Aug 26 13:23:48.423217: FIPS Product: YES Aug 26 13:23:48.423322: FIPS Kernel: NO Aug 26 13:23:48.423325: FIPS Mode: NO Aug 26 13:23:48.423327: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:23:48.423449: Initializing NSS Aug 26 13:23:48.423455: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:23:48.448051: NSS initialized Aug 26 13:23:48.448065: NSS crypto library initialized Aug 26 13:23:48.448067: FIPS HMAC integrity support [enabled] Aug 26 13:23:48.448069: FIPS mode disabled for pluto daemon Aug 26 13:23:48.472829: FIPS HMAC integrity verification self-test FAILED Aug 26 13:23:48.472932: libcap-ng support [enabled] Aug 26 13:23:48.472941: Linux audit support [enabled] Aug 26 13:23:48.473345: Linux audit activated Aug 26 13:23:48.473355: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21545 Aug 26 13:23:48.473357: core dump dir: /tmp Aug 26 13:23:48.473359: secrets file: /etc/ipsec.secrets Aug 26 13:23:48.473360: leak-detective enabled Aug 26 13:23:48.473362: NSS crypto [enabled] Aug 26 13:23:48.473363: XAUTH PAM support [enabled] Aug 26 13:23:48.473420: | libevent is using pluto's memory allocator Aug 26 13:23:48.473425: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:23:48.473438: | libevent_malloc: new ptr-libevent@0x56501cad9038 size 40 Aug 26 13:23:48.473441: | libevent_malloc: new ptr-libevent@0x56501cad8cd8 size 40 Aug 26 13:23:48.473444: | libevent_malloc: new ptr-libevent@0x56501cad8dd8 size 40 Aug 26 13:23:48.473446: | creating event base Aug 26 13:23:48.473448: | libevent_malloc: new ptr-libevent@0x56501cb5d6f8 size 56 Aug 26 13:23:48.473451: | libevent_malloc: new ptr-libevent@0x56501cb01788 size 664 Aug 26 13:23:48.473461: | libevent_malloc: new ptr-libevent@0x56501cb5d768 size 24 Aug 26 13:23:48.473463: | libevent_malloc: new ptr-libevent@0x56501cb5d7b8 size 384 Aug 26 13:23:48.473472: | libevent_malloc: new ptr-libevent@0x56501cb5d6b8 size 16 Aug 26 13:23:48.473474: | libevent_malloc: new ptr-libevent@0x56501cad8908 size 40 Aug 26 13:23:48.473475: | libevent_malloc: new ptr-libevent@0x56501cad8d38 size 48 Aug 26 13:23:48.473480: | libevent_realloc: new ptr-libevent@0x56501cb02d68 size 256 Aug 26 13:23:48.473482: | libevent_malloc: new ptr-libevent@0x56501cb5d968 size 16 Aug 26 13:23:48.473486: | libevent_free: release ptr-libevent@0x56501cb5d6f8 Aug 26 13:23:48.473488: | libevent initialized Aug 26 13:23:48.473491: | libevent_realloc: new ptr-libevent@0x56501cb5d6f8 size 64 Aug 26 13:23:48.473493: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:23:48.473507: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:23:48.473509: NAT-Traversal support [enabled] Aug 26 13:23:48.473511: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:23:48.473516: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:23:48.473518: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:23:48.473543: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:23:48.473545: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:23:48.473548: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:23:48.473579: Encryption algorithms: Aug 26 13:23:48.473586: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:23:48.473588: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:23:48.473591: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:23:48.473593: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:23:48.473595: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:23:48.473605: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:23:48.473608: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:23:48.473610: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:23:48.473614: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:23:48.473618: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:23:48.473622: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:23:48.473626: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:23:48.473630: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:23:48.473632: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:23:48.473635: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:23:48.473636: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:23:48.473639: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:23:48.473644: Hash algorithms: Aug 26 13:23:48.473646: MD5 IKEv1: IKE IKEv2: Aug 26 13:23:48.473648: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:23:48.473650: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:23:48.473652: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:23:48.473654: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:23:48.473662: PRF algorithms: Aug 26 13:23:48.473664: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:23:48.473666: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:23:48.473669: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:23:48.473672: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:23:48.473676: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:23:48.473679: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:23:48.473702: Integrity algorithms: Aug 26 13:23:48.473706: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:23:48.473710: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:23:48.473713: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:23:48.473717: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:23:48.473721: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:23:48.473724: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:23:48.473728: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:23:48.473731: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:23:48.473733: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:23:48.473741: DH algorithms: Aug 26 13:23:48.473744: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:23:48.473746: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:23:48.473748: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:23:48.473752: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:23:48.473754: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:23:48.473756: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:23:48.473758: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:23:48.473760: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:23:48.473762: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:23:48.473764: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:23:48.473766: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:23:48.473768: testing CAMELLIA_CBC: Aug 26 13:23:48.473770: Camellia: 16 bytes with 128-bit key Aug 26 13:23:48.473852: Camellia: 16 bytes with 128-bit key Aug 26 13:23:48.473871: Camellia: 16 bytes with 256-bit key Aug 26 13:23:48.473889: Camellia: 16 bytes with 256-bit key Aug 26 13:23:48.473907: testing AES_GCM_16: Aug 26 13:23:48.473909: empty string Aug 26 13:23:48.473929: one block Aug 26 13:23:48.473945: two blocks Aug 26 13:23:48.473961: two blocks with associated data Aug 26 13:23:48.473977: testing AES_CTR: Aug 26 13:23:48.473979: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:23:48.473996: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:23:48.474013: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:23:48.474030: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:23:48.474046: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:23:48.474083: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:23:48.474102: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:23:48.474122: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:23:48.474140: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:23:48.474157: testing AES_CBC: Aug 26 13:23:48.474159: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:23:48.474176: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:23:48.474194: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:23:48.474212: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:23:48.474233: testing AES_XCBC: Aug 26 13:23:48.474235: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:23:48.474355: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:23:48.474473: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:23:48.474548: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:23:48.474668: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:23:48.474811: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:23:48.474909: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:23:48.475121: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:23:48.475200: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:23:48.475283: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:23:48.475444: testing HMAC_MD5: Aug 26 13:23:48.475449: RFC 2104: MD5_HMAC test 1 Aug 26 13:23:48.475556: RFC 2104: MD5_HMAC test 2 Aug 26 13:23:48.475648: RFC 2104: MD5_HMAC test 3 Aug 26 13:23:48.475773: 8 CPU cores online Aug 26 13:23:48.475777: starting up 7 crypto helpers Aug 26 13:23:48.475802: started thread for crypto helper 0 Aug 26 13:23:48.475819: started thread for crypto helper 1 Aug 26 13:23:48.475834: | starting up helper thread 0 Aug 26 13:23:48.475856: | starting up helper thread 1 Aug 26 13:23:48.475863: | starting up helper thread 2 Aug 26 13:23:48.475870: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:23:48.475883: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:48.475864: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:23:48.475858: started thread for crypto helper 2 Aug 26 13:23:48.475877: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:23:48.475947: started thread for crypto helper 3 Aug 26 13:23:48.475962: started thread for crypto helper 4 Aug 26 13:23:48.475928: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:48.475965: | starting up helper thread 4 Aug 26 13:23:48.475994: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:23:48.475971: | starting up helper thread 3 Aug 26 13:23:48.476003: | starting up helper thread 5 Aug 26 13:23:48.476008: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:23:48.476001: started thread for crypto helper 5 Aug 26 13:23:48.476040: started thread for crypto helper 6 Aug 26 13:23:48.476042: | starting up helper thread 6 Aug 26 13:23:48.476048: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:23:48.475999: | crypto helper 2 waiting (nothing to do) Aug 26 13:23:48.476048: | checking IKEv1 state table Aug 26 13:23:48.476075: | crypto helper 4 waiting (nothing to do) Aug 26 13:23:48.476011: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:23:48.476081: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476082: | crypto helper 5 waiting (nothing to do) Aug 26 13:23:48.476084: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:23:48.476089: | crypto helper 6 waiting (nothing to do) Aug 26 13:23:48.476091: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476097: | crypto helper 3 waiting (nothing to do) Aug 26 13:23:48.476097: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:23:48.476103: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:23:48.476105: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:23:48.476107: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:48.476109: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:48.476110: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:23:48.476112: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:23:48.476114: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:48.476115: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:48.476117: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:23:48.476119: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:48.476120: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:48.476122: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:48.476124: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:23:48.476125: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:48.476127: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:48.476129: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:48.476130: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:23:48.476132: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476134: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:23:48.476136: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476137: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476139: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:23:48.476141: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476143: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:48.476144: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:48.476146: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:23:48.476148: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:48.476149: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:48.476151: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:23:48.476153: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476154: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:23:48.476156: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476158: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:23:48.476160: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:23:48.476164: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:23:48.476166: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:23:48.476168: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:23:48.476169: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:23:48.476171: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:23:48.476173: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476175: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:23:48.476176: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476178: | INFO: category: informational flags: 0: Aug 26 13:23:48.476180: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476182: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:23:48.476183: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476185: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:23:48.476187: | -> XAUTH_R1 EVENT_NULL Aug 26 13:23:48.476188: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:23:48.476190: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:48.476192: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:23:48.476299: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:23:48.476302: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:23:48.476304: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:23:48.476306: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:23:48.476307: | -> UNDEFINED EVENT_NULL Aug 26 13:23:48.476309: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:23:48.476324: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:48.476326: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:23:48.476327: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:23:48.476329: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:23:48.476330: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:23:48.476335: | checking IKEv2 state table Aug 26 13:23:48.476339: | PARENT_I0: category: ignore flags: 0: Aug 26 13:23:48.476342: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:23:48.476344: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476346: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:23:48.476348: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:23:48.476350: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:23:48.476351: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:23:48.476353: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:23:48.476355: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:23:48.476357: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:23:48.476359: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:23:48.476361: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:23:48.476363: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:23:48.476364: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:23:48.476366: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:23:48.476368: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:23:48.476369: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476371: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:23:48.476373: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:23:48.476375: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:23:48.476377: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:23:48.476379: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:23:48.476380: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:23:48.476384: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:23:48.476386: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:23:48.476388: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:23:48.476390: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:23:48.476392: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:23:48.476394: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:23:48.476396: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:23:48.476397: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:23:48.476399: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:48.476401: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:23:48.476403: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:23:48.476405: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:23:48.476407: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:23:48.476409: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:23:48.476411: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:23:48.476413: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:23:48.476414: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:23:48.476416: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:48.476418: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:23:48.476420: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:23:48.476422: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:23:48.476424: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:23:48.476425: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:23:48.476427: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:23:48.476436: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:23:48.476935: | Hard-wiring algorithms Aug 26 13:23:48.476938: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:23:48.476941: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:23:48.476943: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:23:48.476945: | adding 3DES_CBC to kernel algorithm db Aug 26 13:23:48.476947: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:23:48.476949: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:23:48.476950: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:23:48.476952: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:23:48.476954: | adding AES_CTR to kernel algorithm db Aug 26 13:23:48.476955: | adding AES_CBC to kernel algorithm db Aug 26 13:23:48.476957: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:23:48.476959: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:23:48.476961: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:23:48.476962: | adding NULL to kernel algorithm db Aug 26 13:23:48.476964: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:23:48.476966: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:23:48.476968: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:23:48.476970: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:23:48.476971: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:23:48.476973: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:23:48.476975: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:23:48.476976: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:23:48.476978: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:23:48.476979: | adding NONE to kernel algorithm db Aug 26 13:23:48.476996: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:23:48.477001: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:23:48.477003: | setup kernel fd callback Aug 26 13:23:48.477005: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56501cb623c8 Aug 26 13:23:48.477009: | libevent_malloc: new ptr-libevent@0x56501cb467e8 size 128 Aug 26 13:23:48.477011: | libevent_malloc: new ptr-libevent@0x56501cb624d8 size 16 Aug 26 13:23:48.477015: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56501cb62f08 Aug 26 13:23:48.477017: | libevent_malloc: new ptr-libevent@0x56501cb02e98 size 128 Aug 26 13:23:48.477019: | libevent_malloc: new ptr-libevent@0x56501cb62ec8 size 16 Aug 26 13:23:48.477155: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:23:48.477162: selinux support is enabled. Aug 26 13:23:48.477551: | unbound context created - setting debug level to 5 Aug 26 13:23:48.477574: | /etc/hosts lookups activated Aug 26 13:23:48.477585: | /etc/resolv.conf usage activated Aug 26 13:23:48.477622: | outgoing-port-avoid set 0-65535 Aug 26 13:23:48.477639: | outgoing-port-permit set 32768-60999 Aug 26 13:23:48.477641: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:23:48.477643: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:23:48.477645: | Setting up events, loop start Aug 26 13:23:48.477648: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56501cb62f78 Aug 26 13:23:48.477650: | libevent_malloc: new ptr-libevent@0x56501cb6f108 size 128 Aug 26 13:23:48.477652: | libevent_malloc: new ptr-libevent@0x56501cb7a358 size 16 Aug 26 13:23:48.477657: | libevent_realloc: new ptr-libevent@0x56501cb01418 size 256 Aug 26 13:23:48.477659: | libevent_malloc: new ptr-libevent@0x56501cb7a398 size 8 Aug 26 13:23:48.477661: | libevent_realloc: new ptr-libevent@0x56501cad4918 size 144 Aug 26 13:23:48.477663: | libevent_malloc: new ptr-libevent@0x56501cafa538 size 152 Aug 26 13:23:48.477665: | libevent_malloc: new ptr-libevent@0x56501cb7a3d8 size 16 Aug 26 13:23:48.477668: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:23:48.477670: | libevent_malloc: new ptr-libevent@0x56501cb7a418 size 8 Aug 26 13:23:48.477672: | libevent_malloc: new ptr-libevent@0x56501cafa608 size 152 Aug 26 13:23:48.477674: | signal event handler PLUTO_SIGTERM installed Aug 26 13:23:48.477676: | libevent_malloc: new ptr-libevent@0x56501cb7a458 size 8 Aug 26 13:23:48.477678: | libevent_malloc: new ptr-libevent@0x56501cb7a498 size 152 Aug 26 13:23:48.477680: | signal event handler PLUTO_SIGHUP installed Aug 26 13:23:48.477681: | libevent_malloc: new ptr-libevent@0x56501cb7a568 size 8 Aug 26 13:23:48.477683: | libevent_realloc: release ptr-libevent@0x56501cad4918 Aug 26 13:23:48.477685: | libevent_realloc: new ptr-libevent@0x56501cb7a5a8 size 256 Aug 26 13:23:48.477687: | libevent_malloc: new ptr-libevent@0x56501cb7a6d8 size 152 Aug 26 13:23:48.477689: | signal event handler PLUTO_SIGSYS installed Aug 26 13:23:48.477922: | created addconn helper (pid:21566) using fork+execve Aug 26 13:23:48.477934: | forked child 21566 Aug 26 13:23:48.479733: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.479751: listening for IKE messages Aug 26 13:23:48.480031: | Inspecting interface lo Aug 26 13:23:48.480037: | found lo with address 127.0.0.1 Aug 26 13:23:48.480042: | Inspecting interface eth0 Aug 26 13:23:48.480045: | found eth0 with address 192.0.1.254 Aug 26 13:23:48.480047: | Inspecting interface eth1 Aug 26 13:23:48.480050: | found eth1 with address 192.1.2.45 Aug 26 13:23:48.480118: Kernel supports NIC esp-hw-offload Aug 26 13:23:48.480127: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:23:48.480164: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:48.480167: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:48.480170: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:23:48.480194: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:23:48.480210: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:48.480213: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:48.480215: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:23:48.480232: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:23:48.480248: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:48.480250: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:48.480253: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:23:48.480333: | no interfaces to sort Aug 26 13:23:48.480352: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:23:48.480358: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ac38 Aug 26 13:23:48.480361: | libevent_malloc: new ptr-libevent@0x56501cb6f058 size 128 Aug 26 13:23:48.480363: | libevent_malloc: new ptr-libevent@0x56501cb7aca8 size 16 Aug 26 13:23:48.480369: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:48.480371: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ace8 Aug 26 13:23:48.480373: | libevent_malloc: new ptr-libevent@0x56501cb048d8 size 128 Aug 26 13:23:48.480375: | libevent_malloc: new ptr-libevent@0x56501cb7ad58 size 16 Aug 26 13:23:48.480378: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:48.480380: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ad98 Aug 26 13:23:48.480382: | libevent_malloc: new ptr-libevent@0x56501cb047d8 size 128 Aug 26 13:23:48.480383: | libevent_malloc: new ptr-libevent@0x56501cb7ae08 size 16 Aug 26 13:23:48.480386: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:48.480388: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ae48 Aug 26 13:23:48.480391: | libevent_malloc: new ptr-libevent@0x56501cb060a8 size 128 Aug 26 13:23:48.480393: | libevent_malloc: new ptr-libevent@0x56501cb7aeb8 size 16 Aug 26 13:23:48.480396: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:48.480398: | add_fd_read_event_handler: new ethX-pe@0x56501cb7aef8 Aug 26 13:23:48.480400: | libevent_malloc: new ptr-libevent@0x56501cadeba8 size 128 Aug 26 13:23:48.480402: | libevent_malloc: new ptr-libevent@0x56501cb7af68 size 16 Aug 26 13:23:48.480405: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:48.480407: | add_fd_read_event_handler: new ethX-pe@0x56501cb7afa8 Aug 26 13:23:48.480409: | libevent_malloc: new ptr-libevent@0x56501cad91d8 size 128 Aug 26 13:23:48.480411: | libevent_malloc: new ptr-libevent@0x56501cb7b018 size 16 Aug 26 13:23:48.480414: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:48.480418: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:48.480420: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:48.480434: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:48.480442: | id type added to secret(0x56501cad4c48) PKK_PSK: @west Aug 26 13:23:48.480444: | id type added to secret(0x56501cad4c48) PKK_PSK: @east Aug 26 13:23:48.480447: | Processing PSK at line 1: passed Aug 26 13:23:48.480449: | certs and keys locked by 'process_secret' Aug 26 13:23:48.480452: | certs and keys unlocked by 'process_secret' Aug 26 13:23:48.480459: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.480464: | spent 0.736 milliseconds in whack Aug 26 13:23:48.495426: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.495443: listening for IKE messages Aug 26 13:23:48.495469: | Inspecting interface lo Aug 26 13:23:48.495474: | found lo with address 127.0.0.1 Aug 26 13:23:48.495476: | Inspecting interface eth0 Aug 26 13:23:48.495479: | found eth0 with address 192.0.1.254 Aug 26 13:23:48.495480: | Inspecting interface eth1 Aug 26 13:23:48.495483: | found eth1 with address 192.1.2.45 Aug 26 13:23:48.495521: | no interfaces to sort Aug 26 13:23:48.495531: | libevent_free: release ptr-libevent@0x56501cb6f058 Aug 26 13:23:48.495534: | free_event_entry: release EVENT_NULL-pe@0x56501cb7ac38 Aug 26 13:23:48.495536: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ac38 Aug 26 13:23:48.495538: | libevent_malloc: new ptr-libevent@0x56501cb6f058 size 128 Aug 26 13:23:48.495543: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:48.495546: | libevent_free: release ptr-libevent@0x56501cb048d8 Aug 26 13:23:48.495548: | free_event_entry: release EVENT_NULL-pe@0x56501cb7ace8 Aug 26 13:23:48.495550: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ace8 Aug 26 13:23:48.495552: | libevent_malloc: new ptr-libevent@0x56501cb048d8 size 128 Aug 26 13:23:48.495555: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:48.495557: | libevent_free: release ptr-libevent@0x56501cb047d8 Aug 26 13:23:48.495559: | free_event_entry: release EVENT_NULL-pe@0x56501cb7ad98 Aug 26 13:23:48.495561: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ad98 Aug 26 13:23:48.495563: | libevent_malloc: new ptr-libevent@0x56501cb047d8 size 128 Aug 26 13:23:48.495566: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:48.495569: | libevent_free: release ptr-libevent@0x56501cb060a8 Aug 26 13:23:48.495571: | free_event_entry: release EVENT_NULL-pe@0x56501cb7ae48 Aug 26 13:23:48.495572: | add_fd_read_event_handler: new ethX-pe@0x56501cb7ae48 Aug 26 13:23:48.495574: | libevent_malloc: new ptr-libevent@0x56501cb060a8 size 128 Aug 26 13:23:48.495578: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:48.495580: | libevent_free: release ptr-libevent@0x56501cadeba8 Aug 26 13:23:48.495582: | free_event_entry: release EVENT_NULL-pe@0x56501cb7aef8 Aug 26 13:23:48.495584: | add_fd_read_event_handler: new ethX-pe@0x56501cb7aef8 Aug 26 13:23:48.495585: | libevent_malloc: new ptr-libevent@0x56501cadeba8 size 128 Aug 26 13:23:48.495588: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:48.495591: | libevent_free: release ptr-libevent@0x56501cad91d8 Aug 26 13:23:48.495593: | free_event_entry: release EVENT_NULL-pe@0x56501cb7afa8 Aug 26 13:23:48.495595: | add_fd_read_event_handler: new ethX-pe@0x56501cb7afa8 Aug 26 13:23:48.495596: | libevent_malloc: new ptr-libevent@0x56501cad91d8 size 128 Aug 26 13:23:48.495599: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:48.495602: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:48.495603: forgetting secrets Aug 26 13:23:48.495609: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:48.495619: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:48.495625: | id type added to secret(0x56501cad4c48) PKK_PSK: @west Aug 26 13:23:48.495627: | id type added to secret(0x56501cad4c48) PKK_PSK: @east Aug 26 13:23:48.495630: | Processing PSK at line 1: passed Aug 26 13:23:48.495632: | certs and keys locked by 'process_secret' Aug 26 13:23:48.495633: | certs and keys unlocked by 'process_secret' Aug 26 13:23:48.495639: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.495645: | spent 0.225 milliseconds in whack Aug 26 13:23:48.496020: | processing signal PLUTO_SIGCHLD Aug 26 13:23:48.496032: | waitpid returned pid 21566 (exited with status 0) Aug 26 13:23:48.496035: | reaped addconn helper child (status 0) Aug 26 13:23:48.496039: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:48.496042: | spent 0.0134 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:48.562793: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.562815: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:48.562818: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:48.562821: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:48.562823: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:48.562827: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:48.562833: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:48.562881: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:23:48.562884: | from whack: got --esp= Aug 26 13:23:48.562916: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:23:48.562921: | counting wild cards for @west is 0 Aug 26 13:23:48.562923: | counting wild cards for @east is 0 Aug 26 13:23:48.562932: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:23:48.562934: | new hp@0x56501cb7d328 Aug 26 13:23:48.562939: added connection description "west" Aug 26 13:23:48.562948: | ike_life: 30s; ipsec_life: 28800s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:48.562957: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:23:48.562963: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.562969: | spent 0.185 milliseconds in whack Aug 26 13:23:48.563038: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.563055: add keyid @west Aug 26 13:23:48.563061: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:23:48.563064: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:23:48.563067: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:23:48.563070: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:23:48.563073: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:23:48.563076: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:23:48.563079: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:23:48.563081: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:23:48.563084: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:23:48.563088: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:23:48.563090: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:23:48.563093: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:23:48.563096: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:23:48.563099: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:23:48.563102: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:23:48.563104: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:23:48.563107: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:23:48.563110: | add pubkey 15 04 37 f9 Aug 26 13:23:48.563153: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:23:48.563158: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:23:48.563175: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.563182: | spent 0.151 milliseconds in whack Aug 26 13:23:48.563206: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.563215: add keyid @east Aug 26 13:23:48.563218: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:23:48.563221: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:23:48.563223: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:23:48.563225: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:23:48.563230: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:23:48.563232: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:23:48.563235: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:23:48.563237: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:23:48.563239: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:23:48.563241: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:23:48.563243: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:23:48.563245: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:23:48.563247: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:23:48.563249: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:23:48.563251: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:23:48.563253: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:23:48.563255: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:23:48.563257: | add pubkey 51 51 48 ef Aug 26 13:23:48.563266: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:23:48.563268: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:23:48.563276: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.563281: | spent 0.0798 milliseconds in whack Aug 26 13:23:48.701753: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:48.701833: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:23:48.701846: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:48.701864: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Aug 26 13:23:48.701874: | connection 'west' +POLICY_UP Aug 26 13:23:48.701886: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:23:48.701896: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:23:48.701969: | creating state object #1 at 0x56501cb7dba8 Aug 26 13:23:48.701981: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:23:48.702008: | pstats #1 ikev2.ike started Aug 26 13:23:48.702020: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:23:48.702031: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:23:48.702049: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:48.702073: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:48.702091: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:48.702103: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:23:48.702116: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Aug 26 13:23:48.702131: "west" #1: initiating v2 parent SA Aug 26 13:23:48.702166: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Aug 26 13:23:48.702199: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:48.702224: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.702237: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:48.702254: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.702267: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:48.702337: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.702368: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:48.702396: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.702447: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.702500: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:23:48.702521: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:23:48.702541: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:48.702558: | libevent_malloc: new ptr-libevent@0x56501cb7d9f8 size 128 Aug 26 13:23:48.702615: | #1 spent 0.715 milliseconds in ikev2_parent_outI1() Aug 26 13:23:48.702635: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:48.702659: | RESET processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:48.702665: | crypto helper 1 resuming Aug 26 13:23:48.702677: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:48.702726: | crypto helper 1 starting work-order 1 for state #1 Aug 26 13:23:48.702756: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:23:48.702786: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:23:48.702803: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:23:48.702825: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:48.702848: | spent 1.07 milliseconds in whack Aug 26 13:23:48.705574: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.002788 seconds Aug 26 13:23:48.705618: | (#1) spent 2.78 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:23:48.705630: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 13:23:48.705641: | scheduling resume sending helper answer for #1 Aug 26 13:23:48.705653: | libevent_malloc: new ptr-libevent@0x7f6e24002888 size 128 Aug 26 13:23:48.705678: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:48.705725: | processing resume sending helper answer for #1 Aug 26 13:23:48.705780: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:48.705807: | crypto helper 1 replies to request ID 1 Aug 26 13:23:48.705823: | calling continuation function 0x56501b2b5b50 Aug 26 13:23:48.705837: | ikev2_parent_outI1_continue for #1 Aug 26 13:23:48.705984: | **emit ISAKMP Message: Aug 26 13:23:48.706005: | initiator cookie: Aug 26 13:23:48.706018: | 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.706033: | responder cookie: Aug 26 13:23:48.706046: | 00 00 00 00 00 00 00 00 Aug 26 13:23:48.706061: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:48.706077: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:48.706108: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:48.706126: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:48.706141: | Message ID: 0 (0x0) Aug 26 13:23:48.706157: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:48.706236: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.706256: | Emitting ikev2_proposals ... Aug 26 13:23:48.706273: | ***emit IKEv2 Security Association Payload: Aug 26 13:23:48.706307: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.706323: | flags: none (0x0) Aug 26 13:23:48.706343: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:48.706360: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.706385: | discarding INTEG=NONE Aug 26 13:23:48.706402: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.706418: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.706432: | prop #: 1 (0x1) Aug 26 13:23:48.706446: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:48.706460: | spi size: 0 (0x0) Aug 26 13:23:48.706473: | # transforms: 11 (0xb) Aug 26 13:23:48.706488: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.706504: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706524: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.706533: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.706543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706553: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.706562: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.706571: | length/value: 256 (0x100) Aug 26 13:23:48.706581: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.706590: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706607: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.706615: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:48.706626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706645: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706653: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706670: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.706679: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:48.706689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706719: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706727: | discarding INTEG=NONE Aug 26 13:23:48.706735: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.706761: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.706771: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706789: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706798: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.706823: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:48.706833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706852: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706860: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706868: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.706885: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:48.706895: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706913: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706921: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.706947: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:48.706957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.706966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.706975: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.706983: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.706992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707009: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:48.707019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707037: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707045: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707076: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:48.707086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707095: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707104: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707129: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707138: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:48.707147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707166: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707174: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707182: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.707191: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707199: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:48.707209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707227: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707236: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:48.707246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.707254: | discarding INTEG=NONE Aug 26 13:23:48.707263: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.707272: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.707280: | prop #: 2 (0x2) Aug 26 13:23:48.707303: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:48.707316: | spi size: 0 (0x0) Aug 26 13:23:48.707325: | # transforms: 11 (0xb) Aug 26 13:23:48.707336: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.707346: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.707355: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707378: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.707387: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.707396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707405: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.707414: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.707422: | length/value: 128 (0x80) Aug 26 13:23:48.707431: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.707440: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707448: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707456: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.707465: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:48.707475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707500: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707508: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707525: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.707533: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:48.707543: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707561: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707569: | discarding INTEG=NONE Aug 26 13:23:48.707577: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707594: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707602: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.707612: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707630: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707639: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707664: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:48.707673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707692: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707700: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707716: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707725: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:48.707735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707753: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707761: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707786: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:48.707796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707814: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707822: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707847: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:48.707867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707894: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707920: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:48.707930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707939: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.707948: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.707956: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.707964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.707973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.707981: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:48.707991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708000: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708009: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708026: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.708034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708042: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:48.708052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708071: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708079: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:48.708089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.708098: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.708106: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.708114: | prop #: 3 (0x3) Aug 26 13:23:48.708123: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:48.708131: | spi size: 0 (0x0) Aug 26 13:23:48.708139: | # transforms: 13 (0xd) Aug 26 13:23:48.708150: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.708159: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.708168: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708185: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.708193: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:48.708203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708211: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.708220: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.708232: | length/value: 256 (0x100) Aug 26 13:23:48.708241: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.708249: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708258: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708266: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.708275: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:48.708284: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708334: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708342: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708359: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.708372: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:48.708382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708391: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708400: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708409: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708417: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708426: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.708434: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:48.708444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708470: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708487: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.708496: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:48.708505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708524: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708540: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708549: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708557: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.708567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708576: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708585: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708593: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708619: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:48.708628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708652: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708660: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708676: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708685: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:48.708695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708713: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708721: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708738: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708746: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:48.708756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708774: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708782: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708799: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:48.708818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708836: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708844: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708861: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708869: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:48.708879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708897: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708905: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708922: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708930: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:48.708940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.708950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.708958: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.708966: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.708975: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.708983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.708995: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:48.709006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709024: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709033: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:48.709042: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.709051: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.709060: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:48.709068: | prop #: 4 (0x4) Aug 26 13:23:48.709076: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:48.709085: | spi size: 0 (0x0) Aug 26 13:23:48.709093: | # transforms: 13 (0xd) Aug 26 13:23:48.709103: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.709112: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.709121: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709138: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.709146: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:48.709156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709164: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.709173: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.709181: | length/value: 128 (0x80) Aug 26 13:23:48.709190: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.709198: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709215: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.709224: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:48.709233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709243: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709252: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709260: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709277: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.709285: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:48.709361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709383: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709392: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709409: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.709418: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:48.709428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709451: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709477: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.709485: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:48.709495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709513: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709521: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709530: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709538: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709547: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.709557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709575: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709583: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709608: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:48.709618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709636: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709644: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709661: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709670: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:48.709679: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709698: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709706: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709722: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709731: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:48.709741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709759: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709784: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709792: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:48.709802: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709824: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709832: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709848: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709857: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:48.709867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709885: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709893: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709910: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709918: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:48.709928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.709946: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.709954: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.709962: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.709971: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.709979: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:48.709989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.709999: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.710007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.710016: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:48.710025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.710034: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:23:48.710044: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:48.710053: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:23:48.710062: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.710071: | flags: none (0x0) Aug 26 13:23:48.710080: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.710091: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:23:48.710100: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.710112: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:23:48.710121: | ikev2 g^x 9e 55 8d cd de b0 4b c2 48 ab 6d b5 33 24 01 75 Aug 26 13:23:48.710130: | ikev2 g^x a1 f0 13 d8 0c 72 4f 15 2b 62 a1 23 c9 07 62 2c Aug 26 13:23:48.710138: | ikev2 g^x 1c a9 5c 3e 01 f1 51 7c a0 6d 1b 33 56 c8 40 59 Aug 26 13:23:48.710146: | ikev2 g^x 42 76 28 4e c9 ff 10 3c 97 b9 f8 de 15 41 22 42 Aug 26 13:23:48.710154: | ikev2 g^x 59 67 2d 39 93 cf 98 de 65 93 04 13 45 ea 62 ab Aug 26 13:23:48.710166: | ikev2 g^x 69 26 06 e6 c9 ce a5 85 d0 f5 2a 5e b0 cb 48 4d Aug 26 13:23:48.710174: | ikev2 g^x 54 f2 b2 aa d2 78 7b ed 2b 12 a5 5d ad 8a fb d0 Aug 26 13:23:48.710182: | ikev2 g^x e7 bb 73 1f 89 c3 ca 09 d7 a1 46 f7 9b e2 18 c9 Aug 26 13:23:48.710190: | ikev2 g^x 57 67 c0 ac 55 66 69 4b 9c 19 bd 0a 5d 31 72 08 Aug 26 13:23:48.710198: | ikev2 g^x 33 18 d4 a8 f4 8f f6 88 cd ad e1 19 d1 4d 08 37 Aug 26 13:23:48.710206: | ikev2 g^x 3f ce d4 6e 5c 1d 4b 3c 3c f8 9d a8 76 06 1f 6c Aug 26 13:23:48.710214: | ikev2 g^x a1 bd 29 3e 00 55 d3 8a 69 bd 35 bf 1c 8e de 70 Aug 26 13:23:48.710222: | ikev2 g^x 32 4f ff 8e d2 26 53 08 ab f0 8e 52 6c 9a ab 48 Aug 26 13:23:48.710230: | ikev2 g^x 79 15 a9 ca fc 05 7d 61 d0 18 9d 68 88 67 aa 1c Aug 26 13:23:48.710238: | ikev2 g^x 0d a8 e0 89 66 0b 39 c1 6d 72 ca 81 61 3e 78 b2 Aug 26 13:23:48.710247: | ikev2 g^x 7e 7a 38 f3 6c 5d b1 fa e4 29 d6 6f 7e 96 a3 a6 Aug 26 13:23:48.710256: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:23:48.710264: | ***emit IKEv2 Nonce Payload: Aug 26 13:23:48.710273: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:48.710281: | flags: none (0x0) Aug 26 13:23:48.710306: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:23:48.710323: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:23:48.710333: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.710343: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:23:48.710352: | IKEv2 nonce d9 e6 be 30 22 61 0d 20 08 c7 cc ed cf fe d0 fa Aug 26 13:23:48.710360: | IKEv2 nonce d2 85 8e f2 be 70 db 8c ff 82 86 eb 7f 4c 22 50 Aug 26 13:23:48.710369: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:23:48.710378: | Adding a v2N Payload Aug 26 13:23:48.710386: | ***emit IKEv2 Notify Payload: Aug 26 13:23:48.710395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.710404: | flags: none (0x0) Aug 26 13:23:48.710412: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.710421: | SPI size: 0 (0x0) Aug 26 13:23:48.710430: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:48.710441: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:48.710450: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.710459: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:23:48.710469: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:23:48.710478: | natd_hash: rcookie is zero Aug 26 13:23:48.710516: | natd_hash: hasher=0x56501b38a800(20) Aug 26 13:23:48.710526: | natd_hash: icookie= 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.710534: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:48.710542: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:48.710550: | natd_hash: port=500 Aug 26 13:23:48.710559: | natd_hash: hash= ac 64 93 33 0b 03 40 d4 a6 c2 7a 69 1e 19 6f 81 Aug 26 13:23:48.710567: | natd_hash: hash= 2d c0 f2 2a Aug 26 13:23:48.710575: | Adding a v2N Payload Aug 26 13:23:48.710584: | ***emit IKEv2 Notify Payload: Aug 26 13:23:48.710593: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.710601: | flags: none (0x0) Aug 26 13:23:48.710609: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.710617: | SPI size: 0 (0x0) Aug 26 13:23:48.710626: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:48.710637: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:48.710646: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.710656: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:48.710670: | Notify data ac 64 93 33 0b 03 40 d4 a6 c2 7a 69 1e 19 6f 81 Aug 26 13:23:48.710678: | Notify data 2d c0 f2 2a Aug 26 13:23:48.710687: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:48.710695: | natd_hash: rcookie is zero Aug 26 13:23:48.710714: | natd_hash: hasher=0x56501b38a800(20) Aug 26 13:23:48.710723: | natd_hash: icookie= 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.710731: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:48.710739: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:48.710747: | natd_hash: port=500 Aug 26 13:23:48.710755: | natd_hash: hash= b0 60 70 5e 0d 33 90 64 c1 d9 c4 f4 70 42 d1 e5 Aug 26 13:23:48.710763: | natd_hash: hash= 1d d8 5d 19 Aug 26 13:23:48.710771: | Adding a v2N Payload Aug 26 13:23:48.710779: | ***emit IKEv2 Notify Payload: Aug 26 13:23:48.710788: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.710796: | flags: none (0x0) Aug 26 13:23:48.710804: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.710812: | SPI size: 0 (0x0) Aug 26 13:23:48.710820: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:48.710831: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:48.710840: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.710849: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:48.710858: | Notify data b0 60 70 5e 0d 33 90 64 c1 d9 c4 f4 70 42 d1 e5 Aug 26 13:23:48.710866: | Notify data 1d d8 5d 19 Aug 26 13:23:48.710874: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:48.710883: | emitting length of ISAKMP Message: 828 Aug 26 13:23:48.710906: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:23:48.710946: | start processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:48.710959: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:23:48.710970: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:23:48.710981: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:23:48.710991: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:23:48.711000: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:23:48.711017: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:48.711028: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:48.711064: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:48.711097: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:48.711106: | 70 79 23 d6 e9 10 04 82 00 00 00 00 00 00 00 00 Aug 26 13:23:48.711115: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:23:48.711123: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:23:48.711131: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:23:48.711139: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:23:48.711146: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:23:48.711154: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:23:48.711162: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:23:48.711170: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:23:48.711178: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:23:48.711186: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:23:48.711195: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:23:48.711206: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:23:48.711218: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:23:48.711235: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:23:48.711248: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:23:48.711259: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:23:48.711272: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:23:48.711284: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:23:48.711319: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:23:48.711333: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:23:48.711345: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:23:48.711357: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:23:48.711369: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:23:48.711382: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:23:48.711394: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:23:48.711406: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:23:48.711418: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:23:48.711430: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:23:48.711442: | 28 00 01 08 00 0e 00 00 9e 55 8d cd de b0 4b c2 Aug 26 13:23:48.711455: | 48 ab 6d b5 33 24 01 75 a1 f0 13 d8 0c 72 4f 15 Aug 26 13:23:48.711468: | 2b 62 a1 23 c9 07 62 2c 1c a9 5c 3e 01 f1 51 7c Aug 26 13:23:48.711480: | a0 6d 1b 33 56 c8 40 59 42 76 28 4e c9 ff 10 3c Aug 26 13:23:48.711493: | 97 b9 f8 de 15 41 22 42 59 67 2d 39 93 cf 98 de Aug 26 13:23:48.711506: | 65 93 04 13 45 ea 62 ab 69 26 06 e6 c9 ce a5 85 Aug 26 13:23:48.711518: | d0 f5 2a 5e b0 cb 48 4d 54 f2 b2 aa d2 78 7b ed Aug 26 13:23:48.711531: | 2b 12 a5 5d ad 8a fb d0 e7 bb 73 1f 89 c3 ca 09 Aug 26 13:23:48.711544: | d7 a1 46 f7 9b e2 18 c9 57 67 c0 ac 55 66 69 4b Aug 26 13:23:48.711557: | 9c 19 bd 0a 5d 31 72 08 33 18 d4 a8 f4 8f f6 88 Aug 26 13:23:48.711570: | cd ad e1 19 d1 4d 08 37 3f ce d4 6e 5c 1d 4b 3c Aug 26 13:23:48.711582: | 3c f8 9d a8 76 06 1f 6c a1 bd 29 3e 00 55 d3 8a Aug 26 13:23:48.711596: | 69 bd 35 bf 1c 8e de 70 32 4f ff 8e d2 26 53 08 Aug 26 13:23:48.711609: | ab f0 8e 52 6c 9a ab 48 79 15 a9 ca fc 05 7d 61 Aug 26 13:23:48.711622: | d0 18 9d 68 88 67 aa 1c 0d a8 e0 89 66 0b 39 c1 Aug 26 13:23:48.711635: | 6d 72 ca 81 61 3e 78 b2 7e 7a 38 f3 6c 5d b1 fa Aug 26 13:23:48.711647: | e4 29 d6 6f 7e 96 a3 a6 29 00 00 24 d9 e6 be 30 Aug 26 13:23:48.711660: | 22 61 0d 20 08 c7 cc ed cf fe d0 fa d2 85 8e f2 Aug 26 13:23:48.711668: | be 70 db 8c ff 82 86 eb 7f 4c 22 50 29 00 00 08 Aug 26 13:23:48.711676: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ac 64 93 33 Aug 26 13:23:48.711684: | 0b 03 40 d4 a6 c2 7a 69 1e 19 6f 81 2d c0 f2 2a Aug 26 13:23:48.711692: | 00 00 00 1c 00 00 40 05 b0 60 70 5e 0d 33 90 64 Aug 26 13:23:48.711700: | c1 d9 c4 f4 70 42 d1 e5 1d d8 5d 19 Aug 26 13:23:48.711886: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:48.711916: | libevent_free: release ptr-libevent@0x56501cb7d9f8 Aug 26 13:23:48.711935: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:23:48.711951: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:23:48.711972: | event_schedule: new EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:23:48.711986: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 Aug 26 13:23:48.711996: | libevent_malloc: new ptr-libevent@0x56501cb80638 size 128 Aug 26 13:23:48.712013: | #1 STATE_PARENT_I1: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11114.454431 Aug 26 13:23:48.712026: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:23:48.712046: | #1 spent 6.01 milliseconds in resume sending helper answer Aug 26 13:23:48.712063: | stop processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:48.712094: | libevent_free: release ptr-libevent@0x7f6e24002888 Aug 26 13:23:48.723281: | spent 0.0108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:48.723398: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:48.723413: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.723422: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:23:48.723431: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:23:48.723439: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:23:48.723446: | 04 00 00 0e 28 00 01 08 00 0e 00 00 05 e8 3d 41 Aug 26 13:23:48.723454: | 0e d4 6a 29 67 69 4d c0 c3 0f 71 a0 3f 3e c8 94 Aug 26 13:23:48.723462: | bd fc 30 89 26 d2 ae 05 58 4c b3 8b 5f 6b cf 34 Aug 26 13:23:48.723470: | 7d 13 f2 a1 2c 50 6e 04 e9 41 f4 ef 9e 58 4c 7d Aug 26 13:23:48.723478: | c3 cf 7e a3 11 ea ae fa ac 16 fd fa b8 ac fd b0 Aug 26 13:23:48.723486: | 9e a8 c4 e4 e0 1f b8 74 b5 2b 05 03 05 34 26 1a Aug 26 13:23:48.723494: | c6 d0 ac 29 ad 3c 8c 39 cc f8 24 78 a7 c4 8c 9c Aug 26 13:23:48.723501: | 02 4c d6 e1 65 28 3d 59 b4 8e f1 b0 b7 c5 97 b9 Aug 26 13:23:48.723509: | 21 7a a8 d9 fc 00 eb f6 48 77 15 fc d5 4f 7d 7b Aug 26 13:23:48.723517: | dc b0 be ae 85 e9 65 0a 8c c9 6d ed be 98 71 a7 Aug 26 13:23:48.723525: | 44 a4 2d 04 ff 4d c8 f0 c5 76 6b 27 4c b7 c3 de Aug 26 13:23:48.723533: | 35 eb 5d ef 4b e0 1b 75 12 96 4c f3 93 0a 60 40 Aug 26 13:23:48.723541: | a8 d8 c8 9d 2d d6 62 91 fa 1b 33 d1 53 a2 25 60 Aug 26 13:23:48.723548: | f8 80 2b 0c 39 5a 14 4d 91 4e 6f aa e0 1b e0 27 Aug 26 13:23:48.723556: | 86 f6 d9 04 b0 3e ae 35 21 09 9e 7b 8a 1a 67 06 Aug 26 13:23:48.723564: | d6 40 d0 08 9c d6 be 64 18 35 92 e3 77 16 8c 3f Aug 26 13:23:48.723572: | d9 a2 04 d2 a8 4d d3 f7 56 29 75 2a 29 00 00 24 Aug 26 13:23:48.723580: | 43 05 5e d3 b6 b5 2e c4 a0 ba 50 92 42 c6 e3 fe Aug 26 13:23:48.723588: | 94 85 ec b1 dc e6 3d df e8 c7 0b f6 8d e8 01 26 Aug 26 13:23:48.723595: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:23:48.723603: | 41 f2 45 55 c3 af 3c 69 37 1c ed 83 58 31 7d 82 Aug 26 13:23:48.723611: | 02 b2 fe 15 00 00 00 1c 00 00 40 05 62 2a e0 b3 Aug 26 13:23:48.723619: | e8 91 7f dc 21 b8 88 b2 4f 86 ed b5 cd 1a f8 03 Aug 26 13:23:48.723634: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:48.723645: | **parse ISAKMP Message: Aug 26 13:23:48.723655: | initiator cookie: Aug 26 13:23:48.723663: | 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.723672: | responder cookie: Aug 26 13:23:48.723680: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.723689: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:48.723699: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:48.723708: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:48.723717: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:48.723726: | Message ID: 0 (0x0) Aug 26 13:23:48.723735: | length: 432 (0x1b0) Aug 26 13:23:48.723745: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:23:48.723756: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:23:48.723768: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:23:48.723789: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:48.723803: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:48.723812: | #1 is idle Aug 26 13:23:48.723820: | #1 idle Aug 26 13:23:48.723828: | unpacking clear payload Aug 26 13:23:48.723836: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:48.723846: | ***parse IKEv2 Security Association Payload: Aug 26 13:23:48.723855: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:23:48.723872: | flags: none (0x0) Aug 26 13:23:48.723882: | length: 40 (0x28) Aug 26 13:23:48.723891: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:23:48.723899: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:23:48.723909: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:23:48.723917: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:23:48.723925: | flags: none (0x0) Aug 26 13:23:48.723934: | length: 264 (0x108) Aug 26 13:23:48.723942: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.723951: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:23:48.723959: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:23:48.723967: | ***parse IKEv2 Nonce Payload: Aug 26 13:23:48.723976: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:48.723984: | flags: none (0x0) Aug 26 13:23:48.723992: | length: 36 (0x24) Aug 26 13:23:48.724000: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:23:48.724008: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:48.724017: | ***parse IKEv2 Notify Payload: Aug 26 13:23:48.724025: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:48.724033: | flags: none (0x0) Aug 26 13:23:48.724041: | length: 8 (0x8) Aug 26 13:23:48.724050: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.724058: | SPI size: 0 (0x0) Aug 26 13:23:48.724067: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:48.724076: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:23:48.724084: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:48.724092: | ***parse IKEv2 Notify Payload: Aug 26 13:23:48.724101: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:48.724109: | flags: none (0x0) Aug 26 13:23:48.724117: | length: 28 (0x1c) Aug 26 13:23:48.724125: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.724133: | SPI size: 0 (0x0) Aug 26 13:23:48.724142: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:48.724150: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:48.724158: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:48.724166: | ***parse IKEv2 Notify Payload: Aug 26 13:23:48.724175: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.724183: | flags: none (0x0) Aug 26 13:23:48.724191: | length: 28 (0x1c) Aug 26 13:23:48.724199: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:48.724207: | SPI size: 0 (0x0) Aug 26 13:23:48.724215: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:48.724224: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:48.724233: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:23:48.724252: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:48.724262: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:48.724270: | Now let's proceed with state specific processing Aug 26 13:23:48.724279: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:48.724318: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:23:48.724378: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:48.724392: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:23:48.724409: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:48.724419: | local proposal 1 type PRF has 2 transforms Aug 26 13:23:48.724428: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:48.724436: | local proposal 1 type DH has 8 transforms Aug 26 13:23:48.724445: | local proposal 1 type ESN has 0 transforms Aug 26 13:23:48.724456: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:48.724465: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:48.724473: | local proposal 2 type PRF has 2 transforms Aug 26 13:23:48.724482: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:48.724490: | local proposal 2 type DH has 8 transforms Aug 26 13:23:48.724499: | local proposal 2 type ESN has 0 transforms Aug 26 13:23:48.724509: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:48.724517: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:48.724525: | local proposal 3 type PRF has 2 transforms Aug 26 13:23:48.724534: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:48.724542: | local proposal 3 type DH has 8 transforms Aug 26 13:23:48.724550: | local proposal 3 type ESN has 0 transforms Aug 26 13:23:48.724560: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:48.724569: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:48.724577: | local proposal 4 type PRF has 2 transforms Aug 26 13:23:48.724586: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:48.724594: | local proposal 4 type DH has 8 transforms Aug 26 13:23:48.724602: | local proposal 4 type ESN has 0 transforms Aug 26 13:23:48.724612: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:48.724621: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.724630: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:48.724638: | length: 36 (0x24) Aug 26 13:23:48.724647: | prop #: 1 (0x1) Aug 26 13:23:48.724655: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:48.724663: | spi size: 0 (0x0) Aug 26 13:23:48.724672: | # transforms: 3 (0x3) Aug 26 13:23:48.724683: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:48.724693: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:48.724702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.724710: | length: 12 (0xc) Aug 26 13:23:48.724719: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.724727: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.724737: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.724746: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.724754: | length/value: 256 (0x100) Aug 26 13:23:48.724768: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:48.724777: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:48.724786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.724794: | length: 8 (0x8) Aug 26 13:23:48.724802: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:48.724811: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:48.724823: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:23:48.724831: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:48.724840: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.724848: | length: 8 (0x8) Aug 26 13:23:48.724856: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:48.724865: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:48.724876: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:23:48.724888: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:23:48.724902: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:23:48.724916: | remote proposal 1 matches local proposal 1 Aug 26 13:23:48.724927: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:23:48.724936: | converting proposal to internal trans attrs Aug 26 13:23:48.724975: | natd_hash: hasher=0x56501b38a800(20) Aug 26 13:23:48.724985: | natd_hash: icookie= 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.724993: | natd_hash: rcookie= 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.725002: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:48.725010: | natd_hash: port=500 Aug 26 13:23:48.725018: | natd_hash: hash= 62 2a e0 b3 e8 91 7f dc 21 b8 88 b2 4f 86 ed b5 Aug 26 13:23:48.725026: | natd_hash: hash= cd 1a f8 03 Aug 26 13:23:48.725044: | natd_hash: hasher=0x56501b38a800(20) Aug 26 13:23:48.725053: | natd_hash: icookie= 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.725061: | natd_hash: rcookie= 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.725069: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:48.725076: | natd_hash: port=500 Aug 26 13:23:48.725085: | natd_hash: hash= 41 f2 45 55 c3 af 3c 69 37 1c ed 83 58 31 7d 82 Aug 26 13:23:48.725092: | natd_hash: hash= 02 b2 fe 15 Aug 26 13:23:48.725101: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:23:48.725109: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:23:48.725117: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:23:48.725128: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:23:48.725140: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:23:48.725151: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:23:48.725161: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:48.725171: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:23:48.725182: | libevent_free: release ptr-libevent@0x56501cb80638 Aug 26 13:23:48.725192: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:23:48.725203: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:23:48.725215: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:48.725225: | libevent_malloc: new ptr-libevent@0x7f6e24002888 size 128 Aug 26 13:23:48.725259: | #1 spent 0.941 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:23:48.725277: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:48.725338: | crypto helper 0 resuming Aug 26 13:23:48.725374: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:23:48.725425: | crypto helper 0 starting work-order 2 for state #1 Aug 26 13:23:48.725452: | suspending state #1 and saving MD Aug 26 13:23:48.725477: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:23:48.725495: | #1 is busy; has a suspended MD Aug 26 13:23:48.725538: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:23:48.725553: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:23:48.725567: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:48.725584: | #1 spent 2.11 milliseconds in ikev2_process_packet() Aug 26 13:23:48.725597: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:48.725607: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:48.725617: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:48.725630: | spent 2.16 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:48.728074: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:23:48.729371: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.003893 seconds Aug 26 13:23:48.729416: | (#1) spent 3.88 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:23:48.729428: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Aug 26 13:23:48.729438: | scheduling resume sending helper answer for #1 Aug 26 13:23:48.729450: | libevent_malloc: new ptr-libevent@0x7f6e1c000f48 size 128 Aug 26 13:23:48.729474: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:48.729552: | processing resume sending helper answer for #1 Aug 26 13:23:48.729595: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:48.729613: | crypto helper 0 replies to request ID 2 Aug 26 13:23:48.729623: | calling continuation function 0x56501b2b5b50 Aug 26 13:23:48.729633: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:23:48.729663: | creating state object #2 at 0x56501cb82da8 Aug 26 13:23:48.729674: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:23:48.729685: | pstats #2 ikev2.child started Aug 26 13:23:48.729696: | duplicating state object #1 "west" as #2 for IPSEC SA Aug 26 13:23:48.729712: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:23:48.729734: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:48.729749: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:48.729764: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:48.729774: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:48.729785: | libevent_free: release ptr-libevent@0x7f6e24002888 Aug 26 13:23:48.729796: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:23:48.729807: | event_schedule: new EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:23:48.729819: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:23:48.729829: | libevent_malloc: new ptr-libevent@0x7f6e24002888 size 128 Aug 26 13:23:48.729842: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:23:48.729860: | **emit ISAKMP Message: Aug 26 13:23:48.729871: | initiator cookie: Aug 26 13:23:48.729879: | 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.729888: | responder cookie: Aug 26 13:23:48.729895: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.729905: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:48.729914: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:48.729923: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:48.729933: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:48.729942: | Message ID: 1 (0x1) Aug 26 13:23:48.729952: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:48.729962: | ***emit IKEv2 Encryption Payload: Aug 26 13:23:48.729971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.729979: | flags: none (0x0) Aug 26 13:23:48.729990: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:23:48.730000: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.730011: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:23:48.730034: | IKEv2 CERT: send a certificate? Aug 26 13:23:48.730045: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:23:48.730054: | IDr payload will be sent Aug 26 13:23:48.730103: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:23:48.730114: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.730123: | flags: none (0x0) Aug 26 13:23:48.730140: | ID type: ID_FQDN (0x2) Aug 26 13:23:48.730152: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:23:48.730162: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.730173: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:23:48.730181: | my identity 77 65 73 74 Aug 26 13:23:48.730191: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:23:48.730220: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:23:48.730230: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:48.730238: | flags: none (0x0) Aug 26 13:23:48.730247: | ID type: ID_FQDN (0x2) Aug 26 13:23:48.730257: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:23:48.730268: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:23:48.730278: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.730318: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:23:48.730338: | IDr 65 61 73 74 Aug 26 13:23:48.730348: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:23:48.730355: | not sending INITIAL_CONTACT Aug 26 13:23:48.730366: | ****emit IKEv2 Authentication Payload: Aug 26 13:23:48.730375: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.730383: | flags: none (0x0) Aug 26 13:23:48.730392: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:48.730403: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:23:48.730413: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.730424: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:23:48.730437: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:48.730446: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:48.730458: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:48.730469: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:48.730479: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:48.730487: | line 1: match=014 Aug 26 13:23:48.730498: | match 014 beats previous best_match 000 match=0x56501cad4c48 (line=1) Aug 26 13:23:48.730507: | concluding with best_match=014 best=0x56501cad4c48 (lineno=1) Aug 26 13:23:48.730706: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:23:48.730720: | PSK auth 4f 9d 80 1f d9 a2 87 4b 6c ee aa 32 cd 31 b2 b0 Aug 26 13:23:48.730729: | PSK auth 88 cf c9 5c 6f 24 96 42 25 0b 5e be aa 86 8b 2b Aug 26 13:23:48.730737: | PSK auth 3c 39 ad 06 a2 ae f0 c1 1e ad 2a 85 ad 23 6b 69 Aug 26 13:23:48.730745: | PSK auth 55 98 3f 30 f6 47 b0 a0 70 6c f3 0f cb 60 02 6b Aug 26 13:23:48.730755: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:23:48.730764: | getting first pending from state #1 Aug 26 13:23:48.730822: | netlink_get_spi: allocated 0xca313cb5 for esp.0@192.1.2.45 Aug 26 13:23:48.730835: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:23:48.730849: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:23:48.730866: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:48.730875: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:23:48.730888: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:48.730905: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:48.730920: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:48.730930: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:48.730943: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:48.730966: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:48.730997: | Emitting ikev2_proposals ... Aug 26 13:23:48.731007: | ****emit IKEv2 Security Association Payload: Aug 26 13:23:48.731017: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.731025: | flags: none (0x0) Aug 26 13:23:48.731036: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:48.731046: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.731055: | discarding INTEG=NONE Aug 26 13:23:48.731063: | discarding DH=NONE Aug 26 13:23:48.731071: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.731080: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.731089: | prop #: 1 (0x1) Aug 26 13:23:48.731098: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:48.731106: | spi size: 4 (0x4) Aug 26 13:23:48.731114: | # transforms: 2 (0x2) Aug 26 13:23:48.731124: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.731135: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:48.731145: | our spi ca 31 3c b5 Aug 26 13:23:48.731159: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.731173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.731185: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.731197: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.731212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.731228: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.731242: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.731255: | length/value: 256 (0x100) Aug 26 13:23:48.731269: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.731281: | discarding INTEG=NONE Aug 26 13:23:48.731309: | discarding DH=NONE Aug 26 13:23:48.731332: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.731346: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.731360: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:48.731373: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:48.731389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.731405: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.731421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.731435: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:48.731450: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.731463: | discarding INTEG=NONE Aug 26 13:23:48.731475: | discarding DH=NONE Aug 26 13:23:48.731497: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.731513: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.731526: | prop #: 2 (0x2) Aug 26 13:23:48.731539: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:48.731552: | spi size: 4 (0x4) Aug 26 13:23:48.731565: | # transforms: 2 (0x2) Aug 26 13:23:48.731582: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.731598: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.731616: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:48.731630: | our spi ca 31 3c b5 Aug 26 13:23:48.731640: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.731648: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.731657: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.731666: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.731675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.731685: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.731694: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.731702: | length/value: 128 (0x80) Aug 26 13:23:48.731711: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.731719: | discarding INTEG=NONE Aug 26 13:23:48.731726: | discarding DH=NONE Aug 26 13:23:48.731735: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.731743: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.731753: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:48.731765: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:48.731781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.731795: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.731809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.731823: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:48.731837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.731850: | discarding DH=NONE Aug 26 13:23:48.731864: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.731878: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.731890: | prop #: 3 (0x3) Aug 26 13:23:48.731903: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:48.731916: | spi size: 4 (0x4) Aug 26 13:23:48.731928: | # transforms: 4 (0x4) Aug 26 13:23:48.731943: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.731953: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.731964: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:48.731972: | our spi ca 31 3c b5 Aug 26 13:23:48.731981: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.731989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.731998: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.732006: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:48.732015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732024: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.732033: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.732041: | length/value: 256 (0x100) Aug 26 13:23:48.732065: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.732075: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732092: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.732100: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:48.732110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732129: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732137: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732153: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.732162: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:48.732172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732190: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732197: | discarding DH=NONE Aug 26 13:23:48.732206: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732214: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.732222: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:48.732230: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:48.732240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732258: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732267: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:48.732276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.732284: | discarding DH=NONE Aug 26 13:23:48.732317: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.732332: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:48.732343: | prop #: 4 (0x4) Aug 26 13:23:48.732351: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:48.732359: | spi size: 4 (0x4) Aug 26 13:23:48.732367: | # transforms: 4 (0x4) Aug 26 13:23:48.732378: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:48.732387: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:48.732398: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:48.732406: | our spi ca 31 3c b5 Aug 26 13:23:48.732414: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732431: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.732439: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:48.732448: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732457: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.732466: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.732474: | length/value: 128 (0x80) Aug 26 13:23:48.732482: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:48.732496: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732513: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.732521: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:48.732531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732558: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732574: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:48.732582: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:48.732592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732618: | discarding DH=NONE Aug 26 13:23:48.732626: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:48.732634: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.732642: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:48.732651: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:48.732661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.732670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:48.732679: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:48.732687: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:48.732696: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:48.732705: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:23:48.732714: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:48.732724: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:48.732733: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.732742: | flags: none (0x0) Aug 26 13:23:48.732750: | number of TS: 1 (0x1) Aug 26 13:23:48.732762: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:23:48.732771: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.732781: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:48.732789: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:48.732798: | IP Protocol ID: 0 (0x0) Aug 26 13:23:48.732806: | start port: 0 (0x0) Aug 26 13:23:48.732815: | end port: 65535 (0xffff) Aug 26 13:23:48.732825: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:48.732833: | ipv4 start c0 00 01 00 Aug 26 13:23:48.732843: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:48.732851: | ipv4 end c0 00 01 ff Aug 26 13:23:48.732859: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:48.732868: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:23:48.732877: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:48.732889: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.732898: | flags: none (0x0) Aug 26 13:23:48.732906: | number of TS: 1 (0x1) Aug 26 13:23:48.732917: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:23:48.732927: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:48.732935: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:48.732944: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:48.732952: | IP Protocol ID: 0 (0x0) Aug 26 13:23:48.732960: | start port: 0 (0x0) Aug 26 13:23:48.732968: | end port: 65535 (0xffff) Aug 26 13:23:48.732978: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:48.732986: | ipv4 start c0 00 02 00 Aug 26 13:23:48.732995: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:48.733002: | ipv4 end c0 00 02 ff Aug 26 13:23:48.733011: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:48.733019: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:23:48.733028: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:23:48.733037: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:23:48.733047: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:23:48.733058: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:23:48.733068: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:23:48.733076: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:23:48.733085: | emitting length of ISAKMP Message: 365 Aug 26 13:23:48.733141: | suspend processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:48.733157: | start processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:48.733170: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:23:48.733181: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:23:48.733191: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:23:48.733201: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:23:48.733217: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:48.733233: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:23:48.733247: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:23:48.733281: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:48.733312: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:48.733327: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.733336: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:23:48.733344: | 45 fc c6 3a d3 a5 63 62 7a 82 d8 af cd 45 f6 00 Aug 26 13:23:48.733352: | 62 63 c2 29 f2 a4 5f 78 dd cb 5b 20 fd 71 0e 13 Aug 26 13:23:48.733360: | ce c4 5e 1b b1 25 a3 a0 fa c2 a5 c3 06 5a f3 bb Aug 26 13:23:48.733368: | e8 0e 36 f0 8a a8 66 9f 27 09 dc 5b 4b 6d d0 c5 Aug 26 13:23:48.733376: | c6 b9 27 4f da c1 26 f5 3e 06 97 30 8c eb 40 e3 Aug 26 13:23:48.733383: | 3b d7 13 a2 a5 bb 05 f0 af 47 e9 e8 06 78 27 03 Aug 26 13:23:48.733391: | 87 8c 2b ac 5e a4 2e 5d a4 5c 8d f9 03 2c 27 f2 Aug 26 13:23:48.733399: | 05 b0 66 3b c0 85 04 c4 c1 5e 87 be 5b 32 81 a8 Aug 26 13:23:48.733414: | cc 19 e3 9f d8 67 28 0f bb 23 84 f7 bd 6e 0e bf Aug 26 13:23:48.733425: | 89 d6 1b 6c fc ba 03 12 b2 9c 13 9b 24 14 f4 a4 Aug 26 13:23:48.733437: | 65 c7 26 91 64 2a f7 25 e9 e0 8b e1 08 16 22 91 Aug 26 13:23:48.733448: | 74 03 df 82 a8 22 e8 9c ae 2d 1b 49 ad 05 2a 19 Aug 26 13:23:48.733460: | c2 7a d2 51 6b 3e ac c2 cf 5e ac d6 72 64 9c 72 Aug 26 13:23:48.733471: | 7d 31 e6 1e ae cb 42 d3 22 1a a0 dd e1 c9 c5 7d Aug 26 13:23:48.733484: | bf 8e 58 55 1c 15 e3 99 b6 b5 1a c2 3e fe bf 84 Aug 26 13:23:48.733495: | f5 78 c1 6f 0a b6 85 7c 61 20 bf 20 87 f8 37 01 Aug 26 13:23:48.733507: | c2 d2 52 fa bf 3c d2 34 9e f7 bb c4 26 c8 73 32 Aug 26 13:23:48.733519: | 33 d7 b2 ab 12 37 63 54 6a 29 de 09 e4 23 0d eb Aug 26 13:23:48.733531: | 25 90 d1 26 f5 3c 21 b4 c3 c3 bb e5 ad 94 f6 c4 Aug 26 13:23:48.733544: | 49 c4 67 10 03 41 41 9e 29 85 f2 47 a5 88 c5 77 Aug 26 13:23:48.733557: | e5 b3 38 d9 44 c5 49 75 ef ed 27 cc 2b Aug 26 13:23:48.733650: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:23:48.733679: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6e24002b78 Aug 26 13:23:48.733699: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #2 Aug 26 13:23:48.733717: | libevent_malloc: new ptr-libevent@0x56501cb80638 size 128 Aug 26 13:23:48.733744: | #2 STATE_PARENT_I2: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11114.476139 Aug 26 13:23:48.733766: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:23:48.733795: | #1 spent 4.08 milliseconds in resume sending helper answer Aug 26 13:23:48.733821: | stop processing: state #2 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:48.733837: | libevent_free: release ptr-libevent@0x7f6e1c000f48 Aug 26 13:23:48.811643: | spent 0.00386 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:48.811670: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:48.811674: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.811676: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:23:48.811678: | ce 2c 63 e2 18 a7 ee 8a aa 43 ed bd 9f 62 b4 33 Aug 26 13:23:48.811681: | 3a 66 91 b4 f9 e3 b5 1d b9 9d 33 01 42 e6 e5 b5 Aug 26 13:23:48.811683: | ec 04 e9 4c 74 6c 4b 24 06 fd 6f 90 e8 c1 17 ad Aug 26 13:23:48.811685: | 0a c7 6e cf 8a 45 6a bb 18 d7 1c 1f 68 ac a3 58 Aug 26 13:23:48.811688: | c8 03 af 11 f5 c4 85 21 28 a0 f8 28 cc af 00 7c Aug 26 13:23:48.811690: | d2 af a1 6e 04 da 1c ee 73 3c 32 d1 a4 ab f8 ce Aug 26 13:23:48.811692: | 72 f4 23 02 ed eb 3a fe e7 21 b3 93 e5 a0 fe db Aug 26 13:23:48.811694: | a6 3c 38 12 bf 76 a9 3a fc 9f ec 6e c8 e9 a6 d6 Aug 26 13:23:48.811697: | 3b a0 f6 4d 39 21 a1 23 9b a6 96 42 0d d5 64 20 Aug 26 13:23:48.811699: | e5 0c e1 d7 84 9d 0f 1a 94 cd bb 84 c2 d2 82 84 Aug 26 13:23:48.811701: | 94 b8 17 4d b3 87 3b 3d 25 da 75 0c 89 b4 b9 f2 Aug 26 13:23:48.811703: | 73 77 b9 ad ef 9d 19 66 ec bb 75 a3 e7 4d 1f ed Aug 26 13:23:48.811706: | cc Aug 26 13:23:48.811710: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:48.811714: | **parse ISAKMP Message: Aug 26 13:23:48.811717: | initiator cookie: Aug 26 13:23:48.811720: | 70 79 23 d6 e9 10 04 82 Aug 26 13:23:48.811722: | responder cookie: Aug 26 13:23:48.811724: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:23:48.811727: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:23:48.811730: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:48.811733: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:48.811735: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:48.811738: | Message ID: 1 (0x1) Aug 26 13:23:48.811740: | length: 225 (0xe1) Aug 26 13:23:48.811743: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:23:48.811751: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:23:48.811755: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:23:48.811761: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:48.811764: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:23:48.811768: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:48.811772: | start processing: state #2 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:48.811774: | #2 is idle Aug 26 13:23:48.811777: | #2 idle Aug 26 13:23:48.811779: | unpacking clear payload Aug 26 13:23:48.811782: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:23:48.811784: | ***parse IKEv2 Encryption Payload: Aug 26 13:23:48.811787: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:23:48.811790: | flags: none (0x0) Aug 26 13:23:48.811792: | length: 197 (0xc5) Aug 26 13:23:48.811795: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:23:48.811798: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:23:48.811812: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:23:48.811815: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:23:48.811818: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:23:48.811821: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:48.811823: | flags: none (0x0) Aug 26 13:23:48.811826: | length: 12 (0xc) Aug 26 13:23:48.811828: | ID type: ID_FQDN (0x2) Aug 26 13:23:48.811831: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:23:48.811833: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:23:48.811836: | **parse IKEv2 Authentication Payload: Aug 26 13:23:48.811838: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:48.811841: | flags: none (0x0) Aug 26 13:23:48.811843: | length: 72 (0x48) Aug 26 13:23:48.811846: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:48.811848: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:23:48.811850: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:48.811853: | **parse IKEv2 Security Association Payload: Aug 26 13:23:48.811855: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:23:48.811858: | flags: none (0x0) Aug 26 13:23:48.811860: | length: 36 (0x24) Aug 26 13:23:48.811862: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:23:48.811865: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:23:48.811867: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:48.811869: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:23:48.811872: | flags: none (0x0) Aug 26 13:23:48.811874: | length: 24 (0x18) Aug 26 13:23:48.811876: | number of TS: 1 (0x1) Aug 26 13:23:48.811879: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:23:48.811881: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:23:48.811884: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:48.811886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:48.811888: | flags: none (0x0) Aug 26 13:23:48.811891: | length: 24 (0x18) Aug 26 13:23:48.811893: | number of TS: 1 (0x1) Aug 26 13:23:48.811895: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:23:48.811898: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:23:48.811901: | Now let's proceed with state specific processing Aug 26 13:23:48.811903: | calling processor Initiator: process IKE_AUTH response Aug 26 13:23:48.811909: | offered CA: '%none' Aug 26 13:23:48.811912: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:23:48.811946: | verifying AUTH payload Aug 26 13:23:48.811951: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:23:48.811955: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:48.811960: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:48.811964: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:48.811967: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:48.811970: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:48.811972: | line 1: match=014 Aug 26 13:23:48.811975: | match 014 beats previous best_match 000 match=0x56501cad4c48 (line=1) Aug 26 13:23:48.811978: | concluding with best_match=014 best=0x56501cad4c48 (lineno=1) Aug 26 13:23:48.812055: "west" #2: Authenticated using authby=secret Aug 26 13:23:48.812072: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:23:48.812080: | #1 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:48.812085: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:23:48.812091: | libevent_free: release ptr-libevent@0x7f6e24002888 Aug 26 13:23:48.812096: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:23:48.812100: | event_schedule: new EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:23:48.812105: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #1 Aug 26 13:23:48.812109: | libevent_malloc: new ptr-libevent@0x7f6e1c000f48 size 128 Aug 26 13:23:48.812209: | pstats #1 ikev2.ike established Aug 26 13:23:48.812218: | TSi: parsing 1 traffic selectors Aug 26 13:23:48.812222: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:48.812225: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:48.812227: | IP Protocol ID: 0 (0x0) Aug 26 13:23:48.812230: | length: 16 (0x10) Aug 26 13:23:48.812232: | start port: 0 (0x0) Aug 26 13:23:48.812234: | end port: 65535 (0xffff) Aug 26 13:23:48.812238: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:48.812240: | TS low c0 00 01 00 Aug 26 13:23:48.812243: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:48.812245: | TS high c0 00 01 ff Aug 26 13:23:48.812248: | TSi: parsed 1 traffic selectors Aug 26 13:23:48.812250: | TSr: parsing 1 traffic selectors Aug 26 13:23:48.812252: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:48.812255: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:48.812257: | IP Protocol ID: 0 (0x0) Aug 26 13:23:48.812260: | length: 16 (0x10) Aug 26 13:23:48.812262: | start port: 0 (0x0) Aug 26 13:23:48.812264: | end port: 65535 (0xffff) Aug 26 13:23:48.812267: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:48.812269: | TS low c0 00 02 00 Aug 26 13:23:48.812271: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:48.812274: | TS high c0 00 02 ff Aug 26 13:23:48.812276: | TSr: parsed 1 traffic selectors Aug 26 13:23:48.812281: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:23:48.812286: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:48.812299: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:23:48.812305: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:23:48.812308: | TSi[0] port match: YES fitness 65536 Aug 26 13:23:48.812311: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:23:48.812314: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:48.812318: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:48.812323: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:23:48.812326: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:23:48.812328: | TSr[0] port match: YES fitness 65536 Aug 26 13:23:48.812331: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:23:48.812333: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:48.812336: | best fit so far: TSi[0] TSr[0] Aug 26 13:23:48.812341: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:23:48.812343: | printing contents struct traffic_selector Aug 26 13:23:48.812346: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:48.812348: | ipprotoid: 0 Aug 26 13:23:48.812350: | port range: 0-65535 Aug 26 13:23:48.812354: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:23:48.812356: | printing contents struct traffic_selector Aug 26 13:23:48.812358: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:48.812361: | ipprotoid: 0 Aug 26 13:23:48.812365: | port range: 0-65535 Aug 26 13:23:48.812370: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:23:48.812386: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:48.812392: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:23:48.812398: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:48.812402: | local proposal 1 type PRF has 0 transforms Aug 26 13:23:48.812406: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:48.812410: | local proposal 1 type DH has 1 transforms Aug 26 13:23:48.812413: | local proposal 1 type ESN has 1 transforms Aug 26 13:23:48.812418: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:48.812422: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:48.812426: | local proposal 2 type PRF has 0 transforms Aug 26 13:23:48.812430: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:48.812433: | local proposal 2 type DH has 1 transforms Aug 26 13:23:48.812437: | local proposal 2 type ESN has 1 transforms Aug 26 13:23:48.812441: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:48.812445: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:48.812449: | local proposal 3 type PRF has 0 transforms Aug 26 13:23:48.812453: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:48.812456: | local proposal 3 type DH has 1 transforms Aug 26 13:23:48.812460: | local proposal 3 type ESN has 1 transforms Aug 26 13:23:48.812464: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:48.812468: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:48.812472: | local proposal 4 type PRF has 0 transforms Aug 26 13:23:48.812476: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:48.812480: | local proposal 4 type DH has 1 transforms Aug 26 13:23:48.812483: | local proposal 4 type ESN has 1 transforms Aug 26 13:23:48.812488: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:48.812493: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:48.812497: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:48.812501: | length: 32 (0x20) Aug 26 13:23:48.812505: | prop #: 1 (0x1) Aug 26 13:23:48.812509: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:48.812513: | spi size: 4 (0x4) Aug 26 13:23:48.812517: | # transforms: 2 (0x2) Aug 26 13:23:48.812522: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:48.812526: | remote SPI 15 35 8d d3 Aug 26 13:23:48.812529: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:48.812532: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:48.812535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:48.812537: | length: 12 (0xc) Aug 26 13:23:48.812540: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:48.812542: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:48.812545: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:48.812548: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:48.812553: | length/value: 256 (0x100) Aug 26 13:23:48.812557: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:48.812560: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:48.812562: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:48.812565: | length: 8 (0x8) Aug 26 13:23:48.812567: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:48.812569: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:48.812573: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:23:48.812576: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:23:48.812580: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:23:48.812583: | remote proposal 1 matches local proposal 1 Aug 26 13:23:48.812586: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:23:48.812591: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=15358dd3;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:23:48.812593: | converting proposal to internal trans attrs Aug 26 13:23:48.812599: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:23:48.812763: | #1 spent 1.09 milliseconds Aug 26 13:23:48.812770: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:23:48.812773: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:23:48.812776: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:48.812779: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:48.812781: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:48.812785: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:48.812788: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:48.812792: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:48.812795: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:48.812797: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:48.812802: | setting IPsec SA replay-window to 32 Aug 26 13:23:48.812805: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:48.812808: | netlink: enabling tunnel mode Aug 26 13:23:48.812811: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:48.812813: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:48.812881: | netlink response for Add SA esp.15358dd3@192.1.2.23 included non-error error Aug 26 13:23:48.812886: | set up outgoing SA, ref=0/0 Aug 26 13:23:48.812889: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:48.812891: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:48.812894: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:48.812896: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:48.812900: | setting IPsec SA replay-window to 32 Aug 26 13:23:48.812902: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:48.812905: | netlink: enabling tunnel mode Aug 26 13:23:48.812907: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:48.812910: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:48.812947: | netlink response for Add SA esp.ca313cb5@192.1.2.45 included non-error error Aug 26 13:23:48.812952: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:48.812958: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:23:48.812961: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:48.812983: | raw_eroute result=success Aug 26 13:23:48.812986: | set up incoming SA, ref=0/0 Aug 26 13:23:48.812989: | sr for #2: unrouted Aug 26 13:23:48.812992: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:23:48.812997: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:48.813000: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:48.813003: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:48.813006: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:48.813009: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:23:48.813012: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:48.813018: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:23:48.813021: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:48.813032: | raw_eroute result=success Aug 26 13:23:48.813036: | running updown command "ipsec _updown" for verb up Aug 26 13:23:48.813039: | command executing up-client Aug 26 13:23:48.813062: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x15358dd3 SPI_OUT=0x Aug 26 13:23:48.813065: | popen cmd is 1023 chars long Aug 26 13:23:48.813068: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Aug 26 13:23:48.813071: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Aug 26 13:23:48.813074: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Aug 26 13:23:48.813076: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Aug 26 13:23:48.813079: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Aug 26 13:23:48.813081: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Aug 26 13:23:48.813084: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Aug 26 13:23:48.813086: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Aug 26 13:23:48.813089: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Aug 26 13:23:48.813091: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Aug 26 13:23:48.813094: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Aug 26 13:23:48.813096: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Aug 26 13:23:48.813099: | cmd( 960):ED='no' SPI_IN=0x15358dd3 SPI_OUT=0xca313cb5 ipsec _updown 2>&1: Aug 26 13:23:48.822577: | route_and_eroute: firewall_notified: true Aug 26 13:23:48.822595: | running updown command "ipsec _updown" for verb prepare Aug 26 13:23:48.822602: | command executing prepare-client Aug 26 13:23:48.822645: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x15358dd3 Aug 26 13:23:48.822656: | popen cmd is 1028 chars long Aug 26 13:23:48.822662: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Aug 26 13:23:48.822667: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Aug 26 13:23:48.822671: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Aug 26 13:23:48.822675: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:23:48.822679: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Aug 26 13:23:48.822683: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Aug 26 13:23:48.822688: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Aug 26 13:23:48.822692: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Aug 26 13:23:48.822696: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Aug 26 13:23:48.822700: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Aug 26 13:23:48.822704: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Aug 26 13:23:48.822709: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Aug 26 13:23:48.822713: | cmd( 960):_SHARED='no' SPI_IN=0x15358dd3 SPI_OUT=0xca313cb5 ipsec _updown 2>&1: Aug 26 13:23:48.832078: | running updown command "ipsec _updown" for verb route Aug 26 13:23:48.832098: | command executing route-client Aug 26 13:23:48.832129: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x15358dd3 SPI_ Aug 26 13:23:48.832133: | popen cmd is 1026 chars long Aug 26 13:23:48.832136: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Aug 26 13:23:48.832138: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Aug 26 13:23:48.832141: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Aug 26 13:23:48.832144: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Aug 26 13:23:48.832146: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Aug 26 13:23:48.832149: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Aug 26 13:23:48.832155: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Aug 26 13:23:48.832158: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Aug 26 13:23:48.832160: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Aug 26 13:23:48.832163: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Aug 26 13:23:48.832166: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Aug 26 13:23:48.832168: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Aug 26 13:23:48.832171: | cmd( 960):HARED='no' SPI_IN=0x15358dd3 SPI_OUT=0xca313cb5 ipsec _updown 2>&1: Aug 26 13:23:48.844638: | route_and_eroute: instance "west", setting eroute_owner {spd=0x56501cb7b8c8,sr=0x56501cb7b8c8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:23:48.844723: | #1 spent 1.84 milliseconds in install_ipsec_sa() Aug 26 13:23:48.844732: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:23:48.844736: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:48.844740: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:23:48.844753: | libevent_free: release ptr-libevent@0x56501cb80638 Aug 26 13:23:48.844768: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6e24002b78 Aug 26 13:23:48.844779: | #2 spent 2.75 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:23:48.844794: | [RE]START processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:48.844801: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:23:48.844807: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:23:48.844812: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:23:48.844818: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:23:48.844828: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:23:48.844837: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:23:48.844843: | pstats #2 ikev2.child established Aug 26 13:23:48.844856: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:23:48.844872: | NAT-T: encaps is 'auto' Aug 26 13:23:48.844879: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x15358dd3 <0xca313cb5 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:23:48.844886: | releasing whack for #2 (sock=fd@25) Aug 26 13:23:48.844892: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:23:48.844897: | releasing whack and unpending for parent #1 Aug 26 13:23:48.844902: | unpending state #1 connection "west" Aug 26 13:23:48.844910: | delete from pending Child SA with 192.1.2.23 "west" Aug 26 13:23:48.844913: | removing pending policy for no connection {0x56501cad4898} Aug 26 13:23:48.844920: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:23:48.844925: | #2 will start re-keying in 28795 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:48.844929: | event_schedule: new EVENT_SA_REKEY-pe@0x7f6e24002b78 Aug 26 13:23:48.844933: | inserting event EVENT_SA_REKEY, timeout in 28795 seconds for #2 Aug 26 13:23:48.844936: | libevent_malloc: new ptr-libevent@0x56501cb82b68 size 128 Aug 26 13:23:48.844944: | stop processing: state #2 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:48.844950: | #1 spent 3.17 milliseconds in ikev2_process_packet() Aug 26 13:23:48.844955: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:48.844963: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:48.844966: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:48.844978: | spent 3.19 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:48.844996: | processing signal PLUTO_SIGCHLD Aug 26 13:23:48.845008: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:48.845014: | spent 0.0111 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:48.845018: | processing signal PLUTO_SIGCHLD Aug 26 13:23:48.845023: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:48.845028: | spent 0.00518 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:48.845032: | processing signal PLUTO_SIGCHLD Aug 26 13:23:48.845037: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:48.845042: | spent 0.00569 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:52.085759: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:52.085832: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:23:52.085847: | FOR_EACH_STATE_... in sort_states Aug 26 13:23:52.085870: | get_sa_info esp.ca313cb5@192.1.2.45 Aug 26 13:23:52.085915: | get_sa_info esp.15358dd3@192.1.2.23 Aug 26 13:23:52.085980: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:52.086001: | spent 0.269 milliseconds in whack Aug 26 13:24:08.494563: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:08.494634: | expiring aged bare shunts from shunt table Aug 26 13:24:08.494656: | spent 0.0182 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:13.816364: | timer_event_cb: processing event@0x56501cb7d4f8 Aug 26 13:24:13.816389: | handling event EVENT_SA_REKEY for parent state #1 Aug 26 13:24:13.816402: | start processing: state #1 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:13.816410: | picked newest_isakmp_sa #1 for #1 Aug 26 13:24:13.816415: | rekeying stale IKE SA Aug 26 13:24:13.816420: "west" #1: initiate rekey of IKEv2 CREATE_CHILD_SA IKE Rekey Aug 26 13:24:13.816428: | creating state object #3 at 0x56501cb883a8 Aug 26 13:24:13.816433: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:24:13.816453: | pstats #3 ikev2.ike started Aug 26 13:24:13.816458: | duplicating state object #1 "west" as #3 for IKE SA Aug 26 13:24:13.816468: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:13.816477: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:13.816505: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:13.816511: | start processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:13.816517: | child state #3: UNDEFINED(ignore) => V2_REKEY_IKE_I0(established IKE SA) Aug 26 13:24:13.816524: | #3 schedule initiate IKE Rekey SA none to replace IKE# 1 Aug 26 13:24:13.816530: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56501cb80368 Aug 26 13:24:13.816536: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:24:13.816542: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:13.816550: | RESET processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:13.816554: | scheduling drop-dead replace event for #1 Aug 26 13:24:13.816561: | event_schedule: new EVENT_SA_REPLACE-pe@0x56501cb86798 Aug 26 13:24:13.816567: | inserting event EVENT_SA_REPLACE, timeout in 4.995669 seconds for #1 Aug 26 13:24:13.816572: | libevent_malloc: new ptr-libevent@0x56501cb80488 size 128 Aug 26 13:24:13.816578: | libevent_free: release ptr-libevent@0x7f6e1c000f48 Aug 26 13:24:13.816588: | free_event_entry: release EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:13.816599: | #1 spent 0.237 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:13.816604: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:13.816614: | timer_event_cb: processing event@0x56501cb80368 Aug 26 13:24:13.816619: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:24:13.816625: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:13.816633: | adding IKE REKEY Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:24:13.816638: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:13.816643: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:13.816648: | libevent_malloc: new ptr-libevent@0x7f6e1c000f48 size 128 Aug 26 13:24:13.816660: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:13.816665: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56501cb80368 Aug 26 13:24:13.816672: | #3 spent 0.0564 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:13.816679: | stop processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:24:13.816685: | crypto helper 2 resuming Aug 26 13:24:13.816712: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:24:13.816724: | crypto helper 2 doing build KE and nonce (IKE REKEY Initiator KE and nonce ni); request ID 3 Aug 26 13:24:13.818827: | crypto helper 2 finished build KE and nonce (IKE REKEY Initiator KE and nonce ni); request ID 3 time elapsed 0.002104 seconds Aug 26 13:24:13.818847: | (#3) spent 2.11 milliseconds in crypto helper computing work-order 3: IKE REKEY Initiator KE and nonce ni (pcr) Aug 26 13:24:13.818854: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:24:13.818860: | scheduling resume sending helper answer for #3 Aug 26 13:24:13.818866: | libevent_malloc: new ptr-libevent@0x7f6e20002888 size 128 Aug 26 13:24:13.818872: | libevent_realloc: release ptr-libevent@0x56501cb5d6f8 Aug 26 13:24:13.818878: | libevent_realloc: new ptr-libevent@0x7f6e200027d8 size 128 Aug 26 13:24:13.818892: | crypto helper 2 waiting (nothing to do) Aug 26 13:24:13.818939: | processing resume sending helper answer for #3 Aug 26 13:24:13.818957: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:13.818965: | crypto helper 2 replies to request ID 3 Aug 26 13:24:13.818969: | calling continuation function 0x56501b2b5b50 Aug 26 13:24:13.818974: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_IKE_I0 Aug 26 13:24:13.818979: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:13.818983: | libevent_free: release ptr-libevent@0x7f6e1c000f48 Aug 26 13:24:13.818988: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:13.818992: | event_schedule: new EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:24:13.818997: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:24:13.819001: | libevent_malloc: new ptr-libevent@0x7f6e1c000f48 size 128 Aug 26 13:24:13.819008: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:13.819015: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:13.819019: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:13.819026: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:13.819031: | #3 complete_v2_state_transition() V2_REKEY_IKE_I0->V2_REKEY_IKE_I with status STF_SUSPEND Aug 26 13:24:13.819035: | suspending state #3 and saving MD Aug 26 13:24:13.819038: | #3 is busy; has a suspended MD Aug 26 13:24:13.819043: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:13.819052: | "west" #3 complete v2 state STATE_V2_REKEY_IKE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:13.819057: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:24:13.819064: | #3 spent 0.0981 milliseconds in resume sending helper answer Aug 26 13:24:13.819070: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:13.819074: | libevent_free: release ptr-libevent@0x7f6e20002888 Aug 26 13:24:13.819080: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:13.819085: | start processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:24:13.819092: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:13.819098: | suspend processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:13.819103: | start processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:13.819140: | **emit ISAKMP Message: Aug 26 13:24:13.819145: | initiator cookie: Aug 26 13:24:13.819148: | 70 79 23 d6 e9 10 04 82 Aug 26 13:24:13.819151: | responder cookie: Aug 26 13:24:13.819154: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:13.819158: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:13.819162: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:13.819166: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:13.819171: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:13.819174: | Message ID: 2 (0x2) Aug 26 13:24:13.819178: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:13.819183: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:13.819186: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:13.819190: | flags: none (0x0) Aug 26 13:24:13.819194: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:13.819198: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:13.819203: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:13.819229: | using existing local IKE proposals for connection west (IKE SA initiating rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:13.819233: | Emitting ikev2_proposals ... Aug 26 13:24:13.819237: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:13.819240: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:13.819243: | flags: none (0x0) Aug 26 13:24:13.819248: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:13.819252: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:13.819255: | discarding INTEG=NONE Aug 26 13:24:13.819259: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:13.819262: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.819266: | prop #: 1 (0x1) Aug 26 13:24:13.819269: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:13.819272: | spi size: 8 (0x8) Aug 26 13:24:13.819278: | # transforms: 11 (0xb) Aug 26 13:24:13.819282: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:13.819286: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:13.819296: | our spi 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:13.819299: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819306: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:13.819310: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:13.819314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819318: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:13.819321: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:13.819325: | length/value: 256 (0x100) Aug 26 13:24:13.819333: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:13.819336: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.819346: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:13.819350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819357: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819360: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.819370: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:13.819374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819384: | discarding INTEG=NONE Aug 26 13:24:13.819387: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819394: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819397: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.819401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819404: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819408: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819411: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819421: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:13.819425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819435: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819438: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819446: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819449: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:13.819453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819460: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819464: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819467: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819470: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819473: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:13.819477: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819484: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819487: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819497: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:13.819501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819508: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819511: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819521: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:13.819525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819528: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819531: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819535: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819544: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:13.819548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819555: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819558: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819561: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:13.819565: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819568: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:13.819572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819580: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819584: | emitting length of IKEv2 Proposal Substructure Payload: 108 Aug 26 13:24:13.819588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:13.819591: | discarding INTEG=NONE Aug 26 13:24:13.819594: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:13.819597: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.819601: | prop #: 2 (0x2) Aug 26 13:24:13.819604: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:13.819607: | spi size: 8 (0x8) Aug 26 13:24:13.819610: | # transforms: 11 (0xb) Aug 26 13:24:13.819614: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.819618: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:13.819622: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:13.819625: | our spi 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:13.819628: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819635: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:13.819638: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:13.819642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819645: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:13.819648: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:13.819652: | length/value: 128 (0x80) Aug 26 13:24:13.819655: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:13.819658: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819665: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.819668: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:13.819672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819679: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819682: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819685: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819688: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.819692: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:13.819695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819702: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819705: | discarding INTEG=NONE Aug 26 13:24:13.819708: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819718: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.819722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819729: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819734: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819743: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:13.819747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819751: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819754: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819757: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819767: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:13.819771: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819778: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819781: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819784: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819787: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819791: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:13.819794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819801: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819804: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819808: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819811: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819814: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:13.819818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819825: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819828: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819834: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819838: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:13.819841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819848: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819852: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819855: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819858: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819861: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:13.819865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819873: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819876: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819880: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:13.819883: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.819886: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:13.819890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819897: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819900: | emitting length of IKEv2 Proposal Substructure Payload: 108 Aug 26 13:24:13.819904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:13.819907: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:13.819911: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.819914: | prop #: 3 (0x3) Aug 26 13:24:13.819917: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:13.819920: | spi size: 8 (0x8) Aug 26 13:24:13.819923: | # transforms: 13 (0xd) Aug 26 13:24:13.819927: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.819931: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:13.819935: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:13.819938: | our spi 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:13.819941: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819948: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:13.819951: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:13.819954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819958: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:13.819961: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:13.819964: | length/value: 256 (0x100) Aug 26 13:24:13.819968: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:13.819971: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819977: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.819981: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:13.819984: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.819988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.819991: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.819995: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.819998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820001: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.820004: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:13.820008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820016: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820020: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820026: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:13.820030: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:13.820033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820037: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820040: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820043: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820050: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:13.820053: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:13.820057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820064: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820067: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820073: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820077: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.820080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820087: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820090: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820097: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820100: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:13.820104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820111: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820114: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820117: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820120: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820124: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:13.820127: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820138: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820147: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:13.820151: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820159: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820163: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820172: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:13.820176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820183: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820186: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820196: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:13.820199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820206: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820210: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820216: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820219: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:13.820223: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820230: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820233: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820236: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:13.820239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820243: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:13.820246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820253: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820257: | emitting length of IKEv2 Proposal Substructure Payload: 124 Aug 26 13:24:13.820260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:13.820264: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:13.820267: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:13.820270: | prop #: 4 (0x4) Aug 26 13:24:13.820273: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:13.820277: | spi size: 8 (0x8) Aug 26 13:24:13.820280: | # transforms: 13 (0xd) Aug 26 13:24:13.820284: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:13.820287: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:13.820305: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:13.820310: | our spi 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:13.820313: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820320: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:13.820323: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:13.820328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820332: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:13.820335: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:13.820338: | length/value: 128 (0x80) Aug 26 13:24:13.820342: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:13.820345: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820351: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.820355: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:13.820359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820366: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820369: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820375: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.820378: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:13.820382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820389: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820392: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820399: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:13.820402: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:13.820406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820409: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820413: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820416: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820419: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820422: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:13.820426: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:13.820429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820436: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820440: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820443: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820446: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820449: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.820453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820465: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820471: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820474: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:13.820478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820485: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820488: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820498: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:13.820502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820512: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820522: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:13.820525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820536: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820542: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820545: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:13.820549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820556: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820559: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820565: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820569: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:13.820572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820576: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820579: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820582: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820589: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820593: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:13.820597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820604: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820607: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:13.820611: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:13.820614: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.820617: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:13.820621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.820625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:13.820628: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:13.820631: | emitting length of IKEv2 Proposal Substructure Payload: 124 Aug 26 13:24:13.820635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:13.820638: | emitting length of IKEv2 Security Association Payload: 468 Aug 26 13:24:13.820642: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:13.820645: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:13.820649: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:13.820652: | flags: none (0x0) Aug 26 13:24:13.820656: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:13.820660: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:13.820664: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:13.820668: | IKEv2 nonce a6 60 88 3e 14 5a fc 42 5c 3b 45 9a 65 b1 c9 77 Aug 26 13:24:13.820671: | IKEv2 nonce 97 16 6d 7b 03 26 52 9e 2b fe ca 4a bc b4 d9 65 Aug 26 13:24:13.820674: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:13.820678: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:13.820681: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:13.820684: | flags: none (0x0) Aug 26 13:24:13.820687: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.820691: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:13.820695: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:13.820699: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:13.820702: | ikev2 g^x 09 5f 22 5f 52 0c d9 85 a7 9a eb de 90 72 f3 1e Aug 26 13:24:13.820705: | ikev2 g^x 69 e9 48 99 71 b1 99 eb a6 7d 81 a8 f5 85 03 15 Aug 26 13:24:13.820709: | ikev2 g^x bd 6b 58 5c c8 f4 b2 a9 71 a7 8d dc 19 93 71 4c Aug 26 13:24:13.820712: | ikev2 g^x 6d cd b0 61 ce 5e ff fc f2 49 7b 91 7e f9 bb 3f Aug 26 13:24:13.820715: | ikev2 g^x 8e 17 3f e4 90 c1 6e 41 a2 00 16 11 71 b1 38 dd Aug 26 13:24:13.820718: | ikev2 g^x a3 9a e2 36 86 75 14 54 d4 f7 d8 58 db 62 b3 ca Aug 26 13:24:13.820721: | ikev2 g^x 35 c1 74 21 c3 98 8f c8 30 1f 1d ee 48 db 28 9f Aug 26 13:24:13.820724: | ikev2 g^x be 3d 2e 4f e9 20 23 6c f3 7c 28 3f 87 cb 34 64 Aug 26 13:24:13.820727: | ikev2 g^x 70 f8 13 85 33 9f 53 f0 b0 1c 6e 58 a5 38 b2 8b Aug 26 13:24:13.820730: | ikev2 g^x fe 44 94 c9 24 90 ee ad e3 cb cb e1 80 7f 36 8d Aug 26 13:24:13.820734: | ikev2 g^x ae 17 b6 11 a8 59 b6 b9 d9 ea 8a 7b f2 41 4e cc Aug 26 13:24:13.820738: | ikev2 g^x 69 fa 7b a5 b4 7e 9c e5 2e 4a d7 91 63 c9 1f f6 Aug 26 13:24:13.820741: | ikev2 g^x c8 15 09 3c dc 75 e1 43 38 1d 64 9e 94 3d 0c ea Aug 26 13:24:13.820745: | ikev2 g^x 1f 15 b9 3a 13 74 d8 e6 fa 82 3d fc 4e 5e 43 9d Aug 26 13:24:13.820748: | ikev2 g^x 1d 17 de 5e 48 e8 c8 04 17 23 e5 32 f0 a3 55 e7 Aug 26 13:24:13.820751: | ikev2 g^x 94 63 41 92 fe c0 27 50 0a 23 6b 36 f3 bc 7c 0c Aug 26 13:24:13.820754: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:13.820758: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:13.820762: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:13.820766: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:13.820770: | emitting length of IKEv2 Encryption Payload: 797 Aug 26 13:24:13.820773: | emitting length of ISAKMP Message: 825 Aug 26 13:24:13.820800: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:13.820805: | #3 complete_v2_state_transition() V2_REKEY_IKE_I0->V2_REKEY_IKE_I with status STF_OK Aug 26 13:24:13.820809: | IKEv2: transition from state STATE_V2_REKEY_IKE_I0 to state STATE_V2_REKEY_IKE_I Aug 26 13:24:13.820814: | child state #3: V2_REKEY_IKE_I0(established IKE SA) => V2_REKEY_IKE_I(established IKE SA) Aug 26 13:24:13.820818: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:24:13.820822: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:13.820828: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:24:13.820832: "west" #3: STATE_V2_REKEY_IKE_I: STATE_V2_REKEY_IKE_I Aug 26 13:24:13.820839: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:13.820848: | sending 825 bytes for STATE_V2_REKEY_IKE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:13.820853: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:13.820856: | 2e 20 24 08 00 00 00 02 00 00 03 39 21 00 03 1d Aug 26 13:24:13.820860: | 6b ed 3e 2d f4 3e de 70 5b 6e 04 73 29 a0 70 b0 Aug 26 13:24:13.820863: | 05 53 ad d9 bf be 16 2b 50 f0 12 d0 fb d6 7e 7b Aug 26 13:24:13.820866: | 4c 8a 55 b6 18 8c 78 81 d5 01 4d 69 84 eb c7 f1 Aug 26 13:24:13.820869: | ed 4d 26 56 d7 a1 d4 72 d3 31 b7 a2 82 4b d0 3a Aug 26 13:24:13.820872: | b5 58 69 a6 85 fc 3b b2 26 61 39 09 80 a4 fc 4e Aug 26 13:24:13.820875: | 0b a0 67 f8 c0 7f 3b a1 4d a9 c7 cf 13 17 96 4b Aug 26 13:24:13.820878: | da 47 b1 fe 94 fe 0c ee 6d 57 5f 56 f6 88 7d 96 Aug 26 13:24:13.820881: | f8 ce 4a 6a 8b 0b b9 f5 d4 e5 31 e5 00 0e fc 5d Aug 26 13:24:13.820884: | c8 e4 a0 a5 8c d4 b5 af b8 94 8e 45 19 7c 0e f0 Aug 26 13:24:13.820887: | b5 ea a5 2c 67 4e 67 c5 ee 2d 57 b2 33 70 46 07 Aug 26 13:24:13.820890: | 32 38 53 85 29 c7 d4 38 a3 a1 2b dd 28 5d 72 cb Aug 26 13:24:13.820893: | 96 60 62 d6 a4 de 2c a5 59 f4 16 b0 26 72 fa e8 Aug 26 13:24:13.820896: | 75 bd 56 15 d9 8d 50 c0 78 4f 37 cb f4 fc 19 b9 Aug 26 13:24:13.820899: | 77 12 c2 15 f4 9f a8 da c6 a3 2f b6 6f f9 6d 38 Aug 26 13:24:13.820902: | df 53 0e 1e be ab 94 96 29 27 a3 56 fe be e5 9a Aug 26 13:24:13.820905: | 02 22 21 6b 74 d8 b9 b2 84 06 c8 c2 7e 79 35 43 Aug 26 13:24:13.820908: | 91 74 bb 51 8b 5f fd 48 93 16 86 c8 fc 7c cb 6a Aug 26 13:24:13.820911: | 95 07 ae a9 6b 91 d5 6a c6 b7 4b 4d be d8 82 e2 Aug 26 13:24:13.820914: | e5 e2 45 f3 03 0d 40 c9 39 b1 03 3d 36 e6 d1 d6 Aug 26 13:24:13.820917: | 4e 11 7b fb dc 7b f2 a9 bd c8 a6 57 78 8b b4 b2 Aug 26 13:24:13.820920: | b5 fb 48 45 a4 9d c0 f9 11 1d 08 5c 89 d2 18 34 Aug 26 13:24:13.820923: | 55 06 d3 99 2f b4 cc 3e 0f e9 7a 60 e5 8a 1d d0 Aug 26 13:24:13.820926: | 73 7a a5 92 6d 30 26 e3 5a cb 03 7e 55 28 3e 59 Aug 26 13:24:13.820931: | 97 4b c5 ac 1c 21 cc cf 1e 99 4f 09 2b db f7 e4 Aug 26 13:24:13.820934: | bf 9a 34 27 08 92 3b a0 b2 f2 2b d1 26 de 07 48 Aug 26 13:24:13.820937: | 0e 4c 4a 32 12 72 50 de bb 05 58 a3 aa 0f 87 b8 Aug 26 13:24:13.820940: | e5 51 47 10 96 fc 16 98 47 6e c0 97 53 fb f6 4f Aug 26 13:24:13.820943: | 00 b7 95 15 0b 0d 23 1e 12 cd 75 81 8f 66 89 31 Aug 26 13:24:13.820946: | b7 10 e1 95 15 6d 40 81 09 bc 03 9c de e8 3e 3c Aug 26 13:24:13.820949: | 47 ed 20 00 c4 3d e6 5a da fb 20 10 0b d1 af ea Aug 26 13:24:13.820952: | e5 e2 08 44 b0 ce 33 0b 8b 4c 78 bd 1f 25 63 49 Aug 26 13:24:13.820955: | 91 87 99 7f c3 a2 11 7e 0e 06 ba c7 2f f5 62 69 Aug 26 13:24:13.820958: | 3a 79 3c cc 46 f4 df 41 69 32 df a0 da a8 43 73 Aug 26 13:24:13.820961: | 98 7f 4e f1 8f ad 3e 56 9b ea ad 76 9b 44 4c c1 Aug 26 13:24:13.820964: | e6 35 d9 a0 74 85 7e 2f 47 40 4f cd 12 51 61 bd Aug 26 13:24:13.820967: | 2d 79 2b 23 32 a6 dc 65 6d 71 09 3f ee c2 6e 12 Aug 26 13:24:13.820970: | dd 6b 23 2e 43 40 9c 73 80 fc e1 e0 ec 54 e5 e4 Aug 26 13:24:13.820973: | 5a 45 b6 c4 bb 1c 15 e8 1c c2 12 fd df a0 9c 77 Aug 26 13:24:13.820976: | bd f7 3b f7 0c db d9 c5 03 7f 26 5f 6e 57 5a f5 Aug 26 13:24:13.820979: | f1 29 fa fa 3f f9 2f 36 27 d4 d7 20 33 4e fd b9 Aug 26 13:24:13.820982: | ff 56 9a a1 7f 4d fc ac c0 80 8e 35 5a 80 02 32 Aug 26 13:24:13.820986: | 91 7b 79 f7 d0 be 1f 82 30 a8 e8 0b 87 26 aa e4 Aug 26 13:24:13.820989: | 47 b3 dc 98 22 01 78 0c 7d 0a 8a 10 78 5a 4d 61 Aug 26 13:24:13.820992: | b7 b8 e0 9d 3b 4a 96 59 f5 8e 93 27 66 d6 db 48 Aug 26 13:24:13.820995: | 62 aa 60 96 a4 66 9c fc 05 15 b1 bf 50 c1 4d 43 Aug 26 13:24:13.820998: | cd 48 77 92 45 68 af 5e 59 98 7c 26 68 f5 b2 e1 Aug 26 13:24:13.821001: | 03 2d 33 b5 1a 41 85 88 ba ba c5 05 ac 1d 42 6a Aug 26 13:24:13.821004: | 5f ac d2 44 4c a4 59 9a fb 91 2d 45 ee 50 a8 1c Aug 26 13:24:13.821007: | 02 8e 50 bc 9a 1c 0d 1d 8a d3 24 13 78 b6 fb 22 Aug 26 13:24:13.821010: | d4 a1 6f 1b 86 5c df db c4 Aug 26 13:24:13.821063: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:13.821070: | libevent_free: release ptr-libevent@0x7f6e1c000f48 Aug 26 13:24:13.821074: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:24:13.821078: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:24:13.821083: | event_schedule: new EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:24:13.821087: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #3 Aug 26 13:24:13.821091: | libevent_malloc: new ptr-libevent@0x7f6e1c000f48 size 128 Aug 26 13:24:13.821097: | #3 STATE_V2_REKEY_IKE_I: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11139.563548 Aug 26 13:24:13.821104: | stop processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:13.821109: | resume processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:13.821116: | #1 spent 1.98 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:13.821121: | stop processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:24:13.821125: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:13.825941: | spent 0.00316 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:13.825968: | *received 405 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:13.825973: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:13.825975: | 2e 20 24 20 00 00 00 02 00 00 01 95 21 00 01 79 Aug 26 13:24:13.825978: | 0f 55 0f 94 bb bc 70 1c d7 6b e6 cc 20 5d f7 a6 Aug 26 13:24:13.825981: | 21 da db c2 6e 91 f3 51 19 9e 04 6d 95 85 7b 1e Aug 26 13:24:13.825983: | 03 47 63 ca ce 94 98 46 d0 78 e2 6e 87 54 54 f5 Aug 26 13:24:13.825986: | 14 48 fc 67 d2 67 38 d5 37 bf ff 7d 74 dc 16 3a Aug 26 13:24:13.825994: | fd 76 94 a5 4c d8 82 1f a8 ed 8c 8f 3d 52 f8 01 Aug 26 13:24:13.825996: | 2b 1c 7b 90 74 b8 7a 39 90 af 81 b5 b8 47 85 b5 Aug 26 13:24:13.825999: | b6 cb db e3 bd 4a 69 a2 25 0f 54 24 52 10 98 55 Aug 26 13:24:13.826001: | 2d af 39 cb e2 e4 95 17 34 2f 2c 5a 23 73 ac 58 Aug 26 13:24:13.826004: | cd 27 13 89 41 3c 39 9b 6b 44 56 12 4c 59 f5 dd Aug 26 13:24:13.826007: | d6 d1 e8 87 74 c8 2c 74 16 45 91 d5 45 bc cd 45 Aug 26 13:24:13.826009: | 81 1e 2f 83 c9 3c 60 d0 27 a8 35 d6 5a d2 99 17 Aug 26 13:24:13.826012: | 5a 0c 28 3d 64 83 3f a0 c5 f5 fe dd 01 e0 4a fb Aug 26 13:24:13.826014: | ac 44 1f 3d e7 60 f3 b3 d7 c4 df c4 a5 e3 40 9c Aug 26 13:24:13.826017: | 02 0b ea d3 87 53 51 58 b9 e5 8e f5 84 72 d7 6c Aug 26 13:24:13.826019: | 5d 25 bd fe d9 58 e1 57 6d 62 04 1d 37 c6 d8 59 Aug 26 13:24:13.826022: | 5b e7 2a 55 ab 50 bd 55 1f 5e 4f 15 8c 19 c4 93 Aug 26 13:24:13.826024: | 59 33 a9 70 1b 56 56 6d 68 0b 75 68 b3 f6 63 b2 Aug 26 13:24:13.826027: | ef e4 f4 d1 5e 51 81 7d 09 cf 6e 1d ae ce fc ef Aug 26 13:24:13.826029: | 8a 2d ac 6e a2 47 1a 3a 6b 65 65 32 29 77 75 5a Aug 26 13:24:13.826032: | f8 54 31 33 fe 9d 94 02 a3 3d 8b 3f f5 97 23 48 Aug 26 13:24:13.826034: | a1 d1 34 9e 12 c9 60 cd bb ba c3 c1 4c 48 11 be Aug 26 13:24:13.826037: | a0 3a 08 1c cc bb 2c ad 4b 4a c9 94 21 f1 c6 17 Aug 26 13:24:13.826039: | 3d 66 d2 3c da ac 32 49 70 2a 36 06 4a 4c 60 c8 Aug 26 13:24:13.826042: | e8 42 0c 19 22 Aug 26 13:24:13.826047: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:13.826050: | **parse ISAKMP Message: Aug 26 13:24:13.826053: | initiator cookie: Aug 26 13:24:13.826056: | 70 79 23 d6 e9 10 04 82 Aug 26 13:24:13.826059: | responder cookie: Aug 26 13:24:13.826061: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:13.826065: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:13.826068: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:13.826070: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:13.826074: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:13.826076: | Message ID: 2 (0x2) Aug 26 13:24:13.826079: | length: 405 (0x195) Aug 26 13:24:13.826083: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:13.826086: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:13.826090: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:13.826096: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:13.826100: | State DB: found IKEv2 state #3 in V2_REKEY_IKE_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:13.826104: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:13.826108: | start processing: state #3 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:13.826111: | #3 is idle Aug 26 13:24:13.826114: | #3 idle Aug 26 13:24:13.826116: | unpacking clear payload Aug 26 13:24:13.826119: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:13.826122: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:13.826125: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:13.826128: | flags: none (0x0) Aug 26 13:24:13.826131: | length: 377 (0x179) Aug 26 13:24:13.826134: | processing payload: ISAKMP_NEXT_v2SK (len=373) Aug 26 13:24:13.826137: | #3 in state V2_REKEY_IKE_I: STATE_V2_REKEY_IKE_I Aug 26 13:24:13.826155: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:13.826159: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:13.826161: | **parse IKEv2 Security Association Payload: Aug 26 13:24:13.826164: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:13.826167: | flags: none (0x0) Aug 26 13:24:13.826170: | length: 48 (0x30) Aug 26 13:24:13.826175: | processing payload: ISAKMP_NEXT_v2SA (len=44) Aug 26 13:24:13.826177: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:13.826180: | **parse IKEv2 Nonce Payload: Aug 26 13:24:13.826183: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:13.826185: | flags: none (0x0) Aug 26 13:24:13.826188: | length: 36 (0x24) Aug 26 13:24:13.826190: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:13.826193: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:13.826196: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:13.826199: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:13.826201: | flags: none (0x0) Aug 26 13:24:13.826204: | length: 264 (0x108) Aug 26 13:24:13.826207: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.826209: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:13.826212: | selected state microcode Process CREATE_CHILD_SA IKE Rekey Response Aug 26 13:24:13.826218: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:13.826221: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:24:13.826223: | Now let's proceed with state specific processing Aug 26 13:24:13.826226: | calling processor Process CREATE_CHILD_SA IKE Rekey Response Aug 26 13:24:13.826242: | using existing local IKE proposals for connection west (IKE SA accept response to rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:13.826246: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:24:13.826251: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:13.826254: | local proposal 1 type PRF has 2 transforms Aug 26 13:24:13.826257: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:13.826260: | local proposal 1 type DH has 8 transforms Aug 26 13:24:13.826263: | local proposal 1 type ESN has 0 transforms Aug 26 13:24:13.826266: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:24:13.826269: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:13.826272: | local proposal 2 type PRF has 2 transforms Aug 26 13:24:13.826274: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:13.826277: | local proposal 2 type DH has 8 transforms Aug 26 13:24:13.826280: | local proposal 2 type ESN has 0 transforms Aug 26 13:24:13.826283: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:24:13.826286: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:13.826293: | local proposal 3 type PRF has 2 transforms Aug 26 13:24:13.826296: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:13.826299: | local proposal 3 type DH has 8 transforms Aug 26 13:24:13.826302: | local proposal 3 type ESN has 0 transforms Aug 26 13:24:13.826305: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:24:13.826308: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:13.826310: | local proposal 4 type PRF has 2 transforms Aug 26 13:24:13.826313: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:13.826316: | local proposal 4 type DH has 8 transforms Aug 26 13:24:13.826318: | local proposal 4 type ESN has 0 transforms Aug 26 13:24:13.826321: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:24:13.826326: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:13.826329: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:13.826334: | length: 44 (0x2c) Aug 26 13:24:13.826337: | prop #: 1 (0x1) Aug 26 13:24:13.826340: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:13.826342: | spi size: 8 (0x8) Aug 26 13:24:13.826345: | # transforms: 3 (0x3) Aug 26 13:24:13.826349: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:13.826351: | remote SPI 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:13.826355: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:13.826358: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:13.826361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.826363: | length: 12 (0xc) Aug 26 13:24:13.826366: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:13.826369: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:13.826372: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:13.826375: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:13.826378: | length/value: 256 (0x100) Aug 26 13:24:13.826382: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:13.826385: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:13.826388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:13.826390: | length: 8 (0x8) Aug 26 13:24:13.826393: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:13.826396: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:13.826399: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:24:13.826402: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:13.826405: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:13.826407: | length: 8 (0x8) Aug 26 13:24:13.826410: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:13.826413: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:13.826416: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:13.826420: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:24:13.826425: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:24:13.826428: | remote proposal 1 matches local proposal 1 Aug 26 13:24:13.826431: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:24:13.826437: | accepted IKE proposal ikev2_proposal: 1:IKE:SPI=35ff3e14685e4a0f;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:24:13.826440: | converting proposal to internal trans attrs Aug 26 13:24:13.826448: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:24:13.826454: | adding DHv2 for IKE sa rekey initiator work-order 4 for state #3 Aug 26 13:24:13.826457: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:13.826460: | #3 STATE_V2_REKEY_IKE_I: retransmits: cleared Aug 26 13:24:13.826464: | libevent_free: release ptr-libevent@0x7f6e1c000f48 Aug 26 13:24:13.826469: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:24:13.826473: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:13.826477: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:13.826480: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:13.826494: | #3 spent 0.258 milliseconds in processing: Process CREATE_CHILD_SA IKE Rekey Response in ikev2_process_state_packet() Aug 26 13:24:13.826501: | crypto helper 4 resuming Aug 26 13:24:13.826504: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:13.826517: | crypto helper 4 starting work-order 4 for state #3 Aug 26 13:24:13.826522: | #3 complete_v2_state_transition() V2_REKEY_IKE_I->PARENT_I3 with status STF_SUSPEND Aug 26 13:24:13.826532: | suspending state #3 and saving MD Aug 26 13:24:13.826539: | #3 is busy; has a suspended MD Aug 26 13:24:13.826525: | crypto helper 4 doing compute dh (V2) (DHv2 for IKE sa rekey initiator); request ID 4 Aug 26 13:24:13.826549: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:13.826555: | "west" #3 complete v2 state STATE_V2_REKEY_IKE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:13.826562: | stop processing: state #3 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:13.826570: | #1 spent 0.604 milliseconds in ikev2_process_packet() Aug 26 13:24:13.826578: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:13.826583: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:13.826588: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:13.826595: | spent 0.629 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:13.827388: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:24:13.827798: | crypto helper 4 finished compute dh (V2) (DHv2 for IKE sa rekey initiator); request ID 4 time elapsed 0.001274 seconds Aug 26 13:24:13.827808: | (#3) spent 1.27 milliseconds in crypto helper computing work-order 4: DHv2 for IKE sa rekey initiator (pcr) Aug 26 13:24:13.827812: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Aug 26 13:24:13.827815: | scheduling resume sending helper answer for #3 Aug 26 13:24:13.827819: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:13.827827: | crypto helper 4 waiting (nothing to do) Aug 26 13:24:13.827836: | processing resume sending helper answer for #3 Aug 26 13:24:13.827846: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:13.827851: | crypto helper 4 replies to request ID 4 Aug 26 13:24:13.827854: | calling continuation function 0x56501b2b5b50 Aug 26 13:24:13.827857: | ikev2_child_ike_inR_continue for #3 STATE_V2_REKEY_IKE_I Aug 26 13:24:13.827862: "west" #3: rekeyed #1 STATE_V2_REKEY_IKE_I and expire it remaining life 3s Aug 26 13:24:13.827866: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:13.827869: | libevent_free: release ptr-libevent@0x56501cb80488 Aug 26 13:24:13.827872: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56501cb86798 Aug 26 13:24:13.827876: | event_schedule: new EVENT_SA_EXPIRE-pe@0x56501cb86798 Aug 26 13:24:13.827880: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #1 Aug 26 13:24:13.827883: | libevent_malloc: new ptr-libevent@0x56501cb80488 size 128 Aug 26 13:24:13.827888: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:13.827892: | #3 complete_v2_state_transition() V2_REKEY_IKE_I->PARENT_I3 with status STF_OK Aug 26 13:24:13.827895: | IKEv2: transition from state STATE_V2_REKEY_IKE_I to state STATE_PARENT_I3 Aug 26 13:24:13.827898: | Message ID: updating counters for #3 to 2 before emancipating Aug 26 13:24:13.827903: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:24:13.827908: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:13.827912: | Message ID: init_ike #3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:13.827915: | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] Aug 26 13:24:13.827921: | #2 migrated from IKE SA #1 to IKE SA #3 Aug 26 13:24:13.827924: | State DB: re-hashing IKEv2 state #2 IKE SPIi and SPI[ir] Aug 26 13:24:13.827927: | State DB: IKEv2 state not found (v2_migrate_children) Aug 26 13:24:13.827933: | parent state #3: V2_REKEY_IKE_I(established IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:24:13.827938: | #3 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:13.827941: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:13.827944: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:13.827947: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:13.827950: | event_schedule: new EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:13.827954: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #3 Aug 26 13:24:13.827957: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:13.828018: | pstats #3 ikev2.ike established Aug 26 13:24:13.828024: "west" #3: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:13.828027: | #3 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:13.828030: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:13.828033: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:13.828035: | free_event_entry: release EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:13.828038: | event_schedule: new EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:13.828041: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #3 Aug 26 13:24:13.828044: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:13.828047: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:24:13.828052: | #3 spent 0.201 milliseconds in resume sending helper answer Aug 26 13:24:13.828057: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:13.828060: | libevent_free: release ptr-libevent@0x7f6e14006318 Aug 26 13:24:14.828359: | timer_event_cb: processing event@0x56501cb86798 Aug 26 13:24:14.828412: | handling event EVENT_SA_EXPIRE for parent state #1 Aug 26 13:24:14.828438: | start processing: state #1 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:14.828452: | picked newest_isakmp_sa #3 for #1 Aug 26 13:24:14.828461: | IKE SA expired (superseded by #3) Aug 26 13:24:14.828471: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:24:14.828481: | pstats #1 ikev2.ike deleted completed Aug 26 13:24:14.828498: | #1 spent 25.6 milliseconds in total Aug 26 13:24:14.828514: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:14.828528: "west" #1: deleting state (STATE_PARENT_I3) aged 26.126s and sending notification Aug 26 13:24:14.828538: | parent state #1: PARENT_I3(established IKE SA) => delete Aug 26 13:24:14.828788: | #1 send IKEv2 delete notification for STATE_PARENT_I3 Aug 26 13:24:14.828823: | Opening output PBS informational exchange delete request Aug 26 13:24:14.828836: | **emit ISAKMP Message: Aug 26 13:24:14.828846: | initiator cookie: Aug 26 13:24:14.828854: | 70 79 23 d6 e9 10 04 82 Aug 26 13:24:14.828863: | responder cookie: Aug 26 13:24:14.828870: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:14.828880: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:14.828890: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:14.828899: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:14.828909: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:14.828918: | Message ID: 3 (0x3) Aug 26 13:24:14.828928: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:14.828939: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:14.828949: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:14.828957: | flags: none (0x0) Aug 26 13:24:14.828968: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:14.828978: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:14.829002: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:14.829026: | ****emit IKEv2 Delete Payload: Aug 26 13:24:14.829036: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:14.829044: | flags: none (0x0) Aug 26 13:24:14.829052: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:24:14.829061: | SPI size: 0 (0x0) Aug 26 13:24:14.829069: | number of SPIs: 0 (0x0) Aug 26 13:24:14.829080: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:14.829089: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:14.829099: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:24:14.829108: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:14.829119: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:14.829130: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:14.829138: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:24:14.829150: | emitting length of ISAKMP Message: 65 Aug 26 13:24:14.829230: | sending 65 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:14.829249: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:14.829262: | 2e 20 25 08 00 00 00 03 00 00 00 41 2a 00 00 25 Aug 26 13:24:14.829275: | a0 e9 dd 74 65 d6 e7 48 a6 b3 7e ad b6 e5 05 89 Aug 26 13:24:14.829306: | 85 12 8b 54 7f 96 04 6f b2 eb b7 91 93 b4 d3 ed Aug 26 13:24:14.829334: | 49 Aug 26 13:24:14.829451: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:24:14.829473: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:24:14.829499: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:24:14.829515: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:24:14.829529: | picked newest_isakmp_sa #3 for #1 Aug 26 13:24:14.829546: | IKE delete_state() for #1 and connection 'west' that is supposed to remain up; not a problem - have newer #3 Aug 26 13:24:14.829564: | in connection_discard for connection west Aug 26 13:24:14.829579: | State DB: deleting IKEv2 state #1 in PARENT_I3 Aug 26 13:24:14.829597: | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) Aug 26 13:24:14.829724: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:14.829777: | libevent_free: release ptr-libevent@0x56501cb80488 Aug 26 13:24:14.829794: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x56501cb86798 Aug 26 13:24:14.829811: | in statetime_stop() and could not find #1 Aug 26 13:24:14.829826: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:14.831052: | spent 0.0101 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:14.831138: | *received 57 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:14.831155: | 70 79 23 d6 e9 10 04 82 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:14.831165: | 2e 20 25 20 00 00 00 03 00 00 00 39 00 00 00 1d Aug 26 13:24:14.831173: | 1a ad f1 28 09 db 5d 35 cf a0 c0 12 67 f5 a1 9c Aug 26 13:24:14.831181: | 97 e5 fe a8 59 0a ba f1 3f Aug 26 13:24:14.831199: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:14.831217: | **parse ISAKMP Message: Aug 26 13:24:14.831230: | initiator cookie: Aug 26 13:24:14.831238: | 70 79 23 d6 e9 10 04 82 Aug 26 13:24:14.831247: | responder cookie: Aug 26 13:24:14.831255: | 21 6b 14 ae 73 9f a8 3c Aug 26 13:24:14.831265: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:14.831274: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:14.831335: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:14.831353: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:14.831363: | Message ID: 3 (0x3) Aug 26 13:24:14.831373: | length: 57 (0x39) Aug 26 13:24:14.831406: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:14.831429: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:14.831446: | State DB: IKEv2 state not found (find_v2_ike_sa) Aug 26 13:24:14.831481: packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA Aug 26 13:24:14.831515: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:14.831538: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:14.831558: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:14.831586: | spent 0.429 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:26.389976: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:26.390056: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:24:26.390071: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:26.390093: | get_sa_info esp.ca313cb5@192.1.2.45 Aug 26 13:24:26.390138: | get_sa_info esp.15358dd3@192.1.2.23 Aug 26 13:24:26.390201: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:26.390223: | spent 0.277 milliseconds in whack Aug 26 13:24:26.448043: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:26.448238: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:26.448243: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:26.448307: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:24:26.448311: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:26.448320: | get_sa_info esp.ca313cb5@192.1.2.45 Aug 26 13:24:26.448337: | get_sa_info esp.15358dd3@192.1.2.23 Aug 26 13:24:26.448360: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:26.448366: | spent 0.328 milliseconds in whack Aug 26 13:24:28.480308: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:28.480331: | expiring aged bare shunts from shunt table Aug 26 13:24:28.480351: | spent 0.0179 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:38.838326: | timer_event_cb: processing event@0x56501cb7d4f8 Aug 26 13:24:38.838352: | handling event EVENT_SA_REKEY for parent state #3 Aug 26 13:24:38.838365: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:38.838375: | picked newest_isakmp_sa #3 for #3 Aug 26 13:24:38.838381: | rekeying stale IKE SA Aug 26 13:24:38.838387: "west" #3: initiate rekey of IKEv2 CREATE_CHILD_SA IKE Rekey Aug 26 13:24:38.838396: | creating state object #4 at 0x56501cb7dba8 Aug 26 13:24:38.838402: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:24:38.838410: | pstats #4 ikev2.ike started Aug 26 13:24:38.838416: | duplicating state object #3 "west" as #4 for IKE SA Aug 26 13:24:38.838426: | #4 setting local endpoint to 192.1.2.45:500 from #3.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:38.838438: | Message ID: init_child #3.#4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:38.838456: | suspend processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:38.838466: | start processing: state #4 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:38.838473: | child state #4: UNDEFINED(ignore) => V2_REKEY_IKE_I0(established IKE SA) Aug 26 13:24:38.838481: | #4 schedule initiate IKE Rekey SA none to replace IKE# 3 Aug 26 13:24:38.838488: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56501cb86798 Aug 26 13:24:38.838500: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:24:38.838508: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:38.838518: | RESET processing: state #4 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:38.838523: | scheduling drop-dead replace event for #3 Aug 26 13:24:38.838529: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6e1c001f18 Aug 26 13:24:38.838537: | inserting event EVENT_SA_REPLACE, timeout in 4.989652 seconds for #3 Aug 26 13:24:38.838543: | libevent_malloc: new ptr-libevent@0x56501cb80638 size 128 Aug 26 13:24:38.838550: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:38.838555: | free_event_entry: release EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:38.838567: | #3 spent 0.242 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:38.838573: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:38.838584: | timer_event_cb: processing event@0x56501cb86798 Aug 26 13:24:38.838590: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:24:38.838599: | start processing: state #4 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:38.838608: | adding IKE REKEY Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:24:38.838614: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:38.838621: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:38.838627: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:38.838640: | libevent_free: release ptr-libevent@0x7f6e14006318 Aug 26 13:24:38.838646: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56501cb86798 Aug 26 13:24:38.838656: | #4 spent 0.0697 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:38.838665: | stop processing: state #4 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:24:38.838684: | crypto helper 5 resuming Aug 26 13:24:38.838701: | crypto helper 5 starting work-order 5 for state #4 Aug 26 13:24:38.838708: | crypto helper 5 doing build KE and nonce (IKE REKEY Initiator KE and nonce ni); request ID 5 Aug 26 13:24:38.839728: | crypto helper 5 finished build KE and nonce (IKE REKEY Initiator KE and nonce ni); request ID 5 time elapsed 0.001019 seconds Aug 26 13:24:38.839745: | (#4) spent 1.02 milliseconds in crypto helper computing work-order 5: IKE REKEY Initiator KE and nonce ni (pcr) Aug 26 13:24:38.839750: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Aug 26 13:24:38.839754: | scheduling resume sending helper answer for #4 Aug 26 13:24:38.839759: | libevent_malloc: new ptr-libevent@0x7f6e18002888 size 128 Aug 26 13:24:38.839770: | crypto helper 5 waiting (nothing to do) Aug 26 13:24:38.839785: | processing resume sending helper answer for #4 Aug 26 13:24:38.839802: | start processing: state #4 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:38.839811: | crypto helper 5 replies to request ID 5 Aug 26 13:24:38.839817: | calling continuation function 0x56501b2b5b50 Aug 26 13:24:38.839825: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_IKE_I0 Aug 26 13:24:38.839832: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:38.839838: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:38.839845: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:38.839851: | event_schedule: new EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:24:38.839858: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:24:38.839864: | libevent_malloc: new ptr-libevent@0x56501cb80588 size 128 Aug 26 13:24:38.839875: | Message ID: #3 wakeing IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:38.839881: | scheduling callback v2_msgid_schedule_next_initiator (#3) Aug 26 13:24:38.839892: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:38.839903: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:38.839911: | #4 complete_v2_state_transition() V2_REKEY_IKE_I0->V2_REKEY_IKE_I with status STF_SUSPEND Aug 26 13:24:38.839918: | suspending state #4 and saving MD Aug 26 13:24:38.839923: | #4 is busy; has a suspended MD Aug 26 13:24:38.839932: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:38.839939: | "west" #4 complete v2 state STATE_V2_REKEY_IKE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:38.839946: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:24:38.839956: | #4 spent 0.144 milliseconds in resume sending helper answer Aug 26 13:24:38.839965: | stop processing: state #4 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:38.839972: | libevent_free: release ptr-libevent@0x7f6e18002888 Aug 26 13:24:38.839981: | processing callback v2_msgid_schedule_next_initiator for #3 Aug 26 13:24:38.839990: | start processing: state #3 connection "west" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:24:38.840001: | Message ID: #3.#4 resuming SA using IKE SA (unack 0); initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:38.840010: | suspend processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:38.840019: | start processing: state #4 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:38.840030: | **emit ISAKMP Message: Aug 26 13:24:38.840036: | initiator cookie: Aug 26 13:24:38.840041: | 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:38.840047: | responder cookie: Aug 26 13:24:38.840051: | 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:38.840058: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:38.840063: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:38.840069: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:38.840075: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:38.840080: | Message ID: 0 (0x0) Aug 26 13:24:38.840086: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:38.840093: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:38.840099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:38.840104: | flags: none (0x0) Aug 26 13:24:38.840112: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:38.840118: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:38.840125: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:38.840164: | using existing local IKE proposals for connection west (IKE SA initiating rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:38.840171: | Emitting ikev2_proposals ... Aug 26 13:24:38.840177: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:38.840182: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:38.840187: | flags: none (0x0) Aug 26 13:24:38.840194: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:38.840203: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:38.840209: | discarding INTEG=NONE Aug 26 13:24:38.840215: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:38.840220: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.840226: | prop #: 1 (0x1) Aug 26 13:24:38.840231: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:38.840236: | spi size: 8 (0x8) Aug 26 13:24:38.840241: | # transforms: 11 (0xb) Aug 26 13:24:38.840247: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:38.840254: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:38.840260: | our spi 07 83 f5 f9 d9 8a 0b 04 Aug 26 13:24:38.840265: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840271: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840276: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:38.840281: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:38.840287: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840300: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:38.840306: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:38.840311: | length/value: 256 (0x100) Aug 26 13:24:38.840317: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:38.840323: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840338: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.840344: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:38.840350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840362: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840367: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840377: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.840382: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:38.840388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840400: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840405: | discarding INTEG=NONE Aug 26 13:24:38.840410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840420: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840425: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.840432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840438: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840443: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840449: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840468: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:38.840475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840486: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840491: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840507: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:38.840513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840524: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840529: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840545: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:38.840552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840563: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840568: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840584: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:38.840591: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840607: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840618: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840623: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:38.840629: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840641: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840646: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840662: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:38.840668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840674: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840680: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840687: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840693: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:38.840698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840704: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:38.840710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840716: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840727: | emitting length of IKEv2 Proposal Substructure Payload: 108 Aug 26 13:24:38.840733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:38.840738: | discarding INTEG=NONE Aug 26 13:24:38.840744: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:38.840749: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.840754: | prop #: 2 (0x2) Aug 26 13:24:38.840759: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:38.840764: | spi size: 8 (0x8) Aug 26 13:24:38.840769: | # transforms: 11 (0xb) Aug 26 13:24:38.840776: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.840782: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:38.840788: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:38.840793: | our spi 07 83 f5 f9 d9 8a 0b 04 Aug 26 13:24:38.840799: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840809: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:38.840815: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:38.840820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840826: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:38.840832: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:38.840837: | length/value: 128 (0x80) Aug 26 13:24:38.840843: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:38.840848: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840854: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840859: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.840864: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:38.840870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840882: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840887: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840898: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.840903: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:38.840909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840920: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840925: | discarding INTEG=NONE Aug 26 13:24:38.840930: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840944: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840949: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.840955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.840967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.840972: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.840977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.840982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.840988: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:38.840994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841000: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841005: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841010: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841021: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841026: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:38.841033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841044: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841049: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841059: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841064: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:38.841071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841082: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841087: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841098: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841103: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:38.841109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841120: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841125: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841136: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841141: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:38.841148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841153: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841162: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841167: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841183: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:38.841189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841200: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841205: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841210: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:38.841216: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841221: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:38.841227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841238: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841244: | emitting length of IKEv2 Proposal Substructure Payload: 108 Aug 26 13:24:38.841249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:38.841254: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:38.841260: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.841264: | prop #: 3 (0x3) Aug 26 13:24:38.841270: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:38.841274: | spi size: 8 (0x8) Aug 26 13:24:38.841279: | # transforms: 13 (0xd) Aug 26 13:24:38.841286: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.841308: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:38.841315: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:38.841320: | our spi 07 83 f5 f9 d9 8a 0b 04 Aug 26 13:24:38.841326: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841335: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841340: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:38.841345: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:38.841351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841357: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:38.841363: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:38.841368: | length/value: 256 (0x100) Aug 26 13:24:38.841374: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:38.841379: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841389: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.841394: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:38.841400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841406: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841411: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841416: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841431: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.841436: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:38.841442: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841448: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841459: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841470: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:38.841475: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:38.841482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841493: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841498: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841504: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841509: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:38.841514: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:38.841520: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841537: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841548: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841554: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.841559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841565: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841576: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841588: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841593: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:38.841600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841615: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841626: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841632: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:38.841638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841654: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841660: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841677: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:38.841684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841696: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841702: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841713: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841719: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:38.841726: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841738: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841744: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841749: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841755: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841760: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:38.841767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841780: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841787: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841803: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:38.841810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841828: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841834: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:38.841840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.841845: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:38.841851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841864: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.841870: | emitting length of IKEv2 Proposal Substructure Payload: 124 Aug 26 13:24:38.841876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:38.841882: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:38.841888: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:38.841897: | prop #: 4 (0x4) Aug 26 13:24:38.841902: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:38.841907: | spi size: 8 (0x8) Aug 26 13:24:38.841912: | # transforms: 13 (0xd) Aug 26 13:24:38.841919: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:38.841926: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:38.841932: | emitting 8 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:38.841938: | our spi 07 83 f5 f9 d9 8a 0b 04 Aug 26 13:24:38.841943: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.841949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.841954: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:38.841959: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:38.841965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.841972: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:38.841978: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:38.841983: | length/value: 128 (0x80) Aug 26 13:24:38.841989: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:38.841994: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842005: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.842010: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:38.842016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842028: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842033: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842044: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.842050: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:24:38.842056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842069: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842074: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842086: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:38.842091: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:38.842098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842109: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842114: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842125: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:38.842130: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:38.842136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842150: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842156: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842166: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842172: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.842178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842190: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842195: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842209: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:24:38.842216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842222: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842227: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842232: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842243: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842249: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:24:38.842255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842267: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842272: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842296: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:24:38.842303: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842315: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842324: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842329: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842334: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842338: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:24:38.842344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842357: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842362: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842373: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842379: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:24:38.842389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842401: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842406: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842412: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842422: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:24:38.842428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842441: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842446: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:38.842453: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:38.842458: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.842464: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:24:38.842470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.842477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:38.842483: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:38.842489: | emitting length of IKEv2 Proposal Substructure Payload: 124 Aug 26 13:24:38.842495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:38.842501: | emitting length of IKEv2 Security Association Payload: 468 Aug 26 13:24:38.842508: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:38.842513: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:38.842519: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:38.842525: | flags: none (0x0) Aug 26 13:24:38.842533: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:38.842539: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:38.842547: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:38.842554: | IKEv2 nonce e9 d9 af 04 1b f6 59 96 14 c6 68 e2 e9 eb 82 3d Aug 26 13:24:38.842560: | IKEv2 nonce b9 b0 7a 41 73 d0 98 0f 22 fa eb 6c dd d6 b2 60 Aug 26 13:24:38.842565: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:38.842571: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:38.842578: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:38.842583: | flags: none (0x0) Aug 26 13:24:38.842588: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.842595: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:38.842602: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:38.842610: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:38.842616: | ikev2 g^x 8c 58 14 14 6b b3 27 c2 5d 94 c9 bc d4 54 35 27 Aug 26 13:24:38.842621: | ikev2 g^x d9 80 77 ac 32 de 20 1d b8 00 0e 8d ed 6d f1 c0 Aug 26 13:24:38.842626: | ikev2 g^x 95 c7 09 6d 06 a2 bf 38 ee c1 c0 7f 24 68 73 3e Aug 26 13:24:38.842632: | ikev2 g^x 4e 6e d0 c7 27 35 c1 73 0d 3f 27 11 6c 44 c2 eb Aug 26 13:24:38.842640: | ikev2 g^x 21 0e b1 4f 62 d4 98 eb 13 c9 0d ef fa d1 42 26 Aug 26 13:24:38.842646: | ikev2 g^x 00 27 b2 6b 5a 34 57 b8 c4 85 79 74 66 9c 1f 96 Aug 26 13:24:38.842652: | ikev2 g^x c1 24 6a 9c b3 32 01 a5 22 e8 99 99 28 38 1e 85 Aug 26 13:24:38.842657: | ikev2 g^x b9 9d b9 5f f9 41 f1 71 d8 2f 66 6e 49 49 55 25 Aug 26 13:24:38.842662: | ikev2 g^x 07 66 e8 03 cf e2 45 4d a4 5f f5 cb ae 2b ef 37 Aug 26 13:24:38.842667: | ikev2 g^x df 2a fb 0b b2 ca 86 66 39 95 3e d6 6e 50 74 c7 Aug 26 13:24:38.842673: | ikev2 g^x 41 01 f1 41 83 e5 5a 6f d9 3a 6d b7 48 74 b6 3b Aug 26 13:24:38.842678: | ikev2 g^x 30 cb 7a c0 ee df 32 e1 49 13 7a e3 80 f7 00 49 Aug 26 13:24:38.842683: | ikev2 g^x 5a de b3 18 f4 dd 43 61 79 82 5f 57 b1 5a c2 6c Aug 26 13:24:38.842689: | ikev2 g^x fd 97 6d df 5a af e5 7d 67 c7 49 85 a5 c4 2b 38 Aug 26 13:24:38.842694: | ikev2 g^x 64 5f fe 4d b4 3d 66 23 f1 2c a8 41 00 1a fa b4 Aug 26 13:24:38.842699: | ikev2 g^x c7 2a fa 7c a6 c4 b3 9b 88 5f 45 43 8d 52 f1 89 Aug 26 13:24:38.842705: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:38.842712: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:38.842719: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:38.842726: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:38.842732: | emitting length of IKEv2 Encryption Payload: 797 Aug 26 13:24:38.842738: | emitting length of ISAKMP Message: 825 Aug 26 13:24:38.842769: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:38.842779: | #4 complete_v2_state_transition() V2_REKEY_IKE_I0->V2_REKEY_IKE_I with status STF_OK Aug 26 13:24:38.842786: | IKEv2: transition from state STATE_V2_REKEY_IKE_I0 to state STATE_V2_REKEY_IKE_I Aug 26 13:24:38.842793: | child state #4: V2_REKEY_IKE_I0(established IKE SA) => V2_REKEY_IKE_I(established IKE SA) Aug 26 13:24:38.842799: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:24:38.842804: | Message ID: IKE #3 skipping update_recv as MD is fake Aug 26 13:24:38.842816: | Message ID: sent #3.#4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:24:38.842824: "west" #4: STATE_V2_REKEY_IKE_I: STATE_V2_REKEY_IKE_I Aug 26 13:24:38.842835: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:38.842847: | sending 825 bytes for STATE_V2_REKEY_IKE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) Aug 26 13:24:38.842853: | 12 1d 17 88 f4 35 0a 1c 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:38.842858: | 2e 20 24 08 00 00 00 00 00 00 03 39 21 00 03 1d Aug 26 13:24:38.842863: | 37 51 13 a2 3a cc 89 6a 1d 88 81 29 8b e6 c5 a3 Aug 26 13:24:38.842868: | fb c4 e0 db b5 5f 2b 6e d4 71 46 91 99 9d 2a 7e Aug 26 13:24:38.842873: | 6e 99 93 75 c8 1c cc 9c d0 f2 1c 52 e5 6d 99 46 Aug 26 13:24:38.842878: | 69 d7 eb af a8 ae 18 49 f5 f8 2c 33 12 f8 5e 6c Aug 26 13:24:38.842883: | 42 f2 e9 f7 af ac e1 c3 7a 92 43 20 8e b2 d3 e5 Aug 26 13:24:38.842888: | 65 ea 18 d7 88 70 45 de 7a 73 1f ec 2c 0b 19 b0 Aug 26 13:24:38.842893: | 45 1d 24 3e 4a e5 05 6d ef fb a8 9e 04 6a a0 09 Aug 26 13:24:38.842897: | 85 9e 6d 67 5a 0b 6e 9d 87 47 4d d7 fa 51 d7 41 Aug 26 13:24:38.842902: | 73 b0 aa d7 e2 85 ee 39 c6 be 2c bc e5 90 4d d6 Aug 26 13:24:38.842907: | ce 0b 62 ed 51 22 50 54 92 59 ec ac 72 80 6b 43 Aug 26 13:24:38.842912: | c4 8a 3a eb 62 e7 f7 7d f9 6e 1d 8d be cc d1 a2 Aug 26 13:24:38.842917: | 7b 55 0f 4b 35 26 36 a7 c1 fa 54 31 a0 aa 3d 98 Aug 26 13:24:38.842922: | 84 a7 9d de ba 08 a7 e7 16 26 b5 06 e2 2e 53 f3 Aug 26 13:24:38.842927: | d1 de 5d 2c bd 8c 53 20 13 03 2f c8 a2 33 f0 f4 Aug 26 13:24:38.842932: | 28 64 bc ff 2d 63 9e 89 ea 3e 9d b6 48 0b ff 04 Aug 26 13:24:38.842937: | f2 f9 0a 25 0f c4 57 69 57 0e 98 d4 30 9b 4c c7 Aug 26 13:24:38.842946: | fa 7f 87 27 7e 77 7e cc e7 bf f3 ec a8 db ab 55 Aug 26 13:24:38.842952: | 6c c8 fe 51 dc 65 43 5b e2 80 90 b2 37 15 b9 77 Aug 26 13:24:38.842957: | 78 9d 3b 53 8c 79 42 69 ea 44 94 6f d6 c3 e5 77 Aug 26 13:24:38.842962: | 8d 93 d0 a2 66 31 3b b0 00 c4 f2 7c 6e 6d b4 32 Aug 26 13:24:38.842967: | d4 e7 8b df 18 dd d2 c0 17 a0 5e 60 31 c7 ff d6 Aug 26 13:24:38.842972: | f1 7e 00 81 f2 68 b2 cf 0c 37 e6 58 af 83 77 70 Aug 26 13:24:38.842977: | d1 5f 34 83 d8 a5 fb 01 de c6 8c 46 0e fc 16 2b Aug 26 13:24:38.842982: | 45 21 02 3b 69 3f 78 65 c2 6a f7 73 5c 8c 7d 8e Aug 26 13:24:38.842988: | 04 c1 f7 52 a9 07 d0 ab 0e 38 bc 37 11 b3 14 fd Aug 26 13:24:38.842993: | 33 e0 e1 25 3a 01 6b df 18 ed d8 08 9c 58 f5 a5 Aug 26 13:24:38.842998: | 40 21 69 e7 74 af 11 79 01 90 77 7f f1 6c 67 53 Aug 26 13:24:38.843002: | d0 30 bf 77 b0 b4 a7 f6 55 6e 10 d3 01 36 0d 6e Aug 26 13:24:38.843007: | 18 40 be 33 84 33 cf 80 da 43 0d 2f a9 43 2f 14 Aug 26 13:24:38.843012: | 14 9f f5 f7 b8 5d 0d a9 57 bf 14 e8 ff 2f 68 2b Aug 26 13:24:38.843016: | a5 f5 50 5e 06 3d d6 6d b4 05 ff c8 39 02 c7 22 Aug 26 13:24:38.843021: | 97 2c 12 7e be f4 a8 0e ca 88 a2 c9 8b ee 2a 65 Aug 26 13:24:38.843025: | f2 50 5f ad 23 8d e0 ec d7 c8 53 61 09 41 3c c2 Aug 26 13:24:38.843030: | 45 df bc 01 f5 2d 01 4c 8c 1b 2a 8e 6d b8 8c 36 Aug 26 13:24:38.843035: | d5 60 92 56 27 cc 4e ff 11 68 ae 03 75 e2 b0 48 Aug 26 13:24:38.843039: | e9 3f e3 a9 ba 58 d1 2b 1f 2e 19 d5 48 29 d4 40 Aug 26 13:24:38.843045: | ba 8f d7 d3 a2 d3 7e 46 9c 4c f6 41 5c fe 04 cc Aug 26 13:24:38.843049: | cd 7f 4d b1 f2 e9 79 7a 17 41 0c 72 43 fc 59 78 Aug 26 13:24:38.843054: | a3 05 5b 2a a5 f1 8d c6 05 5a 60 d5 65 4c 6b 35 Aug 26 13:24:38.843059: | 1f 91 77 a9 63 15 ba 35 38 5a 75 e5 95 4f 36 4e Aug 26 13:24:38.843064: | 3d dc 53 95 ee 48 a9 3d 4b b9 9b ce 90 27 82 a3 Aug 26 13:24:38.843069: | 87 a4 da 7b b4 14 54 b2 36 13 9e f8 95 4d 39 09 Aug 26 13:24:38.843074: | 24 3d 19 43 79 f7 81 c1 14 63 23 94 e8 bb 68 48 Aug 26 13:24:38.843079: | 37 c0 e5 1c 3f 88 ba 9f e2 ac f0 28 e2 57 b8 e6 Aug 26 13:24:38.843084: | dc e1 ba fe 22 1f 74 3c 0b c2 15 f3 1a a4 5c 0d Aug 26 13:24:38.843089: | 97 87 c7 23 52 03 46 88 3e e7 60 a8 c7 0e 12 84 Aug 26 13:24:38.843094: | e7 bb 65 26 1e c5 5f 8b b8 6b 6f 58 dc d0 17 b7 Aug 26 13:24:38.843099: | bd 79 91 c5 0f 6b 16 78 02 0b e5 7e 64 11 73 e4 Aug 26 13:24:38.843104: | 29 ef f4 29 f6 47 a9 45 20 cb 4a 63 42 83 eb a7 Aug 26 13:24:38.843108: | 44 90 c2 1d 63 80 d4 32 1d Aug 26 13:24:38.843175: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:38.843185: | libevent_free: release ptr-libevent@0x56501cb80588 Aug 26 13:24:38.843192: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56501cb7d4f8 Aug 26 13:24:38.843198: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:24:38.843205: | event_schedule: new EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:24:38.843212: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #4 Aug 26 13:24:38.843219: | libevent_malloc: new ptr-libevent@0x56501cb80488 size 128 Aug 26 13:24:38.843229: | #4 STATE_V2_REKEY_IKE_I: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11164.58567 Aug 26 13:24:38.843243: | stop processing: state #4 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:38.843252: | resume processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:38.843263: | #3 spent 3.21 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:38.843272: | stop processing: state #3 connection "west" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:24:38.843279: | libevent_free: release ptr-libevent@0x7f6e14006318 Aug 26 13:24:38.848703: | spent 0.00497 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:38.848742: | *received 405 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:38.848748: | 12 1d 17 88 f4 35 0a 1c 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:38.848752: | 2e 20 24 20 00 00 00 00 00 00 01 95 21 00 01 79 Aug 26 13:24:38.848755: | 09 84 f3 3f f8 fc 72 27 a7 d3 b3 07 97 05 89 1f Aug 26 13:24:38.848758: | 9d df db b7 18 ce 0a 27 4b b2 0c f8 d9 31 b9 3e Aug 26 13:24:38.848761: | 2d 4e 57 ab 2c 10 9e 25 ba bc e0 78 d8 9c 96 dc Aug 26 13:24:38.848764: | 40 5b 85 77 01 8f bd ed b9 79 04 5f 56 45 5b 83 Aug 26 13:24:38.848767: | db 92 1e 92 a3 69 80 20 56 dd 93 0f cc e4 f9 bc Aug 26 13:24:38.848770: | 09 bd b9 96 17 01 0b 1d bb 11 64 0f 6a 55 39 a8 Aug 26 13:24:38.848773: | 01 e0 86 d9 76 bd 8c 40 6c ba 3a 55 3d 84 b4 83 Aug 26 13:24:38.848776: | 3c a7 2e a3 ab 54 a1 b3 ad 52 a5 5d fc 0b 23 21 Aug 26 13:24:38.848779: | 70 cb b7 6e ed 81 f5 13 b5 70 21 8f 5e fc 7a a3 Aug 26 13:24:38.848782: | aa a9 04 a1 b3 9a bd f1 ed 54 5c b7 c3 1c 3a 83 Aug 26 13:24:38.848785: | 7c 2a 75 61 13 28 38 56 b7 57 46 15 d3 b1 74 94 Aug 26 13:24:38.848788: | 37 38 0e 1c 75 f6 e6 8a 84 49 30 93 49 60 0a 0b Aug 26 13:24:38.848791: | b6 10 7a 4f 18 6c d0 5d 69 d0 3f bc 03 f1 e9 ab Aug 26 13:24:38.848794: | c7 ea c9 9b a9 84 d8 2d 82 7d 8a 71 43 93 72 bd Aug 26 13:24:38.848797: | f4 b2 d2 1f 2a 0c ce 9a d3 ce a9 fd c0 b3 7b 49 Aug 26 13:24:38.848800: | 0b a9 3c 1a 08 91 13 bd c9 bc d3 79 0a 8f 00 3b Aug 26 13:24:38.848803: | 73 86 f1 ee 5e de f6 b6 5b 6d a5 12 d1 e2 70 2b Aug 26 13:24:38.848806: | 0b 71 67 93 e1 b6 cf dc 52 1d 3c 3b 11 75 1e 04 Aug 26 13:24:38.848809: | 24 47 f9 df 72 5f 0b 5d 07 14 33 cd 72 cc a0 61 Aug 26 13:24:38.848812: | 31 2d 48 c2 a1 78 25 dd 92 9e 21 f0 d3 68 76 13 Aug 26 13:24:38.848815: | a4 0e a8 0d 57 c0 a6 84 58 65 11 31 05 0c 60 c8 Aug 26 13:24:38.848818: | c8 f3 ca 56 75 7c f5 ee 39 0b 71 0a ad 6b 82 f1 Aug 26 13:24:38.848821: | 79 0f 48 5c fd c4 7c 62 8a 31 fe 38 77 4d 98 50 Aug 26 13:24:38.848824: | e8 99 09 59 9e Aug 26 13:24:38.848830: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:38.848835: | **parse ISAKMP Message: Aug 26 13:24:38.848839: | initiator cookie: Aug 26 13:24:38.848842: | 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:38.848845: | responder cookie: Aug 26 13:24:38.848848: | 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:38.848852: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:38.848855: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:38.848859: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:38.848862: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:38.848866: | Message ID: 0 (0x0) Aug 26 13:24:38.848869: | length: 405 (0x195) Aug 26 13:24:38.848873: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:38.848878: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:38.848883: | State DB: found IKEv2 state #3 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:38.848891: | start processing: state #3 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:38.848895: | State DB: found IKEv2 state #4 in V2_REKEY_IKE_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:38.848901: | suspend processing: state #3 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:38.848905: | start processing: state #4 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:38.848909: | #4 is idle Aug 26 13:24:38.848912: | #4 idle Aug 26 13:24:38.848915: | unpacking clear payload Aug 26 13:24:38.848918: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:38.848922: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:38.848926: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:38.848929: | flags: none (0x0) Aug 26 13:24:38.848935: | length: 377 (0x179) Aug 26 13:24:38.848939: | processing payload: ISAKMP_NEXT_v2SK (len=373) Aug 26 13:24:38.848942: | #4 in state V2_REKEY_IKE_I: STATE_V2_REKEY_IKE_I Aug 26 13:24:38.848960: | #4 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:38.848964: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:38.848968: | **parse IKEv2 Security Association Payload: Aug 26 13:24:38.848971: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:38.848974: | flags: none (0x0) Aug 26 13:24:38.848977: | length: 48 (0x30) Aug 26 13:24:38.848981: | processing payload: ISAKMP_NEXT_v2SA (len=44) Aug 26 13:24:38.848984: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:38.848987: | **parse IKEv2 Nonce Payload: Aug 26 13:24:38.848990: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:38.848993: | flags: none (0x0) Aug 26 13:24:38.848996: | length: 36 (0x24) Aug 26 13:24:38.848999: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:38.849002: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:38.849006: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:38.849009: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:38.849012: | flags: none (0x0) Aug 26 13:24:38.849016: | length: 264 (0x108) Aug 26 13:24:38.849019: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.849022: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:38.849026: | selected state microcode Process CREATE_CHILD_SA IKE Rekey Response Aug 26 13:24:38.849033: | #3 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:38.849037: | forcing ST #4 to CHILD #3.#4 in FSM processor Aug 26 13:24:38.849040: | Now let's proceed with state specific processing Aug 26 13:24:38.849043: | calling processor Process CREATE_CHILD_SA IKE Rekey Response Aug 26 13:24:38.849063: | using existing local IKE proposals for connection west (IKE SA accept response to rekey): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:24:38.849068: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:24:38.849072: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:38.849075: | local proposal 1 type PRF has 2 transforms Aug 26 13:24:38.849079: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:38.849082: | local proposal 1 type DH has 8 transforms Aug 26 13:24:38.849085: | local proposal 1 type ESN has 0 transforms Aug 26 13:24:38.849090: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:24:38.849093: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:38.849096: | local proposal 2 type PRF has 2 transforms Aug 26 13:24:38.849099: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:38.849103: | local proposal 2 type DH has 8 transforms Aug 26 13:24:38.849106: | local proposal 2 type ESN has 0 transforms Aug 26 13:24:38.849110: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:24:38.849113: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:38.849116: | local proposal 3 type PRF has 2 transforms Aug 26 13:24:38.849119: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:38.849123: | local proposal 3 type DH has 8 transforms Aug 26 13:24:38.849126: | local proposal 3 type ESN has 0 transforms Aug 26 13:24:38.849130: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:24:38.849135: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:38.849138: | local proposal 4 type PRF has 2 transforms Aug 26 13:24:38.849142: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:38.849145: | local proposal 4 type DH has 8 transforms Aug 26 13:24:38.849148: | local proposal 4 type ESN has 0 transforms Aug 26 13:24:38.849152: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:24:38.849156: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:38.849159: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:38.849162: | length: 44 (0x2c) Aug 26 13:24:38.849165: | prop #: 1 (0x1) Aug 26 13:24:38.849169: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:24:38.849172: | spi size: 8 (0x8) Aug 26 13:24:38.849175: | # transforms: 3 (0x3) Aug 26 13:24:38.849179: | parsing 8 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:38.849183: | remote SPI 6c de b9 32 4b 12 ce 1a Aug 26 13:24:38.849187: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:38.849191: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:38.849194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.849197: | length: 12 (0xc) Aug 26 13:24:38.849200: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:38.849204: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:38.849207: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:38.849211: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:38.849214: | length/value: 256 (0x100) Aug 26 13:24:38.849219: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:38.849223: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:38.849226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:38.849229: | length: 8 (0x8) Aug 26 13:24:38.849233: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:24:38.849236: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:24:38.849240: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:24:38.849244: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:38.849247: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:38.849250: | length: 8 (0x8) Aug 26 13:24:38.849253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:38.849257: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:38.849261: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:38.849266: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:24:38.849271: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:24:38.849274: | remote proposal 1 matches local proposal 1 Aug 26 13:24:38.849278: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:24:38.849285: | accepted IKE proposal ikev2_proposal: 1:IKE:SPI=6cdeb9324b12ce1a;ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:24:38.849296: | converting proposal to internal trans attrs Aug 26 13:24:38.849308: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:24:38.849314: | adding DHv2 for IKE sa rekey initiator work-order 6 for state #4 Aug 26 13:24:38.849318: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:38.849322: | #4 STATE_V2_REKEY_IKE_I: retransmits: cleared Aug 26 13:24:38.849328: | libevent_free: release ptr-libevent@0x56501cb80488 Aug 26 13:24:38.849331: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56501cb7d4f8 Aug 26 13:24:38.849335: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:38.849341: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:24:38.849347: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:38.849362: | #4 spent 0.306 milliseconds in processing: Process CREATE_CHILD_SA IKE Rekey Response in ikev2_process_state_packet() Aug 26 13:24:38.849369: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:38.849373: | #4 complete_v2_state_transition() V2_REKEY_IKE_I->PARENT_I3 with status STF_SUSPEND Aug 26 13:24:38.849374: | crypto helper 6 resuming Aug 26 13:24:38.849377: | suspending state #4 and saving MD Aug 26 13:24:38.849404: | crypto helper 6 starting work-order 6 for state #4 Aug 26 13:24:38.849417: | crypto helper 6 doing compute dh (V2) (DHv2 for IKE sa rekey initiator); request ID 6 Aug 26 13:24:38.849405: | #4 is busy; has a suspended MD Aug 26 13:24:38.849437: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:38.849444: | "west" #4 complete v2 state STATE_V2_REKEY_IKE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:38.849449: | stop processing: state #4 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:38.849455: | #3 spent 0.708 milliseconds in ikev2_process_packet() Aug 26 13:24:38.849461: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:38.849465: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:38.849468: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:38.849473: | spent 0.727 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:38.851082: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:24:38.851896: | crypto helper 6 finished compute dh (V2) (DHv2 for IKE sa rekey initiator); request ID 6 time elapsed 0.002478 seconds Aug 26 13:24:38.851919: | (#4) spent 2.48 milliseconds in crypto helper computing work-order 6: DHv2 for IKE sa rekey initiator (pcr) Aug 26 13:24:38.851926: | crypto helper 6 sending results from work-order 6 for state #4 to event queue Aug 26 13:24:38.851933: | scheduling resume sending helper answer for #4 Aug 26 13:24:38.851939: | libevent_malloc: new ptr-libevent@0x7f6e0c0011d8 size 128 Aug 26 13:24:38.851953: | crypto helper 6 waiting (nothing to do) Aug 26 13:24:38.851998: | processing resume sending helper answer for #4 Aug 26 13:24:38.852017: | start processing: state #4 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:38.852024: | crypto helper 6 replies to request ID 6 Aug 26 13:24:38.852028: | calling continuation function 0x56501b2b5b50 Aug 26 13:24:38.852032: | ikev2_child_ike_inR_continue for #4 STATE_V2_REKEY_IKE_I Aug 26 13:24:38.852038: "west" #4: rekeyed #3 STATE_V2_REKEY_IKE_I and expire it remaining life 3s Aug 26 13:24:38.852043: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:38.852047: | libevent_free: release ptr-libevent@0x56501cb80638 Aug 26 13:24:38.852052: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6e1c001f18 Aug 26 13:24:38.852056: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f6e1c001f18 Aug 26 13:24:38.852061: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #3 Aug 26 13:24:38.852064: | libevent_malloc: new ptr-libevent@0x56501cb80638 size 128 Aug 26 13:24:38.852071: | [RE]START processing: state #4 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:38.852076: | #4 complete_v2_state_transition() V2_REKEY_IKE_I->PARENT_I3 with status STF_OK Aug 26 13:24:38.852080: | IKEv2: transition from state STATE_V2_REKEY_IKE_I to state STATE_PARENT_I3 Aug 26 13:24:38.852084: | Message ID: updating counters for #4 to 0 before emancipating Aug 26 13:24:38.852090: | Message ID: recv #3.#4 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:24:38.852096: | Message ID: #3.#4 skipping update_send as nothing to send; initiator.sent=0 initiator.recv=0 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:38.852106: | Message ID: init_ike #4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:38.852110: | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir] Aug 26 13:24:38.852119: | #2 migrated from IKE SA #3 to IKE SA #4 Aug 26 13:24:38.852123: | State DB: re-hashing IKEv2 state #2 IKE SPIi and SPI[ir] Aug 26 13:24:38.852127: | State DB: IKEv2 state not found (v2_migrate_children) Aug 26 13:24:38.852131: | parent state #4: V2_REKEY_IKE_I(established IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:24:38.852137: | #4 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:38.852141: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:38.852144: | libevent_free: release ptr-libevent@0x7f6e14006318 Aug 26 13:24:38.852148: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56501cb7d4f8 Aug 26 13:24:38.852152: | event_schedule: new EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:38.852157: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #4 Aug 26 13:24:38.852160: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:38.852225: | pstats #4 ikev2.ike established Aug 26 13:24:38.852233: "west" #4: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:38.852238: | #4 will start re-keying in 25 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:38.852242: | state #4 requesting EVENT_SA_REKEY to be deleted Aug 26 13:24:38.852246: | libevent_free: release ptr-libevent@0x7f6e14006318 Aug 26 13:24:38.852251: | free_event_entry: release EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:38.852258: | event_schedule: new EVENT_SA_REKEY-pe@0x56501cb7d4f8 Aug 26 13:24:38.852266: | inserting event EVENT_SA_REKEY, timeout in 25 seconds for #4 Aug 26 13:24:38.852273: | libevent_malloc: new ptr-libevent@0x7f6e14006318 size 128 Aug 26 13:24:38.852283: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:24:38.852305: | #4 spent 0.27 milliseconds in resume sending helper answer Aug 26 13:24:38.852322: | stop processing: state #4 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:38.852329: | libevent_free: release ptr-libevent@0x7f6e0c0011d8 Aug 26 13:24:39.853416: | timer_event_cb: processing event@0x7f6e1c001f18 Aug 26 13:24:39.853467: | handling event EVENT_SA_EXPIRE for parent state #3 Aug 26 13:24:39.853485: | start processing: state #3 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:24:39.853495: | picked newest_isakmp_sa #4 for #3 Aug 26 13:24:39.853501: | IKE SA expired (superseded by #4) Aug 26 13:24:39.853509: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:24:39.853516: | pstats #3 ikev2.ike deleted completed Aug 26 13:24:39.853526: | #3 spent 8.15 milliseconds in total Aug 26 13:24:39.853538: | [RE]START processing: state #3 connection "west" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:24:39.853548: "west" #3: deleting state (STATE_PARENT_I3) aged 26.037s and sending notification Aug 26 13:24:39.853555: | parent state #3: PARENT_I3(established IKE SA) => delete Aug 26 13:24:39.853728: | #3 send IKEv2 delete notification for STATE_PARENT_I3 Aug 26 13:24:39.853741: | Opening output PBS informational exchange delete request Aug 26 13:24:39.853749: | **emit ISAKMP Message: Aug 26 13:24:39.853755: | initiator cookie: Aug 26 13:24:39.853761: | 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:39.853767: | responder cookie: Aug 26 13:24:39.853772: | 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:39.853779: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:39.853785: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.853792: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.853799: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:39.853816: | Message ID: 1 (0x1) Aug 26 13:24:39.853823: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:39.853831: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:39.853838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.853844: | flags: none (0x0) Aug 26 13:24:39.853851: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:39.853858: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.853867: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:39.853885: | ****emit IKEv2 Delete Payload: Aug 26 13:24:39.853892: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:39.853898: | flags: none (0x0) Aug 26 13:24:39.853905: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:24:39.853911: | SPI size: 0 (0x0) Aug 26 13:24:39.853916: | number of SPIs: 0 (0x0) Aug 26 13:24:39.853924: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:39.853931: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:39.853938: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:24:39.853945: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:39.853954: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:39.853961: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:39.853967: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:24:39.853973: | emitting length of ISAKMP Message: 65 Aug 26 13:24:39.854016: | sending 65 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) Aug 26 13:24:39.854025: | 12 1d 17 88 f4 35 0a 1c 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:39.854031: | 2e 20 25 08 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:24:39.854036: | d2 70 69 ac 0b ad 74 f8 fa 7e 11 13 58 c9 ae d4 Aug 26 13:24:39.854042: | ca cb 11 d3 35 a9 87 1d 35 73 69 92 3c b6 52 90 Aug 26 13:24:39.854047: | 8f Aug 26 13:24:39.854133: | Message ID: IKE #3 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:24:39.854145: | Message ID: IKE #3 sender #3 in send_delete hacking around record ' send Aug 26 13:24:39.854157: | Message ID: sent #3 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1 wip.initiator=-1->1 wip.responder=-1 Aug 26 13:24:39.854165: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:24:39.854172: | picked newest_isakmp_sa #4 for #3 Aug 26 13:24:39.854181: | IKE delete_state() for #3 and connection 'west' that is supposed to remain up; not a problem - have newer #4 Aug 26 13:24:39.854189: | in connection_discard for connection west Aug 26 13:24:39.854196: | State DB: deleting IKEv2 state #3 in PARENT_I3 Aug 26 13:24:39.854205: | parent state #3: PARENT_I3(established IKE SA) => UNDEFINED(ignore) Aug 26 13:24:39.854238: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:24:39.854273: | libevent_free: release ptr-libevent@0x56501cb80638 Aug 26 13:24:39.854282: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f6e1c001f18 Aug 26 13:24:39.854306: | in statetime_stop() and could not find #3 Aug 26 13:24:39.854325: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:39.854959: | spent 0.00775 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:39.855007: | *received 57 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:39.855016: | 12 1d 17 88 f4 35 0a 1c 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:39.855022: | 2e 20 25 20 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:24:39.855036: | 91 d6 b1 f8 61 4d c6 12 8f 52 69 75 bd 96 fe 07 Aug 26 13:24:39.855042: | fc 68 5f 51 47 d4 da e8 1e Aug 26 13:24:39.855052: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:39.855060: | **parse ISAKMP Message: Aug 26 13:24:39.855066: | initiator cookie: Aug 26 13:24:39.855072: | 12 1d 17 88 f4 35 0a 1c Aug 26 13:24:39.855078: | responder cookie: Aug 26 13:24:39.855083: | 35 ff 3e 14 68 5e 4a 0f Aug 26 13:24:39.855090: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:39.855096: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:39.855102: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:39.855108: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:39.855114: | Message ID: 1 (0x1) Aug 26 13:24:39.855120: | length: 57 (0x39) Aug 26 13:24:39.855127: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:39.855135: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:39.855142: | State DB: IKEv2 state not found (find_v2_ike_sa) Aug 26 13:24:39.855150: packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA Aug 26 13:24:39.855159: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:39.855167: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:39.855174: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:39.855184: | spent 0.196 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:48.482451: | processing global timer EVENT_PENDING_DDNS Aug 26 13:24:48.482477: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:24:48.482480: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:24:48.482484: | elapsed time in connection_check_ddns for hostname lookup 0.000005 Aug 26 13:24:48.482489: | spent 0.00961 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:24:48.482491: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:48.482494: | expiring aged bare shunts from shunt table Aug 26 13:24:48.482496: | spent 0.00278 milliseconds in global timer EVENT_SHUNT_SCAN