: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822138: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:13.822141: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822144: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822147: |    length: 8 (0x8)
Aug 26 13:24:13.822150: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822153: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:13.822156: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822159: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822162: |    length: 8 (0x8)
Aug 26 13:24:13.822165: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822168: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:13.822171: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822174: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:13.822177: |    length: 8 (0x8)
Aug 26 13:24:13.822180: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822183: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:13.822187: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 13:24:13.822191: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 13:24:13.822194: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:13.822197: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:13.822200: |    length: 124 (0x7c)
Aug 26 13:24:13.822203: |    prop #: 3 (0x3)
Aug 26 13:24:13.822205: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:13.822208: |    spi size: 8 (0x8)
Aug 26 13:24:13.822211: |    # transforms: 13 (0xd)
Aug 26 13:24:13.822215: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:13.822217: | remote SPI  12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:13.822221: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:13.822224: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822227: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822230: |    length: 12 (0xc)
Aug 26 13:24:13.822233: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:13.822236: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:24:13.822239: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:13.822242: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:13.822245: |    length/value: 256 (0x100)
Aug 26 13:24:13.822248: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822251: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822254: |    length: 8 (0x8)
Aug 26 13:24:13.822257: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822260: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:13.822263: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822267: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822270: |    length: 8 (0x8)
Aug 26 13:24:13.822273: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822276: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:13.822280: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822282: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822285: |    length: 8 (0x8)
Aug 26 13:24:13.822294: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:13.822303: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:24:13.822308: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822313: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822318: |    length: 8 (0x8)
Aug 26 13:24:13.822321: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:13.822324: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:24:13.822328: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822331: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822334: |    length: 8 (0x8)
Aug 26 13:24:13.822337: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822340: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.822343: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822346: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822349: |    length: 8 (0x8)
Aug 26 13:24:13.822351: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822354: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:13.822358: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822361: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822363: |    length: 8 (0x8)
Aug 26 13:24:13.822366: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822369: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:13.822373: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822375: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822378: |    length: 8 (0x8)
Aug 26 13:24:13.822381: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822384: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:13.822387: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822390: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822393: |    length: 8 (0x8)
Aug 26 13:24:13.822396: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822399: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:13.822402: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822405: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822408: |    length: 8 (0x8)
Aug 26 13:24:13.822411: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822414: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:13.822417: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822420: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822423: |    length: 8 (0x8)
Aug 26 13:24:13.822426: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822429: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:13.822432: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822435: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:13.822438: |    length: 8 (0x8)
Aug 26 13:24:13.822441: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822444: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:13.822449: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:24:13.822452: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:24:13.822455: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:13.822458: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:24:13.822461: |    length: 124 (0x7c)
Aug 26 13:24:13.822467: |    prop #: 4 (0x4)
Aug 26 13:24:13.822470: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:13.822472: |    spi size: 8 (0x8)
Aug 26 13:24:13.822475: |    # transforms: 13 (0xd)
Aug 26 13:24:13.822479: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:13.822482: | remote SPI  12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:13.822485: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:13.822488: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822491: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822494: |    length: 12 (0xc)
Aug 26 13:24:13.822497: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:13.822500: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:24:13.822503: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:13.822506: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:13.822509: |    length/value: 128 (0x80)
Aug 26 13:24:13.822513: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822516: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822518: |    length: 8 (0x8)
Aug 26 13:24:13.822521: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822524: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:13.822528: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822530: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822533: |    length: 8 (0x8)
Aug 26 13:24:13.822536: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.822539: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:13.822542: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822545: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822548: |    length: 8 (0x8)
Aug 26 13:24:13.822551: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:13.822554: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:24:13.822557: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822560: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822563: |    length: 8 (0x8)
Aug 26 13:24:13.822566: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:13.822569: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:24:13.822572: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822575: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822578: |    length: 8 (0x8)
Aug 26 13:24:13.822581: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822584: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.822587: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822590: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822593: |    length: 8 (0x8)
Aug 26 13:24:13.822596: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822599: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:13.822602: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822605: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822608: |    length: 8 (0x8)
Aug 26 13:24:13.822611: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822614: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:13.822617: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822620: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822622: |    length: 8 (0x8)
Aug 26 13:24:13.822625: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822628: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:13.822632: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822634: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822637: |    length: 8 (0x8)
Aug 26 13:24:13.822640: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822643: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:13.822650: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822653: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822656: |    length: 8 (0x8)
Aug 26 13:24:13.822659: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822662: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:13.822665: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822668: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.822671: |    length: 8 (0x8)
Aug 26 13:24:13.822674: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822677: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:13.822680: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.822683: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:13.822686: |    length: 8 (0x8)
Aug 26 13:24:13.822689: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.822692: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:13.822696: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:24:13.822700: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:24:13.822707: "east" #1: proposal 1:IKE:SPI=121d1788f4350a1c;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 13:24:13.822714: | accepted IKE proposal ikev2_proposal: 1:IKE:SPI=121d1788f4350a1c;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 13:24:13.822718: | converting proposal to internal trans attrs
Aug 26 13:24:13.822724: | adding IKE rekey KE response gir work-order 3 for state #3
Aug 26 13:24:13.822728: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f2c986188
Aug 26 13:24:13.822733: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Aug 26 13:24:13.822737: | libevent_malloc: new ptr-libevent@0x7f9b90000f48 size 128
Aug 26 13:24:13.822752: | #3 spent 1.13 milliseconds in processing: Respond to CREATE_CHILD_SA IKE Rekey in ikev2_process_state_packet()
Aug 26 13:24:13.822759: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:13.822764: | start processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:13.822768: | #3 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_SUSPEND
Aug 26 13:24:13.822771: | suspending state #3 and saving MD
Aug 26 13:24:13.822774: | #3 is busy; has a suspended MD
Aug 26 13:24:13.822780: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:24:13.822784: | "east" #3 complete v2 state STATE_V2_REKEY_IKE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:24:13.822789: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:24:13.822794: | #1 spent 1.65 milliseconds in ikev2_process_packet()
Aug 26 13:24:13.822799: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:24:13.822810: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:24:13.822795: | crypto helper 0 resuming
Aug 26 13:24:13.822814: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:24:13.822847: | spent 1.69 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:24:13.822831: | crypto helper 0 starting work-order 3 for state #3
Aug 26 13:24:13.822866: | crypto helper 0 doing build KE and nonce (IKE rekey KE response gir); request ID 3
Aug 26 13:24:13.823748: | crypto helper 0 finished build KE and nonce (IKE rekey KE response gir); request ID 3 time elapsed 0.000883 seconds
Aug 26 13:24:13.823762: | (#3) spent 0.891 milliseconds in crypto helper computing work-order 3: IKE rekey KE response gir (pcr)
Aug 26 13:24:13.823766: | crypto helper 0 sending results from work-order 3 for state #3 to event queue
Aug 26 13:24:13.823769: | scheduling resume sending helper answer for #3
Aug 26 13:24:13.823773: | libevent_malloc: new ptr-libevent@0x7f9b94002888 size 128
Aug 26 13:24:13.823776: | libevent_realloc: release ptr-libevent@0x555f2c95c6d8
Aug 26 13:24:13.823779: | libevent_realloc: new ptr-libevent@0x7f9b940027d8 size 128
Aug 26 13:24:13.823787: | crypto helper 0 waiting (nothing to do)
Aug 26 13:24:13.823827: | processing resume sending helper answer for #3
Aug 26 13:24:13.823841: | start processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:24:13.823847: | crypto helper 0 replies to request ID 3
Aug 26 13:24:13.823850: | calling continuation function 0x555f2bf14b50
Aug 26 13:24:13.823853: | ikev2_child_ike_inIoutR_continue for #3 STATE_V2_REKEY_IKE_R
Aug 26 13:24:13.823871: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 13:24:13.823877: | adding DHv2 for REKEY IKE SA work-order 4 for state #3
Aug 26 13:24:13.823880: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:24:13.823884: | libevent_free: release ptr-libevent@0x7f9b90000f48
Aug 26 13:24:13.823887: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f2c986188
Aug 26 13:24:13.823890: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f2c986188
Aug 26 13:24:13.823894: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Aug 26 13:24:13.823897: | libevent_malloc: new ptr-libevent@0x555f2c9815c8 size 128
Aug 26 13:24:13.823908: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:13.823913: | #3 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_SUSPEND
Aug 26 13:24:13.823915: | suspending state #3 and saving MD
Aug 26 13:24:13.823918: | #3 is busy; has a suspended MD
Aug 26 13:24:13.823922: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:24:13.823926: | "east" #3 complete v2 state STATE_V2_REKEY_IKE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:24:13.823930: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD
Aug 26 13:24:13.823935: | #3 spent 0.0876 milliseconds in resume sending helper answer
Aug 26 13:24:13.823940: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:24:13.823943: | libevent_free: release ptr-libevent@0x7f9b94002888
Aug 26 13:24:13.823947: | crypto helper 3 resuming
Aug 26 13:24:13.823961: | crypto helper 3 starting work-order 4 for state #3
Aug 26 13:24:13.823966: | crypto helper 3 doing compute dh (V2) (DHv2 for REKEY IKE SA); request ID 4
Aug 26 13:24:13.824777: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 13:24:13.825199: | crypto helper 3 finished compute dh (V2) (DHv2 for REKEY IKE SA); request ID 4 time elapsed 0.001232 seconds
Aug 26 13:24:13.825209: | (#3) spent 1.24 milliseconds in crypto helper computing work-order 4: DHv2 for REKEY IKE SA (pcr)
Aug 26 13:24:13.825213: | crypto helper 3 sending results from work-order 4 for state #3 to event queue
Aug 26 13:24:13.825216: | scheduling resume sending helper answer for #3
Aug 26 13:24:13.825219: | libevent_malloc: new ptr-libevent@0x7f9b88006318 size 128
Aug 26 13:24:13.825231: | crypto helper 3 waiting (nothing to do)
Aug 26 13:24:13.825272: | processing resume sending helper answer for #3
Aug 26 13:24:13.825286: | start processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:24:13.825304: | crypto helper 3 replies to request ID 4
Aug 26 13:24:13.825310: | calling continuation function 0x555f2bf14b50
Aug 26 13:24:13.825315: | ikev2_child_ike_inIoutR_continue_continue for #3 STATE_V2_REKEY_IKE_R
Aug 26 13:24:13.825347: | **emit ISAKMP Message:
Aug 26 13:24:13.825350: |    initiator cookie:
Aug 26 13:24:13.825353: |   70 79 23 d6  e9 10 04 82
Aug 26 13:24:13.825355: |    responder cookie:
Aug 26 13:24:13.825358: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:13.825361: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:24:13.825363: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:13.825366: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:24:13.825369: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:24:13.825372: |    Message ID: 2 (0x2)
Aug 26 13:24:13.825375: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:24:13.825378: | ***emit IKEv2 Encryption Payload:
Aug 26 13:24:13.825381: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:13.825383: |    flags: none (0x0)
Aug 26 13:24:13.825386: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:24:13.825389: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:13.825393: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:24:13.825400: | Emitting ikev2_proposal ...
Aug 26 13:24:13.825403: | ****emit IKEv2 Security Association Payload:
Aug 26 13:24:13.825406: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:13.825408: |    flags: none (0x0)
Aug 26 13:24:13.825412: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:24:13.825414: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:13.825418: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:24:13.825420: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:24:13.825423: |    prop #: 1 (0x1)
Aug 26 13:24:13.825425: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:13.825428: |    spi size: 8 (0x8)
Aug 26 13:24:13.825430: |    # transforms: 3 (0x3)
Aug 26 13:24:13.825433: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:24:13.825437: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 13:24:13.825439: | our spi  35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:13.825442: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.825445: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.825447: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:13.825450: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:13.825453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:13.825456: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:24:13.825459: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:13.825461: |    length/value: 256 (0x100)
Aug 26 13:24:13.825464: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:24:13.825467: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.825470: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.825472: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:13.825475: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:13.825478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.825484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:13.825487: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:24:13.825490: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:13.825492: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:13.825495: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:13.825498: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.825501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:13.825504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:13.825506: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:24:13.825509: | emitting length of IKEv2 Proposal Substructure Payload: 44
Aug 26 13:24:13.825512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:24:13.825514: | emitting length of IKEv2 Security Association Payload: 48
Aug 26 13:24:13.825517: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:24:13.825520: | ****emit IKEv2 Nonce Payload:
Aug 26 13:24:13.825522: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:13.825525: |    flags: none (0x0)
Aug 26 13:24:13.825528: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 13:24:13.825531: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:13.825534: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 13:24:13.825537: | IKEv2 nonce  b9 b0 77 d4  fd 2c 76 d2  ca 71 d9 8c  83 7f f6 9f
Aug 26 13:24:13.825540: | IKEv2 nonce  c5 14 ad 3e  e1 5e dc 47  18 18 ab 5a  f5 a3 c0 61
Aug 26 13:24:13.825542: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 13:24:13.825545: | ****emit IKEv2 Key Exchange Payload:
Aug 26 13:24:13.825547: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:13.825550: |    flags: none (0x0)
Aug 26 13:24:13.825552: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:13.825555: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 13:24:13.825558: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:13.825561: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 13:24:13.825564: | ikev2 g^x  a8 ab d6 f3  7e 9f d3 3f  24 c8 2b 83  f2 d2 7f b9
Aug 26 13:24:13.825566: | ikev2 g^x  42 a0 e0 76  1e ac 01 84  0e 71 a6 2f  e4 74 77 e3
Aug 26 13:24:13.825569: | ikev2 g^x  32 b8 14 bc  03 bb 00 36  30 5a 4b fa  90 3e 7c 56
Aug 26 13:24:13.825571: | ikev2 g^x  f9 85 99 55  93 b5 6f 5d  bb c1 c1 5e  c0 6f 36 e8
Aug 26 13:24:13.825573: | ikev2 g^x  9f c2 7f 1e  e7 df 62 2e  40 13 b9 16  e0 4b 7e 38
Aug 26 13:24:13.825576: | ikev2 g^x  fb 26 18 4a  49 22 88 11  76 f0 dd b8  12 5b 79 26
Aug 26 13:24:13.825578: | ikev2 g^x  2c f2 b3 64  d7 3a f6 29  54 be 06 d6  f5 74 89 60
Aug 26 13:24:13.825581: | ikev2 g^x  ce 5e a2 42  ce 2b 5f f3  d6 96 a3 15  c4 2d f3 a0
Aug 26 13:24:13.825583: | ikev2 g^x  7d 32 fc ae  2c 38 74 bc  b1 de 90 48  2a 04 58 78
Aug 26 13:24:13.825585: | ikev2 g^x  ad f4 e4 d9  ad 1a 48 a3  04 99 d0 b6  7f dd 45 c3
Aug 26 13:24:13.825588: | ikev2 g^x  79 e2 5c fe  95 6f 38 d9  8d da ad 22  8e 18 8f dd
Aug 26 13:24:13.825590: | ikev2 g^x  bb de 35 d8  c5 20 72 a2  3a b8 15 61  da 66 2e 1e
Aug 26 13:24:13.825593: | ikev2 g^x  7b 05 6d 8e  20 48 c0 5e  e8 43 fa 6a  c5 51 a6 ce
Aug 26 13:24:13.825596: | ikev2 g^x  6d 40 8c a7  30 23 ef c3  5c e1 72 87  a1 fb 22 ba
Aug 26 13:24:13.825599: | ikev2 g^x  8c 0b 7d 5a  c5 2c bb 70  42 21 8f 22  f8 5d 47 64
Aug 26 13:24:13.825601: | ikev2 g^x  69 11 87 98  5a e0 62 00  9d 28 22 49  fd 40 92 25
Aug 26 13:24:13.825604: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 13:24:13.825607: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:24:13.825610: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:24:13.825613: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:24:13.825616: | emitting length of IKEv2 Encryption Payload: 377
Aug 26 13:24:13.825618: | emitting length of ISAKMP Message: 405
Aug 26 13:24:13.825636: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:13.825640: | #3 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_OK
Aug 26 13:24:13.825643: | IKEv2: transition from state STATE_V2_REKEY_IKE_R to state STATE_PARENT_R2
Aug 26 13:24:13.825646: | Message ID: updating counters for #3 to 2 before emancipating
Aug 26 13:24:13.825651: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1
Aug 26 13:24:13.825656: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1
Aug 26 13:24:13.825660: | Message ID: init_ike #3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1
Aug 26 13:24:13.825663: | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir]
Aug 26 13:24:13.825668: | #2 migrated from IKE SA #1 to IKE SA #3
Aug 26 13:24:13.825671: | State DB: re-hashing IKEv2 state #2 IKE SPIi and SPI[ir]
Aug 26 13:24:13.825674: | State DB: IKEv2 state not found (v2_migrate_children)
Aug 26 13:24:13.825678: | parent state #3: V2_REKEY_IKE_R(established IKE SA) => PARENT_R2(established IKE SA)
Aug 26 13:24:13.825682: | #3 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:24:13.825685: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:24:13.825688: | libevent_free: release ptr-libevent@0x555f2c9815c8
Aug 26 13:24:13.825691: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f2c986188
Aug 26 13:24:13.825694: | event_schedule: new EVENT_SA_REKEY-pe@0x555f2c986188
Aug 26 13:24:13.825698: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #3
Aug 26 13:24:13.825701: | libevent_malloc: new ptr-libevent@0x7f9b94002888 size 128
Aug 26 13:24:13.825777: | pstats #3 ikev2.ike established
Aug 26 13:24:13.825785: "east" #3: STATE_PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:13.825791: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:24:13.825796: | sending 405 bytes for STATE_V2_REKEY_IKE_R through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:24:13.825799: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:13.825802: |   2e 20 24 20  00 00 00 02  00 00 01 95  21 00 01 79
Aug 26 13:24:13.825804: |   0f 55 0f 94  bb bc 70 1c  d7 6b e6 cc  20 5d f7 a6
Aug 26 13:24:13.825806: |   21 da db c2  6e 91 f3 51  19 9e 04 6d  95 85 7b 1e
Aug 26 13:24:13.825809: |   03 47 63 ca  ce 94 98 46  d0 78 e2 6e  87 54 54 f5
Aug 26 13:24:13.825811: |   14 48 fc 67  d2 67 38 d5  37 bf ff 7d  74 dc 16 3a
Aug 26 13:24:13.825813: |   fd 76 94 a5  4c d8 82 1f  a8 ed 8c 8f  3d 52 f8 01
Aug 26 13:24:13.825816: |   2b 1c 7b 90  74 b8 7a 39  90 af 81 b5  b8 47 85 b5
Aug 26 13:24:13.825818: |   b6 cb db e3  bd 4a 69 a2  25 0f 54 24  52 10 98 55
Aug 26 13:24:13.825821: |   2d af 39 cb  e2 e4 95 17  34 2f 2c 5a  23 73 ac 58
Aug 26 13:24:13.825823: |   cd 27 13 89  41 3c 39 9b  6b 44 56 12  4c 59 f5 dd
Aug 26 13:24:13.825828: |   d6 d1 e8 87  74 c8 2c 74  16 45 91 d5  45 bc cd 45
Aug 26 13:24:13.825830: |   81 1e 2f 83  c9 3c 60 d0  27 a8 35 d6  5a d2 99 17
Aug 26 13:24:13.825833: |   5a 0c 28 3d  64 83 3f a0  c5 f5 fe dd  01 e0 4a fb
Aug 26 13:24:13.825835: |   ac 44 1f 3d  e7 60 f3 b3  d7 c4 df c4  a5 e3 40 9c
Aug 26 13:24:13.825837: |   02 0b ea d3  87 53 51 58  b9 e5 8e f5  84 72 d7 6c
Aug 26 13:24:13.825840: |   5d 25 bd fe  d9 58 e1 57  6d 62 04 1d  37 c6 d8 59
Aug 26 13:24:13.825842: |   5b e7 2a 55  ab 50 bd 55  1f 5e 4f 15  8c 19 c4 93
Aug 26 13:24:13.825844: |   59 33 a9 70  1b 56 56 6d  68 0b 75 68  b3 f6 63 b2
Aug 26 13:24:13.825847: |   ef e4 f4 d1  5e 51 81 7d  09 cf 6e 1d  ae ce fc ef
Aug 26 13:24:13.825849: |   8a 2d ac 6e  a2 47 1a 3a  6b 65 65 32  29 77 75 5a
Aug 26 13:24:13.825852: |   f8 54 31 33  fe 9d 94 02  a3 3d 8b 3f  f5 97 23 48
Aug 26 13:24:13.825854: |   a1 d1 34 9e  12 c9 60 cd  bb ba c3 c1  4c 48 11 be
Aug 26 13:24:13.825856: |   a0 3a 08 1c  cc bb 2c ad  4b 4a c9 94  21 f1 c6 17
Aug 26 13:24:13.825859: |   3d 66 d2 3c  da ac 32 49  70 2a 36 06  4a 4c 60 c8
Aug 26 13:24:13.825861: |   e8 42 0c 19  22
Aug 26 13:24:13.825893: | #3 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:24:13.825897: | state #3 requesting EVENT_SA_REKEY to be deleted
Aug 26 13:24:13.825901: | libevent_free: release ptr-libevent@0x7f9b94002888
Aug 26 13:24:13.825904: | free_event_entry: release EVENT_SA_REKEY-pe@0x555f2c986188
Aug 26 13:24:13.825907: | event_schedule: new EVENT_SA_REKEY-pe@0x555f2c986188
Aug 26 13:24:13.825911: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #3
Aug 26 13:24:13.825914: | libevent_malloc: new ptr-libevent@0x7f9b94002888 size 128
Aug 26 13:24:13.825918: | resume sending helper answer for #3 suppresed complete_v2_state_transition()
Aug 26 13:24:13.825925: | #3 spent 0.599 milliseconds in resume sending helper answer
Aug 26 13:24:13.825930: | stop processing: state #3 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:24:13.825933: | libevent_free: release ptr-libevent@0x7f9b88006318
Aug 26 13:24:14.829498: | spent 0.0102 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:24:14.829582: | *received 65 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:24:14.829598: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:14.829611: |   2e 20 25 08  00 00 00 03  00 00 00 41  2a 00 00 25
Aug 26 13:24:14.829622: |   a0 e9 dd 74  65 d6 e7 48  a6 b3 7e ad  b6 e5 05 89
Aug 26 13:24:14.829633: |   85 12 8b 54  7f 96 04 6f  b2 eb b7 91  93 b4 d3 ed
Aug 26 13:24:14.829645: |   49
Aug 26 13:24:14.829669: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:24:14.829688: | **parse ISAKMP Message:
Aug 26 13:24:14.829703: |    initiator cookie:
Aug 26 13:24:14.829715: |   70 79 23 d6  e9 10 04 82
Aug 26 13:24:14.829729: |    responder cookie:
Aug 26 13:24:14.829740: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:14.829754: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:24:14.829769: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:14.829782: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 13:24:14.829796: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:24:14.829809: |    Message ID: 3 (0x3)
Aug 26 13:24:14.829822: |    length: 65 (0x41)
Aug 26 13:24:14.829838: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Aug 26 13:24:14.829854: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Aug 26 13:24:14.829871: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 13:24:14.829902: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:24:14.829919: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:24:14.829943: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:24:14.829971: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003
Aug 26 13:24:14.829995: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2
Aug 26 13:24:14.830008: | unpacking clear payload
Aug 26 13:24:14.830023: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:24:14.830038: | ***parse IKEv2 Encryption Payload:
Aug 26 13:24:14.830055: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Aug 26 13:24:14.830067: |    flags: none (0x0)
Aug 26 13:24:14.830080: |    length: 37 (0x25)
Aug 26 13:24:14.830094: | processing payload: ISAKMP_NEXT_v2SK (len=33)
Aug 26 13:24:14.830118: | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3
Aug 26 13:24:14.830135: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:14.830192: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Aug 26 13:24:14.830209: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Aug 26 13:24:14.830223: | **parse IKEv2 Delete Payload:
Aug 26 13:24:14.830238: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:14.830252: |    flags: none (0x0)
Aug 26 13:24:14.830264: |    length: 8 (0x8)
Aug 26 13:24:14.830278: |    protocol ID: PROTO_v2_IKE (0x1)
Aug 26 13:24:14.830318: |    SPI size: 0 (0x0)
Aug 26 13:24:14.830344: |    number of SPIs: 0 (0x0)
Aug 26 13:24:14.830360: | processing payload: ISAKMP_NEXT_v2D (len=0)
Aug 26 13:24:14.830379: | selected state microcode R2: process INFORMATIONAL Request
Aug 26 13:24:14.830393: | Now let's proceed with state specific processing
Aug 26 13:24:14.830409: | calling processor R2: process INFORMATIONAL Request
Aug 26 13:24:14.830431: | an informational request should send a response 
Aug 26 13:24:14.830457: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Aug 26 13:24:14.830474: | **emit ISAKMP Message:
Aug 26 13:24:14.830487: |    initiator cookie:
Aug 26 13:24:14.830498: |   70 79 23 d6  e9 10 04 82
Aug 26 13:24:14.830511: |    responder cookie:
Aug 26 13:24:14.830523: |   21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:14.830538: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:24:14.830551: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:14.830564: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 13:24:14.830577: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:24:14.830589: |    Message ID: 3 (0x3)
Aug 26 13:24:14.830604: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:24:14.830620: | ***emit IKEv2 Encryption Payload:
Aug 26 13:24:14.830634: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:14.830646: |    flags: none (0x0)
Aug 26 13:24:14.830662: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:24:14.830677: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Aug 26 13:24:14.830694: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:24:14.830718: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:24:14.830735: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:24:14.830750: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:24:14.830763: | emitting length of IKEv2 Encryption Payload: 29
Aug 26 13:24:14.830776: | emitting length of ISAKMP Message: 57
Aug 26 13:24:14.830835: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 13:24:14.830851: |   70 79 23 d6  e9 10 04 82  21 6b 14 ae  73 9f a8 3c
Aug 26 13:24:14.830864: |   2e 20 25 20  00 00 00 03  00 00 00 39  00 00 00 1d
Aug 26 13:24:14.830876: |   1a ad f1 28  09 db 5d 35  cf a0 c0 12  67 f5 a1 9c
Aug 26 13:24:14.830888: |   97 e5 fe a8  59 0a ba f1  3f
Aug 26 13:24:14.831009: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3
Aug 26 13:24:14.831041: | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3
Aug 26 13:24:14.831058: | State DB: IKEv2 state not found (delete_my_family)
Aug 26 13:24:14.831076: | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA)
Aug 26 13:24:14.831091: | pstats #1 ikev2.ike deleted completed
Aug 26 13:24:14.831111: | #1 spent 26.8 milliseconds in total
Aug 26 13:24:14.831138: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879)
Aug 26 13:24:14.831158: "east" #1: deleting state (STATE_IKESA_DEL) aged 26.117s and NOT sending notification
Aug 26 13:24:14.831174: | parent state #1: IKESA_DEL(established IKE SA) => delete
Aug 26 13:24:14.831435: | state #1 requesting EVENT_SA_REKEY to be deleted
Aug 26 13:24:14.831477: | libevent_free: release ptr-libevent@0x555f2c981a18
Aug 26 13:24:14.831496: | free_event_entry: release EVENT_SA_REKEY-pe@0x555f2c97c6a8
Aug 26 13:24:14.831514: | State DB: IKEv2 state not found (flush_incomplete_children)
Aug 26 13:24:14.831531: | in connection_discard for connection east
Aug 26 13:24:14.831546: | State DB: deleting IKEv2 state #1 in IKESA_DEL
Aug 26 13:24:14.831565: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore)
Aug 26 13:24:14.831692: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143)
Aug 26 13:24:14.831740: | in statetime_stop() and could not find #1
Aug 26 13:24:14.831759: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:14.831779: | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK
Aug 26 13:24:14.831793: | STF_OK but no state object remains
Aug 26 13:24:14.831808: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:24:14.831823: | in statetime_stop() and could not find #1
Aug 26 13:24:14.831846: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:24:14.831863: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:24:14.831878: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:24:14.831902: | spent 2.24 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:24:27.341328: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:27.341347: | expiring aged bare shunts from shunt table
Aug 26 13:24:27.341352: | spent 0.00418 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 13:24:38.843229: | spent 0.00433 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:24:38.843264: | *received 825 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:24:38.843269: |   12 1d 17 88  f4 35 0a 1c  35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:38.843273: |   2e 20 24 08  00 00 00 00  00 00 03 39  21 00 03 1d
Aug 26 13:24:38.843276: |   37 51 13 a2  3a cc 89 6a  1d 88 81 29  8b e6 c5 a3
Aug 26 13:24:38.843279: |   fb c4 e0 db  b5 5f 2b 6e  d4 71 46 91  99 9d 2a 7e
Aug 26 13:24:38.843283: |   6e 99 93 75  c8 1c cc 9c  d0 f2 1c 52  e5 6d 99 46
Aug 26 13:24:38.843286: |   69 d7 eb af  a8 ae 18 49  f5 f8 2c 33  12 f8 5e 6c
Aug 26 13:24:38.843304: |   42 f2 e9 f7  af ac e1 c3  7a 92 43 20  8e b2 d3 e5
Aug 26 13:24:38.843308: |   65 ea 18 d7  88 70 45 de  7a 73 1f ec  2c 0b 19 b0
Aug 26 13:24:38.843310: |   45 1d 24 3e  4a e5 05 6d  ef fb a8 9e  04 6a a0 09
Aug 26 13:24:38.843313: |   85 9e 6d 67  5a 0b 6e 9d  87 47 4d d7  fa 51 d7 41
Aug 26 13:24:38.843316: |   73 b0 aa d7  e2 85 ee 39  c6 be 2c bc  e5 90 4d d6
Aug 26 13:24:38.843319: |   ce 0b 62 ed  51 22 50 54  92 59 ec ac  72 80 6b 43
Aug 26 13:24:38.843322: |   c4 8a 3a eb  62 e7 f7 7d  f9 6e 1d 8d  be cc d1 a2
Aug 26 13:24:38.843330: |   7b 55 0f 4b  35 26 36 a7  c1 fa 54 31  a0 aa 3d 98
Aug 26 13:24:38.843333: |   84 a7 9d de  ba 08 a7 e7  16 26 b5 06  e2 2e 53 f3
Aug 26 13:24:38.843336: |   d1 de 5d 2c  bd 8c 53 20  13 03 2f c8  a2 33 f0 f4
Aug 26 13:24:38.843338: |   28 64 bc ff  2d 63 9e 89  ea 3e 9d b6  48 0b ff 04
Aug 26 13:24:38.843341: |   f2 f9 0a 25  0f c4 57 69  57 0e 98 d4  30 9b 4c c7
Aug 26 13:24:38.843344: |   fa 7f 87 27  7e 77 7e cc  e7 bf f3 ec  a8 db ab 55
Aug 26 13:24:38.843347: |   6c c8 fe 51  dc 65 43 5b  e2 80 90 b2  37 15 b9 77
Aug 26 13:24:38.843349: |   78 9d 3b 53  8c 79 42 69  ea 44 94 6f  d6 c3 e5 77
Aug 26 13:24:38.843352: |   8d 93 d0 a2  66 31 3b b0  00 c4 f2 7c  6e 6d b4 32
Aug 26 13:24:38.843355: |   d4 e7 8b df  18 dd d2 c0  17 a0 5e 60  31 c7 ff d6
Aug 26 13:24:38.843358: |   f1 7e 00 81  f2 68 b2 cf  0c 37 e6 58  af 83 77 70
Aug 26 13:24:38.843361: |   d1 5f 34 83  d8 a5 fb 01  de c6 8c 46  0e fc 16 2b
Aug 26 13:24:38.843363: |   45 21 02 3b  69 3f 78 65  c2 6a f7 73  5c 8c 7d 8e
Aug 26 13:24:38.843366: |   04 c1 f7 52  a9 07 d0 ab  0e 38 bc 37  11 b3 14 fd
Aug 26 13:24:38.843369: |   33 e0 e1 25  3a 01 6b df  18 ed d8 08  9c 58 f5 a5
Aug 26 13:24:38.843372: |   40 21 69 e7  74 af 11 79  01 90 77 7f  f1 6c 67 53
Aug 26 13:24:38.843375: |   d0 30 bf 77  b0 b4 a7 f6  55 6e 10 d3  01 36 0d 6e
Aug 26 13:24:38.843377: |   18 40 be 33  84 33 cf 80  da 43 0d 2f  a9 43 2f 14
Aug 26 13:24:38.843380: |   14 9f f5 f7  b8 5d 0d a9  57 bf 14 e8  ff 2f 68 2b
Aug 26 13:24:38.843383: |   a5 f5 50 5e  06 3d d6 6d  b4 05 ff c8  39 02 c7 22
Aug 26 13:24:38.843386: |   97 2c 12 7e  be f4 a8 0e  ca 88 a2 c9  8b ee 2a 65
Aug 26 13:24:38.843389: |   f2 50 5f ad  23 8d e0 ec  d7 c8 53 61  09 41 3c c2
Aug 26 13:24:38.843391: |   45 df bc 01  f5 2d 01 4c  8c 1b 2a 8e  6d b8 8c 36
Aug 26 13:24:38.843394: |   d5 60 92 56  27 cc 4e ff  11 68 ae 03  75 e2 b0 48
Aug 26 13:24:38.843397: |   e9 3f e3 a9  ba 58 d1 2b  1f 2e 19 d5  48 29 d4 40
Aug 26 13:24:38.843400: |   ba 8f d7 d3  a2 d3 7e 46  9c 4c f6 41  5c fe 04 cc
Aug 26 13:24:38.843402: |   cd 7f 4d b1  f2 e9 79 7a  17 41 0c 72  43 fc 59 78
Aug 26 13:24:38.843405: |   a3 05 5b 2a  a5 f1 8d c6  05 5a 60 d5  65 4c 6b 35
Aug 26 13:24:38.843408: |   1f 91 77 a9  63 15 ba 35  38 5a 75 e5  95 4f 36 4e
Aug 26 13:24:38.843411: |   3d dc 53 95  ee 48 a9 3d  4b b9 9b ce  90 27 82 a3
Aug 26 13:24:38.843414: |   87 a4 da 7b  b4 14 54 b2  36 13 9e f8  95 4d 39 09
Aug 26 13:24:38.843416: |   24 3d 19 43  79 f7 81 c1  14 63 23 94  e8 bb 68 48
Aug 26 13:24:38.843419: |   37 c0 e5 1c  3f 88 ba 9f  e2 ac f0 28  e2 57 b8 e6
Aug 26 13:24:38.843422: |   dc e1 ba fe  22 1f 74 3c  0b c2 15 f3  1a a4 5c 0d
Aug 26 13:24:38.843425: |   97 87 c7 23  52 03 46 88  3e e7 60 a8  c7 0e 12 84
Aug 26 13:24:38.843428: |   e7 bb 65 26  1e c5 5f 8b  b8 6b 6f 58  dc d0 17 b7
Aug 26 13:24:38.843430: |   bd 79 91 c5  0f 6b 16 78  02 0b e5 7e  64 11 73 e4
Aug 26 13:24:38.843433: |   29 ef f4 29  f6 47 a9 45  20 cb 4a 63  42 83 eb a7
Aug 26 13:24:38.843436: |   44 90 c2 1d  63 80 d4 32  1d
Aug 26 13:24:38.843442: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:24:38.843447: | **parse ISAKMP Message:
Aug 26 13:24:38.843451: |    initiator cookie:
Aug 26 13:24:38.843454: |   12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:38.843457: |    responder cookie:
Aug 26 13:24:38.843459: |   35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:38.843463: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:24:38.843466: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:38.843470: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:24:38.843473: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:24:38.843476: |    Message ID: 0 (0x0)
Aug 26 13:24:38.843479: |    length: 825 (0x339)
Aug 26 13:24:38.843483: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Aug 26 13:24:38.843487: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request 
Aug 26 13:24:38.843492: | State DB: found IKEv2 state #3 in PARENT_R2 (find_v2_ike_sa)
Aug 26 13:24:38.843502: | start processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:24:38.843507: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:24:38.843512: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:24:38.843516: | #3 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 13:24:38.843521: | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 13:24:38.843524: | unpacking clear payload
Aug 26 13:24:38.843527: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:24:38.843531: | ***parse IKEv2 Encryption Payload:
Aug 26 13:24:38.843534: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 13:24:38.843537: |    flags: none (0x0)
Aug 26 13:24:38.843540: |    length: 797 (0x31d)
Aug 26 13:24:38.843543: | processing payload: ISAKMP_NEXT_v2SK (len=793)
Aug 26 13:24:38.843549: | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 13:24:38.843552: | #3 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:38.843571: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Aug 26 13:24:38.843574: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 13:24:38.843578: | **parse IKEv2 Security Association Payload:
Aug 26 13:24:38.843581: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 13:24:38.843584: |    flags: none (0x0)
Aug 26 13:24:38.843587: |    length: 468 (0x1d4)
Aug 26 13:24:38.843590: | processing payload: ISAKMP_NEXT_v2SA (len=464)
Aug 26 13:24:38.843593: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 13:24:38.843596: | **parse IKEv2 Nonce Payload:
Aug 26 13:24:38.843599: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 13:24:38.843602: |    flags: none (0x0)
Aug 26 13:24:38.843605: |    length: 36 (0x24)
Aug 26 13:24:38.843608: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 13:24:38.843611: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 13:24:38.843615: | **parse IKEv2 Key Exchange Payload:
Aug 26 13:24:38.843618: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:38.843621: |    flags: none (0x0)
Aug 26 13:24:38.843623: |    length: 264 (0x108)
Aug 26 13:24:38.843627: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.843630: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 13:24:38.843634: | state #3 forced to match CREATE_CHILD_SA from V2_REKEY_IKE_R->PARENT_R2 by ignoring from state
Aug 26 13:24:38.843637: | selected state microcode Respond to CREATE_CHILD_SA IKE Rekey
Aug 26 13:24:38.843643: | #3 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 13:24:38.843648: | creating state object #4 at 0x555f2c97e828
Aug 26 13:24:38.843652: | State DB: adding IKEv2 state #4 in UNDEFINED
Aug 26 13:24:38.843656: | pstats #4 ikev2.ike started
Aug 26 13:24:38.843660: | duplicating state object #3 "east" as #4 for IKE SA
Aug 26 13:24:38.843665: | #4 setting local endpoint to 192.1.2.23:500 from #3.st_localport (in duplicate_state() at state.c:1484)
Aug 26 13:24:38.843671: | Message ID: init_child #3.#4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 13:24:38.843675: | child state #4: UNDEFINED(ignore) => V2_REKEY_IKE_R(established IKE SA)
Aug 26 13:24:38.843681: | "east" #3 received IKE Rekey Request CREATE_CHILD_SA from 192.1.2.45:500 Child "east" #4 in STATE_V2_REKEY_IKE_R will process it further
Aug 26 13:24:38.843687: | Message ID: switch-from #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0->-1
Aug 26 13:24:38.843692: | Message ID: switch-to #3.#4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1 wip.responder=-1->0
Aug 26 13:24:38.843697: | forcing ST #3 to CHILD #3.#4 in FSM processor
Aug 26 13:24:38.843700: | Now let's proceed with state specific processing
Aug 26 13:24:38.843703: | calling processor Respond to CREATE_CHILD_SA IKE Rekey
Aug 26 13:24:38.843723: | using existing local IKE proposals for connection east (IKE SA responding to rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 13:24:38.843728: | Comparing remote proposals against IKE Rekey responder child 4 local proposals
Aug 26 13:24:38.843732: | local proposal 1 type ENCR has 1 transforms
Aug 26 13:24:38.843735: | local proposal 1 type PRF has 2 transforms
Aug 26 13:24:38.843738: | local proposal 1 type INTEG has 1 transforms
Aug 26 13:24:38.843741: | local proposal 1 type DH has 8 transforms
Aug 26 13:24:38.843744: | local proposal 1 type ESN has 0 transforms
Aug 26 13:24:38.843749: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:24:38.843752: | local proposal 2 type ENCR has 1 transforms
Aug 26 13:24:38.843755: | local proposal 2 type PRF has 2 transforms
Aug 26 13:24:38.843758: | local proposal 2 type INTEG has 1 transforms
Aug 26 13:24:38.843761: | local proposal 2 type DH has 8 transforms
Aug 26 13:24:38.843764: | local proposal 2 type ESN has 0 transforms
Aug 26 13:24:38.843767: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 13:24:38.843770: | local proposal 3 type ENCR has 1 transforms
Aug 26 13:24:38.843773: | local proposal 3 type PRF has 2 transforms
Aug 26 13:24:38.843776: | local proposal 3 type INTEG has 2 transforms
Aug 26 13:24:38.843779: | local proposal 3 type DH has 8 transforms
Aug 26 13:24:38.843782: | local proposal 3 type ESN has 0 transforms
Aug 26 13:24:38.843786: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:24:38.843789: | local proposal 4 type ENCR has 1 transforms
Aug 26 13:24:38.843792: | local proposal 4 type PRF has 2 transforms
Aug 26 13:24:38.843795: | local proposal 4 type INTEG has 2 transforms
Aug 26 13:24:38.843798: | local proposal 4 type DH has 8 transforms
Aug 26 13:24:38.843801: | local proposal 4 type ESN has 0 transforms
Aug 26 13:24:38.843804: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 13:24:38.843808: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:38.843811: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:38.843814: |    length: 108 (0x6c)
Aug 26 13:24:38.843817: |    prop #: 1 (0x1)
Aug 26 13:24:38.843820: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:38.843823: |    spi size: 8 (0x8)
Aug 26 13:24:38.843826: |    # transforms: 11 (0xb)
Aug 26 13:24:38.843830: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:38.843833: | remote SPI  07 83 f5 f9  d9 8a 0b 04
Aug 26 13:24:38.843837: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 13:24:38.843841: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843844: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843847: |    length: 12 (0xc)
Aug 26 13:24:38.843850: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:38.843853: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:38.843856: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:38.843859: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:38.843865: |    length/value: 256 (0x100)
Aug 26 13:24:38.843870: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 13:24:38.843873: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843876: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843879: |    length: 8 (0x8)
Aug 26 13:24:38.843882: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.843885: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:38.843889: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 13:24:38.843893: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 13:24:38.843897: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 13:24:38.843900: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 13:24:38.843903: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843906: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843909: |    length: 8 (0x8)
Aug 26 13:24:38.843912: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.843915: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:38.843918: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843921: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843924: |    length: 8 (0x8)
Aug 26 13:24:38.843927: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.843930: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.843934: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 13:24:38.843938: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 13:24:38.843941: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 13:24:38.843945: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 13:24:38.843948: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843951: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843954: |    length: 8 (0x8)
Aug 26 13:24:38.843957: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.843960: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:38.843963: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843966: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843969: |    length: 8 (0x8)
Aug 26 13:24:38.843972: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.843975: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:38.843978: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843981: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843984: |    length: 8 (0x8)
Aug 26 13:24:38.843987: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.843990: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:38.843993: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.843996: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.843998: |    length: 8 (0x8)
Aug 26 13:24:38.844001: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844004: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:38.844008: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844010: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844013: |    length: 8 (0x8)
Aug 26 13:24:38.844016: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844019: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:38.844022: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844025: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844028: |    length: 8 (0x8)
Aug 26 13:24:38.844031: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844036: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:38.844039: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844042: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:38.844045: |    length: 8 (0x8)
Aug 26 13:24:38.844048: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844051: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:38.844055: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 13:24:38.844061: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 13:24:38.844064: | remote proposal 1 matches local proposal 1
Aug 26 13:24:38.844067: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:38.844070: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:38.844073: |    length: 108 (0x6c)
Aug 26 13:24:38.844076: |    prop #: 2 (0x2)
Aug 26 13:24:38.844079: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:38.844082: |    spi size: 8 (0x8)
Aug 26 13:24:38.844085: |    # transforms: 11 (0xb)
Aug 26 13:24:38.844088: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:38.844091: | remote SPI  07 83 f5 f9  d9 8a 0b 04
Aug 26 13:24:38.844095: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:38.844098: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844101: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844104: |    length: 12 (0xc)
Aug 26 13:24:38.844107: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:38.844110: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:38.844113: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:38.844116: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:38.844119: |    length/value: 128 (0x80)
Aug 26 13:24:38.844122: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844125: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844128: |    length: 8 (0x8)
Aug 26 13:24:38.844131: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844134: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:38.844137: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844140: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844143: |    length: 8 (0x8)
Aug 26 13:24:38.844146: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844149: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:38.844152: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844155: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844158: |    length: 8 (0x8)
Aug 26 13:24:38.844161: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844164: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.844167: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844170: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844172: |    length: 8 (0x8)
Aug 26 13:24:38.844175: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844178: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:38.844181: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844184: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844187: |    length: 8 (0x8)
Aug 26 13:24:38.844190: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844193: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:38.844196: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844199: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844202: |    length: 8 (0x8)
Aug 26 13:24:38.844205: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844208: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:38.844211: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844216: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844218: |    length: 8 (0x8)
Aug 26 13:24:38.844221: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844224: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:38.844228: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844230: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844233: |    length: 8 (0x8)
Aug 26 13:24:38.844236: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844239: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:38.844242: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844245: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844248: |    length: 8 (0x8)
Aug 26 13:24:38.844251: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844254: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:38.844257: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844260: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:38.844263: |    length: 8 (0x8)
Aug 26 13:24:38.844266: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844269: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:38.844273: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 13:24:38.844277: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 13:24:38.844280: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:38.844283: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 13:24:38.844286: |    length: 124 (0x7c)
Aug 26 13:24:38.844298: |    prop #: 3 (0x3)
Aug 26 13:24:38.844303: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:38.844307: |    spi size: 8 (0x8)
Aug 26 13:24:38.844310: |    # transforms: 13 (0xd)
Aug 26 13:24:38.844314: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:38.844317: | remote SPI  07 83 f5 f9  d9 8a 0b 04
Aug 26 13:24:38.844320: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:38.844323: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844326: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844329: |    length: 12 (0xc)
Aug 26 13:24:38.844332: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:38.844335: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:24:38.844338: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:38.844341: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:38.844344: |    length/value: 256 (0x100)
Aug 26 13:24:38.844347: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844350: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844353: |    length: 8 (0x8)
Aug 26 13:24:38.844356: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844359: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:38.844362: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844365: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844368: |    length: 8 (0x8)
Aug 26 13:24:38.844371: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844374: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:38.844377: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844380: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844383: |    length: 8 (0x8)
Aug 26 13:24:38.844386: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:38.844389: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:24:38.844392: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844395: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844398: |    length: 8 (0x8)
Aug 26 13:24:38.844400: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:38.844403: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:24:38.844413: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844416: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844419: |    length: 8 (0x8)
Aug 26 13:24:38.844422: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844425: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.844428: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844431: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844434: |    length: 8 (0x8)
Aug 26 13:24:38.844436: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844439: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:38.844443: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844445: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844448: |    length: 8 (0x8)
Aug 26 13:24:38.844451: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844454: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:38.844457: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844460: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844463: |    length: 8 (0x8)
Aug 26 13:24:38.844466: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844469: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:38.844472: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844475: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844478: |    length: 8 (0x8)
Aug 26 13:24:38.844481: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844484: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:38.844487: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844490: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844492: |    length: 8 (0x8)
Aug 26 13:24:38.844495: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844498: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:38.844501: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844504: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844507: |    length: 8 (0x8)
Aug 26 13:24:38.844510: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844513: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:38.844516: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844519: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:38.844522: |    length: 8 (0x8)
Aug 26 13:24:38.844525: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844528: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:38.844533: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:24:38.844536: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:24:38.844539: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 13:24:38.844542: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:24:38.844545: |    length: 124 (0x7c)
Aug 26 13:24:38.844548: |    prop #: 4 (0x4)
Aug 26 13:24:38.844551: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:38.844554: |    spi size: 8 (0x8)
Aug 26 13:24:38.844556: |    # transforms: 13 (0xd)
Aug 26 13:24:38.844560: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 13:24:38.844563: | remote SPI  07 83 f5 f9  d9 8a 0b 04
Aug 26 13:24:38.844566: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 13:24:38.844570: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844572: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844575: |    length: 12 (0xc)
Aug 26 13:24:38.844578: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:38.844581: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 13:24:38.844584: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 13:24:38.844589: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:38.844592: |    length/value: 128 (0x80)
Aug 26 13:24:38.844595: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844598: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844601: |    length: 8 (0x8)
Aug 26 13:24:38.844604: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844607: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:38.844610: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844613: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844616: |    length: 8 (0x8)
Aug 26 13:24:38.844619: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.844622: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 13:24:38.844625: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844628: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844630: |    length: 8 (0x8)
Aug 26 13:24:38.844633: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:38.844636: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 13:24:38.844639: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844645: |    length: 8 (0x8)
Aug 26 13:24:38.844648: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 13:24:38.844651: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 13:24:38.844654: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844657: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844660: |    length: 8 (0x8)
Aug 26 13:24:38.844663: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844666: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.844669: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844672: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844674: |    length: 8 (0x8)
Aug 26 13:24:38.844677: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844680: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 13:24:38.844683: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844686: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844689: |    length: 8 (0x8)
Aug 26 13:24:38.844692: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844695: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 13:24:38.844698: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844701: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844704: |    length: 8 (0x8)
Aug 26 13:24:38.844707: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844710: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 13:24:38.844713: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844716: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844719: |    length: 8 (0x8)
Aug 26 13:24:38.844721: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844724: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 13:24:38.844728: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844730: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844733: |    length: 8 (0x8)
Aug 26 13:24:38.844736: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844739: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 13:24:38.844742: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844745: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.844748: |    length: 8 (0x8)
Aug 26 13:24:38.844751: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844754: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 13:24:38.844757: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.844760: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:38.844763: |    length: 8 (0x8)
Aug 26 13:24:38.844766: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.844772: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 13:24:38.844776: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 13:24:38.844780: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 13:24:38.844787: "east" #3: proposal 1:IKE:SPI=0783f5f9d98a0b04;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 13:24:38.844794: | accepted IKE proposal ikev2_proposal: 1:IKE:SPI=0783f5f9d98a0b04;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 13:24:38.844797: | converting proposal to internal trans attrs
Aug 26 13:24:38.844804: | adding IKE rekey KE response gir work-order 5 for state #4
Aug 26 13:24:38.844808: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9b90001f18
Aug 26 13:24:38.844813: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
Aug 26 13:24:38.844817: | libevent_malloc: new ptr-libevent@0x7f9b88006318 size 128
Aug 26 13:24:38.844832: | #4 spent 1.12 milliseconds in processing: Respond to CREATE_CHILD_SA IKE Rekey in ikev2_process_state_packet()
Aug 26 13:24:38.844839: | suspend processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:38.844844: | start processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:38.844849: | #4 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_SUSPEND
Aug 26 13:24:38.844852: | suspending state #4 and saving MD
Aug 26 13:24:38.844855: | #4 is busy; has a suspended MD
Aug 26 13:24:38.844860: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:24:38.844865: | "east" #4 complete v2 state STATE_V2_REKEY_IKE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:24:38.844870: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:24:38.844872: | crypto helper 4 resuming
Aug 26 13:24:38.844875: | #3 spent 1.61 milliseconds in ikev2_process_packet()
Aug 26 13:24:38.844898: | crypto helper 4 starting work-order 5 for state #4
Aug 26 13:24:38.844910: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:24:38.844920: | crypto helper 4 doing build KE and nonce (IKE rekey KE response gir); request ID 5
Aug 26 13:24:38.844923: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:24:38.844933: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:24:38.844939: | spent 1.66 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:24:38.846129: | crypto helper 4 finished build KE and nonce (IKE rekey KE response gir); request ID 5 time elapsed 0.001208 seconds
Aug 26 13:24:38.846149: | (#4) spent 1.21 milliseconds in crypto helper computing work-order 5: IKE rekey KE response gir (pcr)
Aug 26 13:24:38.846154: | crypto helper 4 sending results from work-order 5 for state #4 to event queue
Aug 26 13:24:38.846158: | scheduling resume sending helper answer for #4
Aug 26 13:24:38.846162: | libevent_malloc: new ptr-libevent@0x7f9b8c002888 size 128
Aug 26 13:24:38.846173: | crypto helper 4 waiting (nothing to do)
Aug 26 13:24:38.846187: | processing resume sending helper answer for #4
Aug 26 13:24:38.846203: | start processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:24:38.846210: | crypto helper 4 replies to request ID 5
Aug 26 13:24:38.846213: | calling continuation function 0x555f2bf14b50
Aug 26 13:24:38.846218: | ikev2_child_ike_inIoutR_continue for #4 STATE_V2_REKEY_IKE_R
Aug 26 13:24:38.846242: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 13:24:38.846247: | adding DHv2 for REKEY IKE SA work-order 6 for state #4
Aug 26 13:24:38.846251: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:24:38.846255: | libevent_free: release ptr-libevent@0x7f9b88006318
Aug 26 13:24:38.846259: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9b90001f18
Aug 26 13:24:38.846263: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9b90001f18
Aug 26 13:24:38.846268: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
Aug 26 13:24:38.846272: | libevent_malloc: new ptr-libevent@0x555f2c981a18 size 128
Aug 26 13:24:38.846284: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:38.846297: | #4 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_SUSPEND
Aug 26 13:24:38.846304: | crypto helper 5 resuming
Aug 26 13:24:38.846308: | suspending state #4 and saving MD
Aug 26 13:24:38.846334: | #4 is busy; has a suspended MD
Aug 26 13:24:38.846324: | crypto helper 5 starting work-order 6 for state #4
Aug 26 13:24:38.846347: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 13:24:38.846359: | crypto helper 5 doing compute dh (V2) (DHv2 for REKEY IKE SA); request ID 6
Aug 26 13:24:38.846367: | "east" #4 complete v2 state STATE_V2_REKEY_IKE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 13:24:38.846381: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD
Aug 26 13:24:38.846389: | #4 spent 0.162 milliseconds in resume sending helper answer
Aug 26 13:24:38.846395: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:24:38.846399: | libevent_free: release ptr-libevent@0x7f9b8c002888
Aug 26 13:24:38.847347: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 13:24:38.847819: | crypto helper 5 finished compute dh (V2) (DHv2 for REKEY IKE SA); request ID 6 time elapsed 0.001461 seconds
Aug 26 13:24:38.847830: | (#4) spent 1.46 milliseconds in crypto helper computing work-order 6: DHv2 for REKEY IKE SA (pcr)
Aug 26 13:24:38.847834: | crypto helper 5 sending results from work-order 6 for state #4 to event queue
Aug 26 13:24:38.847838: | scheduling resume sending helper answer for #4
Aug 26 13:24:38.847842: | libevent_malloc: new ptr-libevent@0x7f9b800011d8 size 128
Aug 26 13:24:38.847851: | crypto helper 5 waiting (nothing to do)
Aug 26 13:24:38.847896: | processing resume sending helper answer for #4
Aug 26 13:24:38.847914: | start processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 13:24:38.847920: | crypto helper 5 replies to request ID 6
Aug 26 13:24:38.847923: | calling continuation function 0x555f2bf14b50
Aug 26 13:24:38.847928: | ikev2_child_ike_inIoutR_continue_continue for #4 STATE_V2_REKEY_IKE_R
Aug 26 13:24:38.847936: | **emit ISAKMP Message:
Aug 26 13:24:38.847940: |    initiator cookie:
Aug 26 13:24:38.847943: |   12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:38.847946: |    responder cookie:
Aug 26 13:24:38.847948: |   35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:38.847952: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:24:38.847956: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:38.847959: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 13:24:38.847963: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:24:38.847970: |    Message ID: 0 (0x0)
Aug 26 13:24:38.847974: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:24:38.847978: | ***emit IKEv2 Encryption Payload:
Aug 26 13:24:38.847982: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:38.847985: |    flags: none (0x0)
Aug 26 13:24:38.847989: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:24:38.847993: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:38.847997: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:24:38.848006: | Emitting ikev2_proposal ...
Aug 26 13:24:38.848010: | ****emit IKEv2 Security Association Payload:
Aug 26 13:24:38.848013: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:38.848016: |    flags: none (0x0)
Aug 26 13:24:38.848020: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 13:24:38.848024: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:38.848028: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 13:24:38.848031: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 13:24:38.848034: |    prop #: 1 (0x1)
Aug 26 13:24:38.848038: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 13:24:38.848041: |    spi size: 8 (0x8)
Aug 26 13:24:38.848044: |    # transforms: 3 (0x3)
Aug 26 13:24:38.848047: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 13:24:38.848052: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 13:24:38.848055: | our spi  6c de b9 32  4b 12 ce 1a
Aug 26 13:24:38.848058: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.848061: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.848064: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 13:24:38.848068: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 13:24:38.848071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:38.848075: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 13:24:38.848079: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 13:24:38.848082: |    length/value: 256 (0x100)
Aug 26 13:24:38.848085: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 13:24:38.848089: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.848092: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.848095: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 13:24:38.848098: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 13:24:38.848102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.848106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:38.848109: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:24:38.848112: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 13:24:38.848115: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 13:24:38.848118: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 13:24:38.848121: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.848125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 13:24:38.848129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 13:24:38.848132: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 13:24:38.848137: | emitting length of IKEv2 Proposal Substructure Payload: 44
Aug 26 13:24:38.848141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 13:24:38.848144: | emitting length of IKEv2 Security Association Payload: 48
Aug 26 13:24:38.848148: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 13:24:38.848151: | ****emit IKEv2 Nonce Payload:
Aug 26 13:24:38.848154: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:38.848157: |    flags: none (0x0)
Aug 26 13:24:38.848161: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 13:24:38.848165: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:38.848169: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 13:24:38.848172: | IKEv2 nonce  9f c7 51 e3  51 5f 09 b4  14 2f af c5  93 63 a5 7b
Aug 26 13:24:38.848175: | IKEv2 nonce  32 24 c9 10  31 0d 95 77  87 15 04 3c  f5 c7 14 58
Aug 26 13:24:38.848178: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 13:24:38.848181: | ****emit IKEv2 Key Exchange Payload:
Aug 26 13:24:38.848184: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:38.848187: |    flags: none (0x0)
Aug 26 13:24:38.848190: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 13:24:38.848194: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 13:24:38.848198: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 13:24:38.848201: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 13:24:38.848205: | ikev2 g^x  0e 78 a6 47  2f 5c af 7e  43 5e 85 e6  16 d9 4d df
Aug 26 13:24:38.848208: | ikev2 g^x  0d 86 93 66  e6 d1 98 7f  d2 58 19 d3  e5 0c fa 6d
Aug 26 13:24:38.848211: | ikev2 g^x  aa d2 24 39  7e b4 17 eb  06 8b f4 00  15 17 66 5f
Aug 26 13:24:38.848214: | ikev2 g^x  49 71 2d 38  10 92 62 fa  9a 5d 0a 07  66 0d 21 38
Aug 26 13:24:38.848216: | ikev2 g^x  be 57 93 b0  af de 90 e2  ba 13 aa bb  d9 bb df 41
Aug 26 13:24:38.848219: | ikev2 g^x  b0 3d 27 b8  25 f8 3a f2  52 89 38 df  82 04 08 91
Aug 26 13:24:38.848222: | ikev2 g^x  b5 e3 e4 2d  da 44 76 a6  2d f5 91 ca  32 8c 97 62
Aug 26 13:24:38.848225: | ikev2 g^x  a8 12 48 56  18 2b 65 4b  ac da d0 2d  92 7f 90 8c
Aug 26 13:24:38.848228: | ikev2 g^x  aa a6 b6 60  66 7b 0b 8d  a4 11 76 b9  44 4f 8c 59
Aug 26 13:24:38.848231: | ikev2 g^x  4e 05 46 b5  30 ec ab 75  d8 bc 33 e7  b1 8e 3a f2
Aug 26 13:24:38.848234: | ikev2 g^x  81 38 58 52  5a bb 56 76  e6 25 b5 a7  30 c5 3e db
Aug 26 13:24:38.848237: | ikev2 g^x  b2 13 df 38  53 f8 97 ae  31 16 68 e5  56 74 8c d6
Aug 26 13:24:38.848240: | ikev2 g^x  b7 0a 76 75  7b 43 61 57  da 02 5c 6d  23 5e 4b d3
Aug 26 13:24:38.848243: | ikev2 g^x  91 70 dc 1b  bf dc 84 bc  b2 35 a4 78  24 5d 7e 21
Aug 26 13:24:38.848246: | ikev2 g^x  1c b0 64 6e  ef 02 68 15  b5 fb 48 6b  56 c4 bb 8f
Aug 26 13:24:38.848249: | ikev2 g^x  79 33 76 30  b1 5e bd 9e  b7 a3 f2 f4  26 43 ea fc
Aug 26 13:24:38.848252: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 13:24:38.848255: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:24:38.848260: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:24:38.848263: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:24:38.848267: | emitting length of IKEv2 Encryption Payload: 377
Aug 26 13:24:38.848270: | emitting length of ISAKMP Message: 405
Aug 26 13:24:38.848297: | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:38.848304: | #4 complete_v2_state_transition() V2_REKEY_IKE_R->PARENT_R2 with status STF_OK
Aug 26 13:24:38.848311: | IKEv2: transition from state STATE_V2_REKEY_IKE_R to state STATE_PARENT_R2
Aug 26 13:24:38.848314: | Message ID: updating counters for #4 to 0 before emancipating
Aug 26 13:24:38.848321: | Message ID: recv #3.#4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0; child: wip.initiator=-1 wip.responder=0->-1
Aug 26 13:24:38.848330: | Message ID: sent #3.#4 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1
Aug 26 13:24:38.848336: | Message ID: init_ike #4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1
Aug 26 13:24:38.848339: | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir]
Aug 26 13:24:38.848347: | #2 migrated from IKE SA #3 to IKE SA #4
Aug 26 13:24:38.848351: | State DB: re-hashing IKEv2 state #2 IKE SPIi and SPI[ir]
Aug 26 13:24:38.848354: | State DB: IKEv2 state not found (v2_migrate_children)
Aug 26 13:24:38.848359: | parent state #4: V2_REKEY_IKE_R(established IKE SA) => PARENT_R2(established IKE SA)
Aug 26 13:24:38.848364: | #4 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:24:38.848368: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 13:24:38.848372: | libevent_free: release ptr-libevent@0x555f2c981a18
Aug 26 13:24:38.848376: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9b90001f18
Aug 26 13:24:38.848380: | event_schedule: new EVENT_SA_REKEY-pe@0x7f9b90001f18
Aug 26 13:24:38.848384: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #4
Aug 26 13:24:38.848388: | libevent_malloc: new ptr-libevent@0x7f9b8c002888 size 128
Aug 26 13:24:38.848466: | pstats #4 ikev2.ike established
Aug 26 13:24:38.848477: "east" #4: STATE_PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:38.848488: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 13:24:38.848500: | sending 405 bytes for STATE_V2_REKEY_IKE_R through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #3)
Aug 26 13:24:38.848506: |   12 1d 17 88  f4 35 0a 1c  35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:38.848510: |   2e 20 24 20  00 00 00 00  00 00 01 95  21 00 01 79
Aug 26 13:24:38.848515: |   09 84 f3 3f  f8 fc 72 27  a7 d3 b3 07  97 05 89 1f
Aug 26 13:24:38.848520: |   9d df db b7  18 ce 0a 27  4b b2 0c f8  d9 31 b9 3e
Aug 26 13:24:38.848524: |   2d 4e 57 ab  2c 10 9e 25  ba bc e0 78  d8 9c 96 dc
Aug 26 13:24:38.848529: |   40 5b 85 77  01 8f bd ed  b9 79 04 5f  56 45 5b 83
Aug 26 13:24:38.848534: |   db 92 1e 92  a3 69 80 20  56 dd 93 0f  cc e4 f9 bc
Aug 26 13:24:38.848538: |   09 bd b9 96  17 01 0b 1d  bb 11 64 0f  6a 55 39 a8
Aug 26 13:24:38.848542: |   01 e0 86 d9  76 bd 8c 40  6c ba 3a 55  3d 84 b4 83
Aug 26 13:24:38.848547: |   3c a7 2e a3  ab 54 a1 b3  ad 52 a5 5d  fc 0b 23 21
Aug 26 13:24:38.848551: |   70 cb b7 6e  ed 81 f5 13  b5 70 21 8f  5e fc 7a a3
Aug 26 13:24:38.848556: |   aa a9 04 a1  b3 9a bd f1  ed 54 5c b7  c3 1c 3a 83
Aug 26 13:24:38.848560: |   7c 2a 75 61  13 28 38 56  b7 57 46 15  d3 b1 74 94
Aug 26 13:24:38.848565: |   37 38 0e 1c  75 f6 e6 8a  84 49 30 93  49 60 0a 0b
Aug 26 13:24:38.848569: |   b6 10 7a 4f  18 6c d0 5d  69 d0 3f bc  03 f1 e9 ab
Aug 26 13:24:38.848573: |   c7 ea c9 9b  a9 84 d8 2d  82 7d 8a 71  43 93 72 bd
Aug 26 13:24:38.848578: |   f4 b2 d2 1f  2a 0c ce 9a  d3 ce a9 fd  c0 b3 7b 49
Aug 26 13:24:38.848582: |   0b a9 3c 1a  08 91 13 bd  c9 bc d3 79  0a 8f 00 3b
Aug 26 13:24:38.848587: |   73 86 f1 ee  5e de f6 b6  5b 6d a5 12  d1 e2 70 2b
Aug 26 13:24:38.848592: |   0b 71 67 93  e1 b6 cf dc  52 1d 3c 3b  11 75 1e 04
Aug 26 13:24:38.848596: |   24 47 f9 df  72 5f 0b 5d  07 14 33 cd  72 cc a0 61
Aug 26 13:24:38.848601: |   31 2d 48 c2  a1 78 25 dd  92 9e 21 f0  d3 68 76 13
Aug 26 13:24:38.848605: |   a4 0e a8 0d  57 c0 a6 84  58 65 11 31  05 0c 60 c8
Aug 26 13:24:38.848609: |   c8 f3 ca 56  75 7c f5 ee  39 0b 71 0a  ad 6b 82 f1
Aug 26 13:24:38.848614: |   79 0f 48 5c  fd c4 7c 62  8a 31 fe 38  77 4d 98 50
Aug 26 13:24:38.848623: |   e8 99 09 59  9e
Aug 26 13:24:38.848680: | #4 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 13:24:38.848688: | state #4 requesting EVENT_SA_REKEY to be deleted
Aug 26 13:24:38.848692: | libevent_free: release ptr-libevent@0x7f9b8c002888
Aug 26 13:24:38.848696: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f9b90001f18
Aug 26 13:24:38.848700: | event_schedule: new EVENT_SA_REKEY-pe@0x7f9b90001f18
Aug 26 13:24:38.848704: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #4
Aug 26 13:24:38.848708: | libevent_malloc: new ptr-libevent@0x7f9b8c002888 size 128
Aug 26 13:24:38.848713: | resume sending helper answer for #4 suppresed complete_v2_state_transition()
Aug 26 13:24:38.848721: | #4 spent 0.769 milliseconds in resume sending helper answer
Aug 26 13:24:38.848727: | stop processing: state #4 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 13:24:38.848731: | libevent_free: release ptr-libevent@0x7f9b800011d8
Aug 26 13:24:39.854178: | spent 0.00805 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 13:24:39.854234: | *received 65 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 13:24:39.854244: |   12 1d 17 88  f4 35 0a 1c  35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:39.854251: |   2e 20 25 08  00 00 00 01  00 00 00 41  2a 00 00 25
Aug 26 13:24:39.854256: |   d2 70 69 ac  0b ad 74 f8  fa 7e 11 13  58 c9 ae d4
Aug 26 13:24:39.854262: |   ca cb 11 d3  35 a9 87 1d  35 73 69 92  3c b6 52 90
Aug 26 13:24:39.854267: |   8f
Aug 26 13:24:39.854278: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 13:24:39.854286: | **parse ISAKMP Message:
Aug 26 13:24:39.854337: |    initiator cookie:
Aug 26 13:24:39.854345: |   12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:39.854351: |    responder cookie:
Aug 26 13:24:39.854356: |   35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:39.854363: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 13:24:39.854369: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:39.854376: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 13:24:39.854382: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 13:24:39.854388: |    Message ID: 1 (0x1)
Aug 26 13:24:39.854393: |    length: 65 (0x41)
Aug 26 13:24:39.854400: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Aug 26 13:24:39.854408: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Aug 26 13:24:39.854416: | State DB: found IKEv2 state #3 in PARENT_R2 (find_v2_ike_sa)
Aug 26 13:24:39.854431: | start processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 13:24:39.854438: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 13:24:39.854447: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 13:24:39.854454: | #3 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 13:24:39.854464: | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 13:24:39.854469: | unpacking clear payload
Aug 26 13:24:39.854474: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 13:24:39.854481: | ***parse IKEv2 Encryption Payload:
Aug 26 13:24:39.854487: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Aug 26 13:24:39.854492: |    flags: none (0x0)
Aug 26 13:24:39.854497: |    length: 37 (0x25)
Aug 26 13:24:39.854503: | processing payload: ISAKMP_NEXT_v2SK (len=33)
Aug 26 13:24:39.854513: | Message ID: start-responder #3 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 13:24:39.854519: | #3 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 13:24:39.854550: | #3 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Aug 26 13:24:39.854557: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Aug 26 13:24:39.854572: | **parse IKEv2 Delete Payload:
Aug 26 13:24:39.854579: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:39.854584: |    flags: none (0x0)
Aug 26 13:24:39.854589: |    length: 8 (0x8)
Aug 26 13:24:39.854595: |    protocol ID: PROTO_v2_IKE (0x1)
Aug 26 13:24:39.854600: |    SPI size: 0 (0x0)
Aug 26 13:24:39.854606: |    number of SPIs: 0 (0x0)
Aug 26 13:24:39.854611: | processing payload: ISAKMP_NEXT_v2D (len=0)
Aug 26 13:24:39.854617: | selected state microcode R2: process INFORMATIONAL Request
Aug 26 13:24:39.854623: | Now let's proceed with state specific processing
Aug 26 13:24:39.854628: | calling processor R2: process INFORMATIONAL Request
Aug 26 13:24:39.854636: | an informational request should send a response 
Aug 26 13:24:39.854649: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Aug 26 13:24:39.854657: | **emit ISAKMP Message:
Aug 26 13:24:39.854663: |    initiator cookie:
Aug 26 13:24:39.854668: |   12 1d 17 88  f4 35 0a 1c
Aug 26 13:24:39.854674: |    responder cookie:
Aug 26 13:24:39.854679: |   35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:39.854684: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 13:24:39.854690: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 13:24:39.854695: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 13:24:39.854701: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 13:24:39.854706: |    Message ID: 1 (0x1)
Aug 26 13:24:39.854713: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 13:24:39.854719: | ***emit IKEv2 Encryption Payload:
Aug 26 13:24:39.854725: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 13:24:39.854730: |    flags: none (0x0)
Aug 26 13:24:39.854737: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 13:24:39.854743: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Aug 26 13:24:39.854751: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 13:24:39.854764: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 13:24:39.854771: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 13:24:39.854778: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 13:24:39.854783: | emitting length of IKEv2 Encryption Payload: 29
Aug 26 13:24:39.854789: | emitting length of ISAKMP Message: 57
Aug 26 13:24:39.854813: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #3)
Aug 26 13:24:39.854820: |   12 1d 17 88  f4 35 0a 1c  35 ff 3e 14  68 5e 4a 0f
Aug 26 13:24:39.854825: |   2e 20 25 20  00 00 00 01  00 00 00 39  00 00 00 1d
Aug 26 13:24:39.854830: |   91 d6 b1 f8  61 4d c6 12  8f 52 69 75  bd 96 fe 07
Aug 26 13:24:39.854835: |   fc 68 5f 51  47 d4 da e8  1e
Aug 26 13:24:39.854904: | Message ID: #3 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
Aug 26 13:24:39.854918: | Message ID: sent #3 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1
Aug 26 13:24:39.854925: | State DB: IKEv2 state not found (delete_my_family)
Aug 26 13:24:39.854932: | parent state #3: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA)
Aug 26 13:24:39.854939: | pstats #3 ikev2.ike deleted completed
Aug 26 13:24:39.854948: | #3 spent 5.55 milliseconds in total
Aug 26 13:24:39.854958: | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879)
Aug 26 13:24:39.854967: "east" #3: deleting state (STATE_IKESA_DEL) aged 26.033s and NOT sending notification
Aug 26 13:24:39.854974: | parent state #3: IKESA_DEL(established IKE SA) => delete
Aug 26 13:24:39.855096: | state #3 requesting EVENT_SA_REKEY to be deleted
Aug 26 13:24:39.855110: | libevent_free: release ptr-libevent@0x7f9b94002888
Aug 26 13:24:39.855117: | free_event_entry: release EVENT_SA_REKEY-pe@0x555f2c986188
Aug 26 13:24:39.855124: | State DB: IKEv2 state not found (flush_incomplete_children)
Aug 26 13:24:39.855133: | in connection_discard for connection east
Aug 26 13:24:39.855144: | State DB: deleting IKEv2 state #3 in IKESA_DEL
Aug 26 13:24:39.855157: | parent state #3: IKESA_DEL(established IKE SA) => UNDEFINED(ignore)
Aug 26 13:24:39.855199: | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143)
Aug 26 13:24:39.855243: | in statetime_stop() and could not find #3
Aug 26 13:24:39.855258: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 13:24:39.855276: | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK
Aug 26 13:24:39.855286: | STF_OK but no state object remains
Aug 26 13:24:39.855319: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 13:24:39.855332: | in statetime_stop() and could not find #3
Aug 26 13:24:39.855348: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 13:24:39.855363: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 13:24:39.855376: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 13:24:39.855394: | spent 1.11 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 13:24:47.332393: | processing global timer EVENT_PENDING_DDNS
Aug 26 13:24:47.332408: | FOR_EACH_CONNECTION_... in connection_check_ddns
Aug 26 13:24:47.332411: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 13:24:47.332414: | elapsed time in connection_check_ddns for hostname lookup 0.000005
Aug 26 13:24:47.332419: | spent 0.0091 milliseconds in global timer EVENT_PENDING_DDNS
Aug 26 13:24:47.332421: | processing global timer EVENT_SHUNT_SCAN
Aug 26 13:24:47.332423: | expiring aged bare shunts from shunt table
Aug 26 13:24:47.332426: | spent 0.00256 milliseconds in global timer EVENT_SHUNT_SCAN