Aug 26 13:23:51.566195: FIPS Product: YES Aug 26 13:23:51.566273: FIPS Kernel: NO Aug 26 13:23:51.566275: FIPS Mode: NO Aug 26 13:23:51.566277: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:23:51.566432: Initializing NSS Aug 26 13:23:51.566440: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:23:51.590324: NSS initialized Aug 26 13:23:51.590349: NSS crypto library initialized Aug 26 13:23:51.590351: FIPS HMAC integrity support [enabled] Aug 26 13:23:51.590353: FIPS mode disabled for pluto daemon Aug 26 13:23:51.615343: FIPS HMAC integrity verification self-test FAILED Aug 26 13:23:51.615431: libcap-ng support [enabled] Aug 26 13:23:51.615439: Linux audit support [enabled] Aug 26 13:23:51.615468: Linux audit activated Aug 26 13:23:51.615473: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23295 Aug 26 13:23:51.615475: core dump dir: /tmp Aug 26 13:23:51.615477: secrets file: /etc/ipsec.secrets Aug 26 13:23:51.615478: leak-detective enabled Aug 26 13:23:51.615479: NSS crypto [enabled] Aug 26 13:23:51.615481: XAUTH PAM support [enabled] Aug 26 13:23:51.615538: | libevent is using pluto's memory allocator Aug 26 13:23:51.615543: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:23:51.615555: | libevent_malloc: new ptr-libevent@0x5650799b7d38 size 40 Aug 26 13:23:51.615561: | libevent_malloc: new ptr-libevent@0x565079995cd8 size 40 Aug 26 13:23:51.615563: | libevent_malloc: new ptr-libevent@0x565079995dd8 size 40 Aug 26 13:23:51.615565: | creating event base Aug 26 13:23:51.615567: | libevent_malloc: new ptr-libevent@0x565079a1a838 size 56 Aug 26 13:23:51.615570: | libevent_malloc: new ptr-libevent@0x5650799be5f8 size 664 Aug 26 13:23:51.615578: | libevent_malloc: new ptr-libevent@0x565079a1a8a8 size 24 Aug 26 13:23:51.615580: | libevent_malloc: new ptr-libevent@0x565079a1a8f8 size 384 Aug 26 13:23:51.615587: | libevent_malloc: new ptr-libevent@0x565079a1a7f8 size 16 Aug 26 13:23:51.615589: | libevent_malloc: new ptr-libevent@0x565079995908 size 40 Aug 26 13:23:51.615591: | libevent_malloc: new ptr-libevent@0x565079995d38 size 48 Aug 26 13:23:51.615594: | libevent_realloc: new ptr-libevent@0x5650799be288 size 256 Aug 26 13:23:51.615596: | libevent_malloc: new ptr-libevent@0x565079a1aaa8 size 16 Aug 26 13:23:51.615600: | libevent_free: release ptr-libevent@0x565079a1a838 Aug 26 13:23:51.615603: | libevent initialized Aug 26 13:23:51.615605: | libevent_realloc: new ptr-libevent@0x565079a1a838 size 64 Aug 26 13:23:51.615608: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:23:51.615621: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:23:51.615623: NAT-Traversal support [enabled] Aug 26 13:23:51.615625: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:23:51.615629: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:23:51.615631: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:23:51.615660: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:23:51.615662: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:23:51.615664: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:23:51.615698: Encryption algorithms: Aug 26 13:23:51.615705: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:23:51.615707: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:23:51.615710: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:23:51.615712: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:23:51.615714: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:23:51.615721: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:23:51.615723: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:23:51.615726: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:23:51.615728: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:23:51.615730: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:23:51.615732: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:23:51.615735: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:23:51.615737: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:23:51.615739: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:23:51.615741: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:23:51.615743: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:23:51.615745: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:23:51.615750: Hash algorithms: Aug 26 13:23:51.615752: MD5 IKEv1: IKE IKEv2: Aug 26 13:23:51.615754: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:23:51.615756: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:23:51.615758: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:23:51.615760: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:23:51.615768: PRF algorithms: Aug 26 13:23:51.615770: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:23:51.615772: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:23:51.615775: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:23:51.615777: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:23:51.615779: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:23:51.615781: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:23:51.615796: Integrity algorithms: Aug 26 13:23:51.615798: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:23:51.615801: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:23:51.615803: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:23:51.615806: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:23:51.615808: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:23:51.615810: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:23:51.615812: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:23:51.615814: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:23:51.615816: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:23:51.615824: DH algorithms: Aug 26 13:23:51.615826: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:23:51.615828: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:23:51.615830: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:23:51.615833: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:23:51.615835: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:23:51.615837: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:23:51.615839: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:23:51.615841: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:23:51.615843: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:23:51.615845: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:23:51.615847: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:23:51.615848: testing CAMELLIA_CBC: Aug 26 13:23:51.615851: Camellia: 16 bytes with 128-bit key Aug 26 13:23:51.615938: Camellia: 16 bytes with 128-bit key Aug 26 13:23:51.615957: Camellia: 16 bytes with 256-bit key Aug 26 13:23:51.615975: Camellia: 16 bytes with 256-bit key Aug 26 13:23:51.615994: testing AES_GCM_16: Aug 26 13:23:51.615996: empty string Aug 26 13:23:51.616014: one block Aug 26 13:23:51.616030: two blocks Aug 26 13:23:51.616046: two blocks with associated data Aug 26 13:23:51.616061: testing AES_CTR: Aug 26 13:23:51.616063: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:23:51.616080: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:23:51.616096: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:23:51.616114: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:23:51.616129: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:23:51.616146: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:23:51.616163: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:23:51.616179: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:23:51.616195: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:23:51.616212: testing AES_CBC: Aug 26 13:23:51.616214: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:23:51.616230: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:23:51.616247: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:23:51.616263: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:23:51.616283: testing AES_XCBC: Aug 26 13:23:51.616285: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:23:51.616396: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:23:51.616477: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:23:51.616550: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:23:51.616624: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:23:51.616700: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:23:51.616776: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:23:51.616940: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:23:51.617015: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:23:51.617096: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:23:51.617234: testing HMAC_MD5: Aug 26 13:23:51.617237: RFC 2104: MD5_HMAC test 1 Aug 26 13:23:51.617380: RFC 2104: MD5_HMAC test 2 Aug 26 13:23:51.617475: RFC 2104: MD5_HMAC test 3 Aug 26 13:23:51.617593: 8 CPU cores online Aug 26 13:23:51.617596: starting up 7 crypto helpers Aug 26 13:23:51.617625: started thread for crypto helper 0 Aug 26 13:23:51.617652: | starting up helper thread 0 Aug 26 13:23:51.617658: started thread for crypto helper 1 Aug 26 13:23:51.617665: | starting up helper thread 1 Aug 26 13:23:51.617686: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:23:51.617667: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:23:51.617692: started thread for crypto helper 2 Aug 26 13:23:51.617696: | starting up helper thread 2 Aug 26 13:23:51.617720: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:23:51.617732: started thread for crypto helper 3 Aug 26 13:23:51.617689: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:51.617768: started thread for crypto helper 4 Aug 26 13:23:51.617765: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:51.617765: | starting up helper thread 3 Aug 26 13:23:51.617782: | crypto helper 2 waiting (nothing to do) Aug 26 13:23:51.617797: started thread for crypto helper 5 Aug 26 13:23:51.617819: | starting up helper thread 5 Aug 26 13:23:51.617797: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:23:51.617824: | starting up helper thread 4 Aug 26 13:23:51.617829: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:23:51.617843: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:23:51.617837: | crypto helper 3 waiting (nothing to do) Aug 26 13:23:51.617849: started thread for crypto helper 6 Aug 26 13:23:51.617854: | checking IKEv1 state table Aug 26 13:23:51.617858: | starting up helper thread 6 Aug 26 13:23:51.617859: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:51.617868: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:23:51.617869: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:23:51.617870: | crypto helper 6 waiting (nothing to do) Aug 26 13:23:51.617886: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:51.617913: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:23:51.617915: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:23:51.617920: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:23:51.617923: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:51.617926: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:51.617914: | crypto helper 5 waiting (nothing to do) Aug 26 13:23:51.617938: | crypto helper 4 waiting (nothing to do) Aug 26 13:23:51.617928: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:23:51.618048: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:23:51.618050: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:51.618052: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:23:51.618054: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:23:51.618055: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:51.618057: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:51.618058: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:51.618060: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:23:51.618061: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:51.618063: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:51.618064: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:23:51.618066: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:23:51.618068: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618069: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:23:51.618071: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618073: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:51.618074: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:23:51.618076: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:51.618077: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:51.618079: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:23:51.618081: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:23:51.618082: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:51.618083: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:23:51.618085: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:23:51.618087: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618088: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:23:51.618090: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618092: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:23:51.618093: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:23:51.618097: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:23:51.618099: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:23:51.618101: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:23:51.618102: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:23:51.618104: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:23:51.618106: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618107: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:23:51.618109: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618111: | INFO: category: informational flags: 0: Aug 26 13:23:51.618112: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618114: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:23:51.618115: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618117: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:23:51.618118: | -> XAUTH_R1 EVENT_NULL Aug 26 13:23:51.618120: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:23:51.618122: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:23:51.618123: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:23:51.618125: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:23:51.618127: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:23:51.618128: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:23:51.618130: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:23:51.618131: | -> UNDEFINED EVENT_NULL Aug 26 13:23:51.618133: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:23:51.618135: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:23:51.618136: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:23:51.618138: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:23:51.618139: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:23:51.618141: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:23:51.618145: | checking IKEv2 state table Aug 26 13:23:51.618150: | PARENT_I0: category: ignore flags: 0: Aug 26 13:23:51.618152: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:23:51.618154: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:23:51.618155: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:23:51.618157: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:23:51.618159: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:23:51.618161: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:23:51.618163: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:23:51.618165: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:23:51.618166: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:23:51.618168: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:23:51.618170: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:23:51.618171: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:23:51.618173: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:23:51.618175: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:23:51.618176: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:23:51.618178: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:23:51.618180: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:23:51.618182: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:23:51.618183: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:23:51.618185: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:23:51.618187: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:23:51.618189: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:23:51.618192: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:23:51.618193: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:23:51.618195: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:23:51.618197: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:23:51.618199: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:23:51.618200: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:23:51.618202: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:23:51.618204: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:23:51.618206: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:51.618208: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:23:51.618209: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:23:51.618211: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:23:51.618213: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:23:51.618215: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:23:51.618217: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:23:51.618218: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:23:51.618220: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:23:51.618222: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:23:51.618224: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:23:51.618226: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:23:51.618227: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:23:51.618229: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:23:51.618231: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:23:51.618233: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:23:51.618241: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:23:51.618744: | Hard-wiring algorithms Aug 26 13:23:51.618750: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:23:51.618753: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:23:51.618755: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:23:51.618757: | adding 3DES_CBC to kernel algorithm db Aug 26 13:23:51.618758: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:23:51.618760: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:23:51.618761: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:23:51.618763: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:23:51.618765: | adding AES_CTR to kernel algorithm db Aug 26 13:23:51.618766: | adding AES_CBC to kernel algorithm db Aug 26 13:23:51.618768: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:23:51.618770: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:23:51.618771: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:23:51.618773: | adding NULL to kernel algorithm db Aug 26 13:23:51.618775: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:23:51.618777: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:23:51.618778: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:23:51.618780: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:23:51.618781: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:23:51.618783: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:23:51.618785: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:23:51.618786: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:23:51.618788: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:23:51.618789: | adding NONE to kernel algorithm db Aug 26 13:23:51.618806: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:23:51.618810: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:23:51.618812: | setup kernel fd callback Aug 26 13:23:51.618814: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x565079a1f508 Aug 26 13:23:51.618817: | libevent_malloc: new ptr-libevent@0x565079a03938 size 128 Aug 26 13:23:51.618820: | libevent_malloc: new ptr-libevent@0x565079a1f618 size 16 Aug 26 13:23:51.618823: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x565079a20048 Aug 26 13:23:51.618825: | libevent_malloc: new ptr-libevent@0x5650799c1748 size 128 Aug 26 13:23:51.618827: | libevent_malloc: new ptr-libevent@0x565079a20008 size 16 Aug 26 13:23:51.618972: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:23:51.619068: selinux support is enabled. Aug 26 13:23:51.619529: | unbound context created - setting debug level to 5 Aug 26 13:23:51.619552: | /etc/hosts lookups activated Aug 26 13:23:51.619564: | /etc/resolv.conf usage activated Aug 26 13:23:51.619600: | outgoing-port-avoid set 0-65535 Aug 26 13:23:51.619617: | outgoing-port-permit set 32768-60999 Aug 26 13:23:51.619619: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:23:51.619621: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:23:51.619623: | Setting up events, loop start Aug 26 13:23:51.619625: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x565079a200b8 Aug 26 13:23:51.619627: | libevent_malloc: new ptr-libevent@0x565079a2c248 size 128 Aug 26 13:23:51.619630: | libevent_malloc: new ptr-libevent@0x565079a37498 size 16 Aug 26 13:23:51.619634: | libevent_realloc: new ptr-libevent@0x565079a374d8 size 256 Aug 26 13:23:51.619636: | libevent_malloc: new ptr-libevent@0x565079a37608 size 8 Aug 26 13:23:51.619638: | libevent_realloc: new ptr-libevent@0x565079991918 size 144 Aug 26 13:23:51.619640: | libevent_malloc: new ptr-libevent@0x5650799c2fb8 size 152 Aug 26 13:23:51.619643: | libevent_malloc: new ptr-libevent@0x565079a37648 size 16 Aug 26 13:23:51.619645: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:23:51.619647: | libevent_malloc: new ptr-libevent@0x565079a37688 size 8 Aug 26 13:23:51.619649: | libevent_malloc: new ptr-libevent@0x565079a376c8 size 152 Aug 26 13:23:51.619651: | signal event handler PLUTO_SIGTERM installed Aug 26 13:23:51.619653: | libevent_malloc: new ptr-libevent@0x565079a37798 size 8 Aug 26 13:23:51.619654: | libevent_malloc: new ptr-libevent@0x565079a377d8 size 152 Aug 26 13:23:51.619656: | signal event handler PLUTO_SIGHUP installed Aug 26 13:23:51.619658: | libevent_malloc: new ptr-libevent@0x565079a378a8 size 8 Aug 26 13:23:51.619660: | libevent_realloc: release ptr-libevent@0x565079991918 Aug 26 13:23:51.619662: | libevent_realloc: new ptr-libevent@0x565079a378e8 size 256 Aug 26 13:23:51.619663: | libevent_malloc: new ptr-libevent@0x565079a37a18 size 152 Aug 26 13:23:51.619665: | signal event handler PLUTO_SIGSYS installed Aug 26 13:23:51.619905: | created addconn helper (pid:23315) using fork+execve Aug 26 13:23:51.619919: | forked child 23315 Aug 26 13:23:51.623246: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.623415: listening for IKE messages Aug 26 13:23:51.623660: | Inspecting interface lo Aug 26 13:23:51.623667: | found lo with address 127.0.0.1 Aug 26 13:23:51.623672: | Inspecting interface eth0 Aug 26 13:23:51.623675: | found eth0 with address 192.0.1.254 Aug 26 13:23:51.623677: | Inspecting interface eth1 Aug 26 13:23:51.623680: | found eth1 with address 192.1.2.45 Aug 26 13:23:51.623741: Kernel supports NIC esp-hw-offload Aug 26 13:23:51.623749: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:23:51.623811: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:51.623815: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:51.623817: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:23:51.623855: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:23:51.623871: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:51.623874: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:51.623890: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:23:51.623919: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:23:51.623933: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:23:51.623949: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:23:51.623951: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:23:51.624019: | no interfaces to sort Aug 26 13:23:51.624023: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:23:51.624028: | add_fd_read_event_handler: new ethX-pe@0x565079a37f78 Aug 26 13:23:51.624031: | libevent_malloc: new ptr-libevent@0x565079a2c198 size 128 Aug 26 13:23:51.624034: | libevent_malloc: new ptr-libevent@0x565079a37fe8 size 16 Aug 26 13:23:51.624039: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:51.624041: | add_fd_read_event_handler: new ethX-pe@0x565079a38028 Aug 26 13:23:51.624043: | libevent_malloc: new ptr-libevent@0x5650799be9e8 size 128 Aug 26 13:23:51.624045: | libevent_malloc: new ptr-libevent@0x565079a38098 size 16 Aug 26 13:23:51.624048: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:51.624049: | add_fd_read_event_handler: new ethX-pe@0x565079a380d8 Aug 26 13:23:51.624051: | libevent_malloc: new ptr-libevent@0x5650799c1e78 size 128 Aug 26 13:23:51.624053: | libevent_malloc: new ptr-libevent@0x565079a38148 size 16 Aug 26 13:23:51.624056: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:51.624058: | add_fd_read_event_handler: new ethX-pe@0x565079a38188 Aug 26 13:23:51.624060: | libevent_malloc: new ptr-libevent@0x5650799c2b28 size 128 Aug 26 13:23:51.624062: | libevent_malloc: new ptr-libevent@0x565079a381f8 size 16 Aug 26 13:23:51.624065: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:51.624067: | add_fd_read_event_handler: new ethX-pe@0x565079a38238 Aug 26 13:23:51.624070: | libevent_malloc: new ptr-libevent@0x56507999bba8 size 128 Aug 26 13:23:51.624071: | libevent_malloc: new ptr-libevent@0x565079a382a8 size 16 Aug 26 13:23:51.624074: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:51.624076: | add_fd_read_event_handler: new ethX-pe@0x565079a382e8 Aug 26 13:23:51.624079: | libevent_malloc: new ptr-libevent@0x5650799961d8 size 128 Aug 26 13:23:51.624080: | libevent_malloc: new ptr-libevent@0x565079a38358 size 16 Aug 26 13:23:51.624083: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:51.624086: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:51.624088: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:51.624102: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:51.624110: | id type added to secret(0x565079991b58) PKK_PSK: @west Aug 26 13:23:51.624113: | id type added to secret(0x565079991b58) PKK_PSK: @east Aug 26 13:23:51.624116: | Processing PSK at line 1: passed Aug 26 13:23:51.624118: | certs and keys locked by 'process_secret' Aug 26 13:23:51.624120: | certs and keys unlocked by 'process_secret' Aug 26 13:23:51.624128: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.624133: | spent 0.889 milliseconds in whack Aug 26 13:23:51.638323: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.638364: listening for IKE messages Aug 26 13:23:51.638402: | Inspecting interface lo Aug 26 13:23:51.638407: | found lo with address 127.0.0.1 Aug 26 13:23:51.638409: | Inspecting interface eth0 Aug 26 13:23:51.638413: | found eth0 with address 192.0.1.254 Aug 26 13:23:51.638414: | Inspecting interface eth1 Aug 26 13:23:51.638417: | found eth1 with address 192.1.2.45 Aug 26 13:23:51.638458: | no interfaces to sort Aug 26 13:23:51.638469: | libevent_free: release ptr-libevent@0x565079a2c198 Aug 26 13:23:51.638471: | free_event_entry: release EVENT_NULL-pe@0x565079a37f78 Aug 26 13:23:51.638474: | add_fd_read_event_handler: new ethX-pe@0x565079a37f78 Aug 26 13:23:51.638476: | libevent_malloc: new ptr-libevent@0x565079a2c198 size 128 Aug 26 13:23:51.638480: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:23:51.638483: | libevent_free: release ptr-libevent@0x5650799be9e8 Aug 26 13:23:51.638485: | free_event_entry: release EVENT_NULL-pe@0x565079a38028 Aug 26 13:23:51.638486: | add_fd_read_event_handler: new ethX-pe@0x565079a38028 Aug 26 13:23:51.638488: | libevent_malloc: new ptr-libevent@0x5650799be9e8 size 128 Aug 26 13:23:51.638491: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:23:51.638494: | libevent_free: release ptr-libevent@0x5650799c1e78 Aug 26 13:23:51.638495: | free_event_entry: release EVENT_NULL-pe@0x565079a380d8 Aug 26 13:23:51.638497: | add_fd_read_event_handler: new ethX-pe@0x565079a380d8 Aug 26 13:23:51.638499: | libevent_malloc: new ptr-libevent@0x5650799c1e78 size 128 Aug 26 13:23:51.638502: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:23:51.638504: | libevent_free: release ptr-libevent@0x5650799c2b28 Aug 26 13:23:51.638506: | free_event_entry: release EVENT_NULL-pe@0x565079a38188 Aug 26 13:23:51.638508: | add_fd_read_event_handler: new ethX-pe@0x565079a38188 Aug 26 13:23:51.638509: | libevent_malloc: new ptr-libevent@0x5650799c2b28 size 128 Aug 26 13:23:51.638512: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:23:51.638514: | libevent_free: release ptr-libevent@0x56507999bba8 Aug 26 13:23:51.638516: | free_event_entry: release EVENT_NULL-pe@0x565079a38238 Aug 26 13:23:51.638518: | add_fd_read_event_handler: new ethX-pe@0x565079a38238 Aug 26 13:23:51.638519: | libevent_malloc: new ptr-libevent@0x56507999bba8 size 128 Aug 26 13:23:51.638522: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:23:51.638525: | libevent_free: release ptr-libevent@0x5650799961d8 Aug 26 13:23:51.638527: | free_event_entry: release EVENT_NULL-pe@0x565079a382e8 Aug 26 13:23:51.638528: | add_fd_read_event_handler: new ethX-pe@0x565079a382e8 Aug 26 13:23:51.638530: | libevent_malloc: new ptr-libevent@0x5650799961d8 size 128 Aug 26 13:23:51.638533: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:23:51.638535: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:23:51.638537: forgetting secrets Aug 26 13:23:51.638542: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:23:51.638551: loading secrets from "/etc/ipsec.secrets" Aug 26 13:23:51.638557: | id type added to secret(0x565079991b58) PKK_PSK: @west Aug 26 13:23:51.638559: | id type added to secret(0x565079991b58) PKK_PSK: @east Aug 26 13:23:51.638562: | Processing PSK at line 1: passed Aug 26 13:23:51.638564: | certs and keys locked by 'process_secret' Aug 26 13:23:51.638565: | certs and keys unlocked by 'process_secret' Aug 26 13:23:51.638572: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.638577: | spent 0.26 milliseconds in whack Aug 26 13:23:51.638963: | processing signal PLUTO_SIGCHLD Aug 26 13:23:51.638975: | waitpid returned pid 23315 (exited with status 0) Aug 26 13:23:51.638978: | reaped addconn helper child (status 0) Aug 26 13:23:51.638982: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:51.638985: | spent 0.0137 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:51.713899: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.713924: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:51.713928: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:51.713930: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:51.713932: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:23:51.713936: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:51.713943: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:51.713997: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:23:51.714001: | from whack: got --esp= Aug 26 13:23:51.714031: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:23:51.714035: | counting wild cards for @west is 0 Aug 26 13:23:51.714038: | counting wild cards for @east is 0 Aug 26 13:23:51.714048: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:23:51.714050: | new hp@0x565079a3a658 Aug 26 13:23:51.714055: added connection description "west" Aug 26 13:23:51.714065: | ike_life: 70s; ipsec_life: 50s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:23:51.714074: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:23:51.714081: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.714087: | spent 0.197 milliseconds in whack Aug 26 13:23:51.714174: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.714185: add keyid @west Aug 26 13:23:51.714188: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:23:51.714190: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:23:51.714193: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:23:51.714195: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:23:51.714197: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:23:51.714199: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:23:51.714201: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:23:51.714203: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:23:51.714205: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:23:51.714207: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:23:51.714209: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:23:51.714211: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:23:51.714213: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:23:51.714215: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:23:51.714217: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:23:51.714219: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:23:51.714221: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:23:51.714223: | add pubkey 15 04 37 f9 Aug 26 13:23:51.714260: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:23:51.714263: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:23:51.714274: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.714278: | spent 0.11 milliseconds in whack Aug 26 13:23:51.714361: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.714379: add keyid @east Aug 26 13:23:51.714384: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:23:51.714386: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:23:51.714388: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:23:51.714390: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:23:51.714396: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:23:51.714398: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:23:51.714400: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:23:51.714402: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:23:51.714404: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:23:51.714406: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:23:51.714408: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:23:51.714410: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:23:51.714412: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:23:51.714414: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:23:51.714417: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:23:51.714419: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:23:51.714421: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:23:51.714423: | add pubkey 51 51 48 ef Aug 26 13:23:51.714434: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:23:51.714437: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:23:51.714447: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.714453: | spent 0.0983 milliseconds in whack Aug 26 13:23:51.826474: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:51.826493: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:23:51.826496: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:23:51.826500: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Aug 26 13:23:51.826503: | connection 'west' +POLICY_UP Aug 26 13:23:51.826505: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:23:51.826507: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:23:51.826529: | creating state object #1 at 0x565079a3ade8 Aug 26 13:23:51.826531: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:23:51.826538: | pstats #1 ikev2.ike started Aug 26 13:23:51.826541: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:23:51.826543: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:23:51.826547: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:51.826552: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:51.826556: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:23:51.826558: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:23:51.826561: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Aug 26 13:23:51.826564: "west" #1: initiating v2 parent SA Aug 26 13:23:51.826572: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Aug 26 13:23:51.826579: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:51.826585: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.826587: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:51.826591: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.826594: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:51.826600: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.826603: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:23:51.826606: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.826612: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.826619: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:23:51.826622: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x565079a3a738 Aug 26 13:23:51.826624: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:51.826627: | libevent_malloc: new ptr-libevent@0x565079a3ac38 size 128 Aug 26 13:23:51.826636: | #1 spent 0.135 milliseconds in ikev2_parent_outI1() Aug 26 13:23:51.826639: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:51.826642: | RESET processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:51.826644: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:23:51.826646: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:23:51.826648: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:23:51.826651: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:51.826653: | spent 0.189 milliseconds in whack Aug 26 13:23:51.826680: | crypto helper 1 resuming Aug 26 13:23:51.826690: | crypto helper 1 starting work-order 1 for state #1 Aug 26 13:23:51.826694: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:23:51.827260: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000566 seconds Aug 26 13:23:51.827266: | (#1) spent 0.572 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:23:51.827268: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 13:23:51.827270: | scheduling resume sending helper answer for #1 Aug 26 13:23:51.827272: | libevent_malloc: new ptr-libevent@0x7f8ed0002888 size 128 Aug 26 13:23:51.827278: | crypto helper 1 waiting (nothing to do) Aug 26 13:23:51.827335: | processing resume sending helper answer for #1 Aug 26 13:23:51.827347: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:51.827363: | crypto helper 1 replies to request ID 1 Aug 26 13:23:51.827365: | calling continuation function 0x565078c77b50 Aug 26 13:23:51.827367: | ikev2_parent_outI1_continue for #1 Aug 26 13:23:51.827391: | **emit ISAKMP Message: Aug 26 13:23:51.827394: | initiator cookie: Aug 26 13:23:51.827395: | e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.827397: | responder cookie: Aug 26 13:23:51.827399: | 00 00 00 00 00 00 00 00 Aug 26 13:23:51.827401: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:51.827403: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:51.827407: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:51.827409: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:51.827411: | Message ID: 0 (0x0) Aug 26 13:23:51.827413: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:51.827422: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.827424: | Emitting ikev2_proposals ... Aug 26 13:23:51.827426: | ***emit IKEv2 Security Association Payload: Aug 26 13:23:51.827428: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.827430: | flags: none (0x0) Aug 26 13:23:51.827432: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:51.827434: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.827436: | discarding INTEG=NONE Aug 26 13:23:51.827438: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.827440: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827441: | prop #: 1 (0x1) Aug 26 13:23:51.827443: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:51.827445: | spi size: 0 (0x0) Aug 26 13:23:51.827446: | # transforms: 11 (0xb) Aug 26 13:23:51.827448: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.827450: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827453: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.827455: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.827457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827459: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.827461: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.827462: | length/value: 256 (0x100) Aug 26 13:23:51.827464: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.827466: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827469: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827471: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:51.827473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827475: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827477: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827478: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827482: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827483: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:51.827485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827488: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827490: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827491: | discarding INTEG=NONE Aug 26 13:23:51.827493: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827498: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.827500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827503: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827505: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827510: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:51.827512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827515: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827521: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:51.827523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827527: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827528: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827530: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827532: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827533: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:51.827535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827539: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827540: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827543: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827545: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:51.827547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827550: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827552: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827553: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827555: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827557: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:51.827559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827563: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827568: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827569: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:51.827571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827575: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827576: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827578: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.827579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827581: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:51.827583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827586: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827588: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:51.827590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.827592: | discarding INTEG=NONE Aug 26 13:23:51.827593: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.827595: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827596: | prop #: 2 (0x2) Aug 26 13:23:51.827598: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:51.827600: | spi size: 0 (0x0) Aug 26 13:23:51.827601: | # transforms: 11 (0xb) Aug 26 13:23:51.827603: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827605: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.827607: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827610: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.827611: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.827613: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827615: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.827617: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.827618: | length/value: 128 (0x80) Aug 26 13:23:51.827620: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.827621: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827625: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827626: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:51.827628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827632: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827634: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827637: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827639: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:51.827641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827646: | discarding INTEG=NONE Aug 26 13:23:51.827647: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827650: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827652: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.827654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827657: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827664: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:51.827666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827667: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827671: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827674: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827675: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:51.827677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827681: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827682: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827687: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:51.827689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827693: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827694: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827696: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827699: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:51.827703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827707: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827708: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827710: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827711: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827713: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:51.827715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827718: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827720: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827723: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827725: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:51.827727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827728: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827730: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827732: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827733: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.827735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827736: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:51.827738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827742: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827743: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:23:51.827745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.827747: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.827749: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827750: | prop #: 3 (0x3) Aug 26 13:23:51.827752: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:51.827753: | spi size: 0 (0x0) Aug 26 13:23:51.827755: | # transforms: 13 (0xd) Aug 26 13:23:51.827757: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827759: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.827760: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827763: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.827765: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:51.827767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827769: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.827770: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.827772: | length/value: 256 (0x100) Aug 26 13:23:51.827774: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.827776: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827779: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827780: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:51.827782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827786: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827787: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827789: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827791: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827792: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:51.827794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827798: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827799: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827802: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.827804: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:51.827806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827814: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.827816: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:51.827818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827819: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827821: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827823: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827824: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827826: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827827: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.827829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827831: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827833: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827834: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827839: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:51.827841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827845: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827847: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827851: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:51.827853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827857: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827858: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827861: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827863: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:51.827865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827870: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827875: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:51.827877: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827878: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827880: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827882: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827885: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827886: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:51.827888: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827892: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827893: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827898: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:51.827900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827903: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827905: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827907: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.827908: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.827910: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:51.827912: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827916: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827918: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:51.827919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.827921: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.827923: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:51.827924: | prop #: 4 (0x4) Aug 26 13:23:51.827926: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:51.827927: | spi size: 0 (0x0) Aug 26 13:23:51.827929: | # transforms: 13 (0xd) Aug 26 13:23:51.827931: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.827933: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.827934: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827937: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.827939: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:51.827941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827942: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.827944: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.827946: | length/value: 128 (0x80) Aug 26 13:23:51.827947: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.827949: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827952: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827954: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:51.827955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827959: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827961: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827964: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.827965: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:23:51.827967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827971: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827972: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827975: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.827977: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:51.827979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827981: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827983: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827985: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827988: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.827990: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:51.827991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.827993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.827995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.827997: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.827998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828001: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.828003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828008: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828011: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828013: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:23:51.828015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828017: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828018: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828020: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828022: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828025: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:23:51.828027: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828030: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828032: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828035: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828037: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:23:51.828038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828040: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828047: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828048: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:23:51.828050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828054: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828056: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828059: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828061: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:23:51.828063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828064: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828066: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828068: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828072: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:23:51.828074: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828078: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828079: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.828081: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.828082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.828084: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:23:51.828086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.828088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.828089: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.828091: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:23:51.828093: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.828094: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:23:51.828096: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:51.828098: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:23:51.828100: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.828101: | flags: none (0x0) Aug 26 13:23:51.828103: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.828105: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:23:51.828107: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.828109: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:23:51.828111: | ikev2 g^x a3 47 68 5e 63 86 3a 85 01 cb 1e 33 33 1b 0b 23 Aug 26 13:23:51.828113: | ikev2 g^x 02 63 e4 21 0c b8 3f ac 21 d3 74 fc 02 3b c4 41 Aug 26 13:23:51.828114: | ikev2 g^x 8b 73 62 88 65 a6 29 4f ec bc 10 da 44 f4 fe fb Aug 26 13:23:51.828116: | ikev2 g^x 84 c0 66 80 e9 05 1c 75 a9 ec 3e af d8 ad 24 3c Aug 26 13:23:51.828117: | ikev2 g^x 05 f2 1d 5e 45 5d 9d 04 f5 3c 27 fd 32 99 36 d8 Aug 26 13:23:51.828120: | ikev2 g^x 0a 32 53 ee f9 d9 a2 3f 9c cc 55 c2 35 22 7d 0d Aug 26 13:23:51.828122: | ikev2 g^x fb 06 98 10 10 01 3c 0a 03 24 a9 41 4e 55 e8 2d Aug 26 13:23:51.828123: | ikev2 g^x 98 68 de 6e d6 bd 5a 78 c5 ea 0c 4e 7d 06 94 91 Aug 26 13:23:51.828125: | ikev2 g^x 4b 02 ac b8 77 d2 9a c2 dc 66 f7 d3 74 65 d5 dd Aug 26 13:23:51.828126: | ikev2 g^x 58 f1 97 60 ca 64 21 01 86 32 2f 23 2c 55 eb d5 Aug 26 13:23:51.828128: | ikev2 g^x 31 a7 2b f9 e3 c3 fe 3f 97 fb b5 fd 81 9f 01 ff Aug 26 13:23:51.828129: | ikev2 g^x d6 1e 13 69 b9 22 37 cc 89 22 d2 be 89 ad c1 43 Aug 26 13:23:51.828131: | ikev2 g^x 6f a8 bc 24 c1 38 94 2c 18 3b b3 6e db 1d 88 dd Aug 26 13:23:51.828132: | ikev2 g^x d6 8e f2 65 06 6d e0 a1 6f 59 7a a8 b7 0c 57 e4 Aug 26 13:23:51.828134: | ikev2 g^x 3f aa 55 40 5f 21 35 8d e9 97 c8 66 9b c1 b0 8b Aug 26 13:23:51.828135: | ikev2 g^x 6c e9 5d 48 58 b8 63 3a c2 91 56 a1 6b ff c0 80 Aug 26 13:23:51.828137: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:23:51.828139: | ***emit IKEv2 Nonce Payload: Aug 26 13:23:51.828140: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:51.828142: | flags: none (0x0) Aug 26 13:23:51.828144: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:23:51.828146: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:23:51.828148: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.828150: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:23:51.828151: | IKEv2 nonce ba 75 b8 1a 60 8b 0a 1a 2e a0 a0 ab 4f f2 e9 c5 Aug 26 13:23:51.828153: | IKEv2 nonce d9 73 66 fd 4b 79 1c 35 74 b7 98 68 fd 31 27 db Aug 26 13:23:51.828154: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:23:51.828156: | Adding a v2N Payload Aug 26 13:23:51.828158: | ***emit IKEv2 Notify Payload: Aug 26 13:23:51.828160: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.828161: | flags: none (0x0) Aug 26 13:23:51.828163: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.828164: | SPI size: 0 (0x0) Aug 26 13:23:51.828166: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:51.828168: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:51.828170: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.828172: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:23:51.828174: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:23:51.828176: | natd_hash: rcookie is zero Aug 26 13:23:51.828184: | natd_hash: hasher=0x565078d4c800(20) Aug 26 13:23:51.828186: | natd_hash: icookie= e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.828188: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:51.828189: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:51.828191: | natd_hash: port=500 Aug 26 13:23:51.828192: | natd_hash: hash= 43 4f 34 1e eb a7 9a 73 b9 c9 d1 ae 3f 19 d0 bd Aug 26 13:23:51.828194: | natd_hash: hash= 29 c2 25 cc Aug 26 13:23:51.828195: | Adding a v2N Payload Aug 26 13:23:51.828197: | ***emit IKEv2 Notify Payload: Aug 26 13:23:51.828199: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.828200: | flags: none (0x0) Aug 26 13:23:51.828202: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.828203: | SPI size: 0 (0x0) Aug 26 13:23:51.828205: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:51.828207: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:51.828209: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.828211: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:51.828213: | Notify data 43 4f 34 1e eb a7 9a 73 b9 c9 d1 ae 3f 19 d0 bd Aug 26 13:23:51.828215: | Notify data 29 c2 25 cc Aug 26 13:23:51.828217: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:51.828218: | natd_hash: rcookie is zero Aug 26 13:23:51.828222: | natd_hash: hasher=0x565078d4c800(20) Aug 26 13:23:51.828224: | natd_hash: icookie= e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.828225: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:23:51.828227: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:51.828228: | natd_hash: port=500 Aug 26 13:23:51.828230: | natd_hash: hash= 5a be 0e 8a 88 4e bb 18 1a 57 39 a5 1a f2 53 aa Aug 26 13:23:51.828231: | natd_hash: hash= 88 ee bd 80 Aug 26 13:23:51.828233: | Adding a v2N Payload Aug 26 13:23:51.828234: | ***emit IKEv2 Notify Payload: Aug 26 13:23:51.828236: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.828237: | flags: none (0x0) Aug 26 13:23:51.828239: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.828240: | SPI size: 0 (0x0) Aug 26 13:23:51.828242: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:51.828244: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:23:51.828246: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.828248: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:23:51.828249: | Notify data 5a be 0e 8a 88 4e bb 18 1a 57 39 a5 1a f2 53 aa Aug 26 13:23:51.828251: | Notify data 88 ee bd 80 Aug 26 13:23:51.828252: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:23:51.828254: | emitting length of ISAKMP Message: 828 Aug 26 13:23:51.828258: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:23:51.828265: | start processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:51.828268: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:23:51.828270: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:23:51.828272: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:23:51.828274: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:23:51.828276: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:23:51.828279: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:51.828282: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:51.828293: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:51.828302: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:51.828305: | e5 90 57 9b 11 72 98 0f 00 00 00 00 00 00 00 00 Aug 26 13:23:51.828307: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:23:51.828326: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:23:51.828327: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:23:51.828329: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:23:51.828331: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:23:51.828332: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:23:51.828334: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:23:51.828349: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:23:51.828351: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:23:51.828352: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:23:51.828354: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:23:51.828355: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:23:51.828357: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:23:51.828359: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:23:51.828361: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:23:51.828362: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:23:51.828364: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:23:51.828365: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:23:51.828367: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:23:51.828368: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:23:51.828370: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:23:51.828371: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:23:51.828373: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:23:51.828374: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:23:51.828376: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:23:51.828377: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:23:51.828379: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:23:51.828380: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:23:51.828382: | 28 00 01 08 00 0e 00 00 a3 47 68 5e 63 86 3a 85 Aug 26 13:23:51.828383: | 01 cb 1e 33 33 1b 0b 23 02 63 e4 21 0c b8 3f ac Aug 26 13:23:51.828385: | 21 d3 74 fc 02 3b c4 41 8b 73 62 88 65 a6 29 4f Aug 26 13:23:51.828386: | ec bc 10 da 44 f4 fe fb 84 c0 66 80 e9 05 1c 75 Aug 26 13:23:51.828388: | a9 ec 3e af d8 ad 24 3c 05 f2 1d 5e 45 5d 9d 04 Aug 26 13:23:51.828389: | f5 3c 27 fd 32 99 36 d8 0a 32 53 ee f9 d9 a2 3f Aug 26 13:23:51.828391: | 9c cc 55 c2 35 22 7d 0d fb 06 98 10 10 01 3c 0a Aug 26 13:23:51.828392: | 03 24 a9 41 4e 55 e8 2d 98 68 de 6e d6 bd 5a 78 Aug 26 13:23:51.828394: | c5 ea 0c 4e 7d 06 94 91 4b 02 ac b8 77 d2 9a c2 Aug 26 13:23:51.828395: | dc 66 f7 d3 74 65 d5 dd 58 f1 97 60 ca 64 21 01 Aug 26 13:23:51.828397: | 86 32 2f 23 2c 55 eb d5 31 a7 2b f9 e3 c3 fe 3f Aug 26 13:23:51.828398: | 97 fb b5 fd 81 9f 01 ff d6 1e 13 69 b9 22 37 cc Aug 26 13:23:51.828400: | 89 22 d2 be 89 ad c1 43 6f a8 bc 24 c1 38 94 2c Aug 26 13:23:51.828401: | 18 3b b3 6e db 1d 88 dd d6 8e f2 65 06 6d e0 a1 Aug 26 13:23:51.828403: | 6f 59 7a a8 b7 0c 57 e4 3f aa 55 40 5f 21 35 8d Aug 26 13:23:51.828404: | e9 97 c8 66 9b c1 b0 8b 6c e9 5d 48 58 b8 63 3a Aug 26 13:23:51.828406: | c2 91 56 a1 6b ff c0 80 29 00 00 24 ba 75 b8 1a Aug 26 13:23:51.828407: | 60 8b 0a 1a 2e a0 a0 ab 4f f2 e9 c5 d9 73 66 fd Aug 26 13:23:51.828409: | 4b 79 1c 35 74 b7 98 68 fd 31 27 db 29 00 00 08 Aug 26 13:23:51.828410: | 00 00 40 2e 29 00 00 1c 00 00 40 04 43 4f 34 1e Aug 26 13:23:51.828412: | eb a7 9a 73 b9 c9 d1 ae 3f 19 d0 bd 29 c2 25 cc Aug 26 13:23:51.828413: | 00 00 00 1c 00 00 40 05 5a be 0e 8a 88 4e bb 18 Aug 26 13:23:51.828415: | 1a 57 39 a5 1a f2 53 aa 88 ee bd 80 Aug 26 13:23:51.828465: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:51.828469: | libevent_free: release ptr-libevent@0x565079a3ac38 Aug 26 13:23:51.828472: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x565079a3a738 Aug 26 13:23:51.828474: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:23:51.828477: | event_schedule: new EVENT_RETRANSMIT-pe@0x565079a3a738 Aug 26 13:23:51.828479: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 Aug 26 13:23:51.828481: | libevent_malloc: new ptr-libevent@0x565079a3d878 size 128 Aug 26 13:23:51.828484: | #1 STATE_PARENT_I1: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11117.570943 Aug 26 13:23:51.828487: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:23:51.828491: | #1 spent 1.11 milliseconds in resume sending helper answer Aug 26 13:23:51.828494: | stop processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:51.828497: | libevent_free: release ptr-libevent@0x7f8ed0002888 Aug 26 13:23:51.830642: | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:51.830657: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:51.830660: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:23:51.830661: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:23:51.830663: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:23:51.830664: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:23:51.830666: | 04 00 00 0e 28 00 01 08 00 0e 00 00 d5 55 16 8b Aug 26 13:23:51.830667: | e5 55 7f 9e 17 83 49 77 a4 12 74 bd dc a0 62 4b Aug 26 13:23:51.830669: | 41 92 85 92 17 b4 ce ab 25 2f 17 d1 bb dd b9 02 Aug 26 13:23:51.830670: | 34 5d 64 d3 f3 31 90 35 94 1c f3 85 74 96 11 75 Aug 26 13:23:51.830672: | fb 50 bc 11 22 94 5d 2f 69 d2 73 5e 96 ea bf 2e Aug 26 13:23:51.830673: | 2e fc 2f ca c8 39 9f 82 47 a7 28 6d b7 d8 22 53 Aug 26 13:23:51.830675: | b4 4a 3e 94 87 01 84 55 6f 3e 0c c9 bc e9 90 ff Aug 26 13:23:51.830676: | 54 39 d9 84 69 1d 62 97 da 9f 39 4f 4f 8a 4f b8 Aug 26 13:23:51.830678: | 95 0c 2e 39 4d fa b5 ed a8 88 80 eb a8 94 77 79 Aug 26 13:23:51.830679: | cf 04 ad d2 e9 d8 ca 01 b2 65 79 d1 74 26 b2 7c Aug 26 13:23:51.830681: | 17 0d c3 61 a9 23 0d c4 a5 37 65 cd ba 9c 25 32 Aug 26 13:23:51.830682: | 41 88 e9 35 1d 18 1c a0 60 17 0c d8 a0 ee 56 55 Aug 26 13:23:51.830684: | 24 42 6f 40 8b 09 21 23 f0 d8 f6 bd 00 5d 74 59 Aug 26 13:23:51.830685: | 83 0a fb aa 8e b7 01 5f 0e a4 89 4b be 7b a0 c9 Aug 26 13:23:51.830687: | bd da 4a b3 1e db a6 0f 37 67 bd 01 00 38 82 a4 Aug 26 13:23:51.830688: | 57 3a 70 36 54 95 fe 6e d6 b2 ec bf 2d f3 5e c9 Aug 26 13:23:51.830690: | 72 8f 46 04 71 60 f9 cf f4 57 fc 5f 29 00 00 24 Aug 26 13:23:51.830691: | 91 53 0e ea 74 33 89 c8 20 e6 0b 45 b5 48 68 8b Aug 26 13:23:51.830693: | 25 17 2e 48 fd 4e d3 bf 31 ca fb b3 dc ee 73 c4 Aug 26 13:23:51.830694: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:23:51.830696: | ff b9 2e a7 4d 81 14 a7 d2 53 8e 4e 8a 70 15 c4 Aug 26 13:23:51.830697: | e4 de 00 51 00 00 00 1c 00 00 40 05 3e e7 41 4c Aug 26 13:23:51.830699: | 99 91 04 18 8b 21 38 1f 35 38 dd 4b 1e 2c bd 19 Aug 26 13:23:51.830702: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:51.830704: | **parse ISAKMP Message: Aug 26 13:23:51.830706: | initiator cookie: Aug 26 13:23:51.830707: | e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.830709: | responder cookie: Aug 26 13:23:51.830710: | dd 36 51 29 02 6c db 8e Aug 26 13:23:51.830712: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:51.830714: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:51.830716: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:23:51.830718: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:51.830719: | Message ID: 0 (0x0) Aug 26 13:23:51.830721: | length: 432 (0x1b0) Aug 26 13:23:51.830723: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:23:51.830725: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:23:51.830727: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:23:51.830731: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:51.830734: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:51.830736: | #1 is idle Aug 26 13:23:51.830737: | #1 idle Aug 26 13:23:51.830739: | unpacking clear payload Aug 26 13:23:51.830741: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:51.830743: | ***parse IKEv2 Security Association Payload: Aug 26 13:23:51.830744: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:23:51.830748: | flags: none (0x0) Aug 26 13:23:51.830750: | length: 40 (0x28) Aug 26 13:23:51.830751: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:23:51.830753: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:23:51.830755: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:23:51.830756: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:23:51.830758: | flags: none (0x0) Aug 26 13:23:51.830759: | length: 264 (0x108) Aug 26 13:23:51.830761: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.830763: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:23:51.830764: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:23:51.830766: | ***parse IKEv2 Nonce Payload: Aug 26 13:23:51.830767: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:51.830769: | flags: none (0x0) Aug 26 13:23:51.830770: | length: 36 (0x24) Aug 26 13:23:51.830772: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:23:51.830774: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:51.830775: | ***parse IKEv2 Notify Payload: Aug 26 13:23:51.830777: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:51.830778: | flags: none (0x0) Aug 26 13:23:51.830780: | length: 8 (0x8) Aug 26 13:23:51.830782: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.830783: | SPI size: 0 (0x0) Aug 26 13:23:51.830785: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:23:51.830787: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:23:51.830788: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:51.830790: | ***parse IKEv2 Notify Payload: Aug 26 13:23:51.830791: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:23:51.830793: | flags: none (0x0) Aug 26 13:23:51.830794: | length: 28 (0x1c) Aug 26 13:23:51.830796: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.830797: | SPI size: 0 (0x0) Aug 26 13:23:51.830799: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:23:51.830801: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:51.830802: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:23:51.830804: | ***parse IKEv2 Notify Payload: Aug 26 13:23:51.830805: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.830807: | flags: none (0x0) Aug 26 13:23:51.830808: | length: 28 (0x1c) Aug 26 13:23:51.830810: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:23:51.830812: | SPI size: 0 (0x0) Aug 26 13:23:51.830813: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:23:51.830815: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:23:51.830817: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:23:51.830821: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:23:51.830823: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:51.830825: | Now let's proceed with state specific processing Aug 26 13:23:51.830826: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:23:51.830829: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:23:51.830838: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:23:51.830841: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:23:51.830844: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:51.830846: | local proposal 1 type PRF has 2 transforms Aug 26 13:23:51.830848: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:51.830849: | local proposal 1 type DH has 8 transforms Aug 26 13:23:51.830851: | local proposal 1 type ESN has 0 transforms Aug 26 13:23:51.830853: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:51.830855: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:51.830856: | local proposal 2 type PRF has 2 transforms Aug 26 13:23:51.830858: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:51.830860: | local proposal 2 type DH has 8 transforms Aug 26 13:23:51.830861: | local proposal 2 type ESN has 0 transforms Aug 26 13:23:51.830863: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:23:51.830865: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:51.830866: | local proposal 3 type PRF has 2 transforms Aug 26 13:23:51.830868: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:51.830869: | local proposal 3 type DH has 8 transforms Aug 26 13:23:51.830871: | local proposal 3 type ESN has 0 transforms Aug 26 13:23:51.830873: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:51.830875: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:51.830876: | local proposal 4 type PRF has 2 transforms Aug 26 13:23:51.830878: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:51.830879: | local proposal 4 type DH has 8 transforms Aug 26 13:23:51.830881: | local proposal 4 type ESN has 0 transforms Aug 26 13:23:51.830883: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:23:51.830885: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.830886: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:51.830888: | length: 36 (0x24) Aug 26 13:23:51.830890: | prop #: 1 (0x1) Aug 26 13:23:51.830891: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:23:51.830893: | spi size: 0 (0x0) Aug 26 13:23:51.830894: | # transforms: 3 (0x3) Aug 26 13:23:51.830897: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:51.830898: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:51.830900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.830902: | length: 12 (0xc) Aug 26 13:23:51.830903: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.830905: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.830907: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.830909: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.830910: | length/value: 256 (0x100) Aug 26 13:23:51.830913: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:51.830915: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:51.830916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.830918: | length: 8 (0x8) Aug 26 13:23:51.830919: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:23:51.830921: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:23:51.830923: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:23:51.830925: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:51.830927: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.830928: | length: 8 (0x8) Aug 26 13:23:51.830930: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:23:51.830931: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:23:51.830934: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:23:51.830936: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:23:51.830939: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:23:51.830941: | remote proposal 1 matches local proposal 1 Aug 26 13:23:51.830943: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:23:51.830945: | converting proposal to internal trans attrs Aug 26 13:23:51.830953: | natd_hash: hasher=0x565078d4c800(20) Aug 26 13:23:51.830955: | natd_hash: icookie= e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.830957: | natd_hash: rcookie= dd 36 51 29 02 6c db 8e Aug 26 13:23:51.830958: | natd_hash: ip= c0 01 02 2d Aug 26 13:23:51.830960: | natd_hash: port=500 Aug 26 13:23:51.830962: | natd_hash: hash= 3e e7 41 4c 99 91 04 18 8b 21 38 1f 35 38 dd 4b Aug 26 13:23:51.830963: | natd_hash: hash= 1e 2c bd 19 Aug 26 13:23:51.830967: | natd_hash: hasher=0x565078d4c800(20) Aug 26 13:23:51.830969: | natd_hash: icookie= e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.830970: | natd_hash: rcookie= dd 36 51 29 02 6c db 8e Aug 26 13:23:51.830972: | natd_hash: ip= c0 01 02 17 Aug 26 13:23:51.830973: | natd_hash: port=500 Aug 26 13:23:51.830975: | natd_hash: hash= ff b9 2e a7 4d 81 14 a7 d2 53 8e 4e 8a 70 15 c4 Aug 26 13:23:51.830976: | natd_hash: hash= e4 de 00 51 Aug 26 13:23:51.830978: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:23:51.830979: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:23:51.830981: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:23:51.830983: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:23:51.830986: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:23:51.830988: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:23:51.830990: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:51.830992: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:23:51.830994: | libevent_free: release ptr-libevent@0x565079a3d878 Aug 26 13:23:51.830996: | free_event_entry: release EVENT_RETRANSMIT-pe@0x565079a3a738 Aug 26 13:23:51.830998: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x565079a3a738 Aug 26 13:23:51.831000: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:23:51.831002: | libevent_malloc: new ptr-libevent@0x7f8ed0002888 size 128 Aug 26 13:23:51.831009: | #1 spent 0.18 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:23:51.831013: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:51.831015: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:23:51.831017: | suspending state #1 and saving MD Aug 26 13:23:51.831019: | #1 is busy; has a suspended MD Aug 26 13:23:51.831021: | [RE]START processing: state #1 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:23:51.831023: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:23:51.831026: | stop processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:51.831029: | #1 spent 0.378 milliseconds in ikev2_process_packet() Aug 26 13:23:51.831032: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:51.831033: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:51.831035: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:51.831038: | spent 0.387 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:51.831043: | crypto helper 0 resuming Aug 26 13:23:51.831052: | crypto helper 0 starting work-order 2 for state #1 Aug 26 13:23:51.831056: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:23:51.831608: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:23:51.831873: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000817 seconds Aug 26 13:23:51.831881: | (#1) spent 0.822 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:23:51.831883: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Aug 26 13:23:51.831885: | scheduling resume sending helper answer for #1 Aug 26 13:23:51.831887: | libevent_malloc: new ptr-libevent@0x7f8ec8000f48 size 128 Aug 26 13:23:51.831893: | crypto helper 0 waiting (nothing to do) Aug 26 13:23:51.831929: | processing resume sending helper answer for #1 Aug 26 13:23:51.831938: | start processing: state #1 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:23:51.831942: | crypto helper 0 replies to request ID 2 Aug 26 13:23:51.831943: | calling continuation function 0x565078c77b50 Aug 26 13:23:51.831945: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:23:51.831952: | creating state object #2 at 0x565079a3ffe8 Aug 26 13:23:51.831954: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:23:51.831956: | pstats #2 ikev2.child started Aug 26 13:23:51.831958: | duplicating state object #1 "west" as #2 for IPSEC SA Aug 26 13:23:51.831961: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:23:51.831966: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:23:51.831969: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:51.831971: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:23:51.831973: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:23:51.831975: | libevent_free: release ptr-libevent@0x7f8ed0002888 Aug 26 13:23:51.831977: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x565079a3a738 Aug 26 13:23:51.831979: | event_schedule: new EVENT_SA_REPLACE-pe@0x565079a3a738 Aug 26 13:23:51.831982: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:23:51.831984: | libevent_malloc: new ptr-libevent@0x7f8ed0002888 size 128 Aug 26 13:23:51.831986: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:23:51.831990: | **emit ISAKMP Message: Aug 26 13:23:51.831992: | initiator cookie: Aug 26 13:23:51.831993: | e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.831995: | responder cookie: Aug 26 13:23:51.831996: | dd 36 51 29 02 6c db 8e Aug 26 13:23:51.831998: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:23:51.832000: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:51.832002: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:51.832004: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:23:51.832005: | Message ID: 1 (0x1) Aug 26 13:23:51.832007: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:23:51.832009: | ***emit IKEv2 Encryption Payload: Aug 26 13:23:51.832011: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832013: | flags: none (0x0) Aug 26 13:23:51.832015: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:23:51.832017: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832019: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:23:51.832024: | IKEv2 CERT: send a certificate? Aug 26 13:23:51.832026: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:23:51.832028: | IDr payload will be sent Aug 26 13:23:51.832039: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:23:51.832042: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832043: | flags: none (0x0) Aug 26 13:23:51.832047: | ID type: ID_FQDN (0x2) Aug 26 13:23:51.832049: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:23:51.832051: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832053: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:23:51.832055: | my identity 77 65 73 74 Aug 26 13:23:51.832057: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:23:51.832062: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:23:51.832064: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:51.832066: | flags: none (0x0) Aug 26 13:23:51.832067: | ID type: ID_FQDN (0x2) Aug 26 13:23:51.832070: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:23:51.832072: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:23:51.832073: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832075: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:23:51.832077: | IDr 65 61 73 74 Aug 26 13:23:51.832079: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:23:51.832080: | not sending INITIAL_CONTACT Aug 26 13:23:51.832082: | ****emit IKEv2 Authentication Payload: Aug 26 13:23:51.832084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832085: | flags: none (0x0) Aug 26 13:23:51.832087: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:51.832089: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:23:51.832091: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832093: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:23:51.832096: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:51.832098: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:51.832100: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:51.832103: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:51.832105: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:51.832107: | line 1: match=014 Aug 26 13:23:51.832108: | match 014 beats previous best_match 000 match=0x565079991b58 (line=1) Aug 26 13:23:51.832110: | concluding with best_match=014 best=0x565079991b58 (lineno=1) Aug 26 13:23:51.832148: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:23:51.832151: | PSK auth 9f 0f 47 db 81 d8 62 c9 ec 64 39 97 63 a3 47 4c Aug 26 13:23:51.832153: | PSK auth d7 82 35 8a 1c 89 73 3a 10 d1 73 b0 a9 72 2e e2 Aug 26 13:23:51.832154: | PSK auth 77 f7 15 59 d7 f4 52 57 d9 d4 39 f4 8a b2 37 23 Aug 26 13:23:51.832156: | PSK auth bc 7b 4c b2 38 7e 36 e9 39 ed 9a 2c be e0 4d b0 Aug 26 13:23:51.832158: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:23:51.832160: | getting first pending from state #1 Aug 26 13:23:51.832175: | netlink_get_spi: allocated 0xb6d91d4f for esp.0@192.1.2.45 Aug 26 13:23:51.832178: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:23:51.832184: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:23:51.832187: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:51.832189: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:23:51.832191: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:23:51.832195: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:51.832197: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:51.832199: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:23:51.832202: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:51.832206: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:51.832213: | Emitting ikev2_proposals ... Aug 26 13:23:51.832215: | ****emit IKEv2 Security Association Payload: Aug 26 13:23:51.832216: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832218: | flags: none (0x0) Aug 26 13:23:51.832220: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:23:51.832222: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832224: | discarding INTEG=NONE Aug 26 13:23:51.832225: | discarding DH=NONE Aug 26 13:23:51.832227: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.832229: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832230: | prop #: 1 (0x1) Aug 26 13:23:51.832232: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:51.832233: | spi size: 4 (0x4) Aug 26 13:23:51.832235: | # transforms: 2 (0x2) Aug 26 13:23:51.832237: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.832239: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:51.832241: | our spi b6 d9 1d 4f Aug 26 13:23:51.832242: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832246: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.832247: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.832249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832251: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.832253: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.832254: | length/value: 256 (0x100) Aug 26 13:23:51.832256: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.832258: | discarding INTEG=NONE Aug 26 13:23:51.832259: | discarding DH=NONE Aug 26 13:23:51.832261: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832262: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.832264: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:51.832266: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:51.832268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832271: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832273: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:51.832275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.832277: | discarding INTEG=NONE Aug 26 13:23:51.832278: | discarding DH=NONE Aug 26 13:23:51.832281: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.832282: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832302: | prop #: 2 (0x2) Aug 26 13:23:51.832306: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:51.832308: | spi size: 4 (0x4) Aug 26 13:23:51.832309: | # transforms: 2 (0x2) Aug 26 13:23:51.832311: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832313: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.832315: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:51.832317: | our spi b6 d9 1d 4f Aug 26 13:23:51.832331: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832334: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.832336: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.832338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832340: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.832341: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.832343: | length/value: 128 (0x80) Aug 26 13:23:51.832345: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.832346: | discarding INTEG=NONE Aug 26 13:23:51.832347: | discarding DH=NONE Aug 26 13:23:51.832349: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832351: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.832352: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:51.832354: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:51.832356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832358: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832359: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832361: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:23:51.832363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.832364: | discarding DH=NONE Aug 26 13:23:51.832366: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.832367: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832369: | prop #: 3 (0x3) Aug 26 13:23:51.832370: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:51.832372: | spi size: 4 (0x4) Aug 26 13:23:51.832373: | # transforms: 4 (0x4) Aug 26 13:23:51.832375: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832377: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.832379: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:51.832381: | our spi b6 d9 1d 4f Aug 26 13:23:51.832382: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832385: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.832387: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:51.832389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832390: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.832392: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.832394: | length/value: 256 (0x100) Aug 26 13:23:51.832396: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.832398: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832401: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.832403: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:51.832405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832406: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832408: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832413: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.832415: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:51.832416: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832418: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832420: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832421: | discarding DH=NONE Aug 26 13:23:51.832423: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832425: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.832426: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:51.832428: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:51.832430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832431: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832433: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832435: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:51.832436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.832438: | discarding DH=NONE Aug 26 13:23:51.832440: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.832441: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:51.832443: | prop #: 4 (0x4) Aug 26 13:23:51.832444: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:51.832446: | spi size: 4 (0x4) Aug 26 13:23:51.832447: | # transforms: 4 (0x4) Aug 26 13:23:51.832449: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:23:51.832451: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:23:51.832453: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:23:51.832454: | our spi b6 d9 1d 4f Aug 26 13:23:51.832456: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832459: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.832461: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:23:51.832462: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832464: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.832466: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.832467: | length/value: 128 (0x80) Aug 26 13:23:51.832469: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:23:51.832471: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832475: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.832476: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:23:51.832478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832482: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832483: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832486: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:23:51.832488: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:23:51.832490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832492: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832493: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832495: | discarding DH=NONE Aug 26 13:23:51.832496: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:23:51.832498: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.832499: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:51.832501: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:51.832503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.832505: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:23:51.832506: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:23:51.832508: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:23:51.832510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:23:51.832511: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:23:51.832513: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:23:51.832515: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:51.832517: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832518: | flags: none (0x0) Aug 26 13:23:51.832520: | number of TS: 1 (0x1) Aug 26 13:23:51.832522: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:23:51.832524: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832526: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:51.832528: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:51.832529: | IP Protocol ID: 0 (0x0) Aug 26 13:23:51.832531: | start port: 0 (0x0) Aug 26 13:23:51.832533: | end port: 65535 (0xffff) Aug 26 13:23:51.832535: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:51.832536: | ipv4 start c0 00 01 00 Aug 26 13:23:51.832538: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:51.832539: | ipv4 end c0 00 01 ff Aug 26 13:23:51.832541: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:51.832543: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:23:51.832544: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:51.832547: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.832549: | flags: none (0x0) Aug 26 13:23:51.832550: | number of TS: 1 (0x1) Aug 26 13:23:51.832552: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:23:51.832554: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:23:51.832556: | *****emit IKEv2 Traffic Selector: Aug 26 13:23:51.832557: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:51.832559: | IP Protocol ID: 0 (0x0) Aug 26 13:23:51.832560: | start port: 0 (0x0) Aug 26 13:23:51.832562: | end port: 65535 (0xffff) Aug 26 13:23:51.832564: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:23:51.832565: | ipv4 start c0 00 02 00 Aug 26 13:23:51.832567: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:23:51.832569: | ipv4 end c0 00 02 ff Aug 26 13:23:51.832570: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:23:51.832572: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:23:51.832574: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:23:51.832575: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:23:51.832577: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:23:51.832579: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:23:51.832581: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:23:51.832583: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:23:51.832585: | emitting length of ISAKMP Message: 365 Aug 26 13:23:51.832594: | suspend processing: state #1 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:51.832597: | start processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:51.832600: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:23:51.832602: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:23:51.832604: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:23:51.832605: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:23:51.832609: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:23:51.832612: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:23:51.832614: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:23:51.832620: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:23:51.832624: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:23:51.832626: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:23:51.832627: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:23:51.832629: | db 02 b8 bd 1a 36 32 f9 1c b7 c4 78 02 10 7e 7e Aug 26 13:23:51.832630: | de 1d 7a 4e f7 c3 d4 e6 88 c9 6b 39 40 e4 90 36 Aug 26 13:23:51.832632: | d3 d9 fd b1 f8 0f 28 76 61 4d 82 35 34 75 f8 da Aug 26 13:23:51.832633: | 5d 94 25 cf d6 5c 14 ba 26 cb f3 dd d1 85 49 64 Aug 26 13:23:51.832635: | 98 aa a1 cd 51 08 9a b5 20 ab 01 21 19 ff 45 0f Aug 26 13:23:51.832636: | 1a 1b a5 c6 47 58 2c 26 8c d1 d8 e0 4b 59 8a f9 Aug 26 13:23:51.832638: | 6f 44 5c fb 6c 52 e7 c1 84 63 6e 37 ca 4a 9b 44 Aug 26 13:23:51.832639: | 74 c7 28 d4 7d 28 06 c3 01 43 20 12 32 7b a9 67 Aug 26 13:23:51.832642: | 41 f7 c6 d7 e3 b8 c0 ed d9 12 be 65 a2 3b 4f 3c Aug 26 13:23:51.832643: | c1 4f 46 a6 ab b7 76 5d f1 96 e7 e3 de d4 fe ee Aug 26 13:23:51.832645: | 06 92 b8 59 be f0 5d 52 63 22 ef d5 86 d1 e5 a2 Aug 26 13:23:51.832646: | b9 f0 de fd 24 87 20 97 49 9d fc 6c 63 18 ec 36 Aug 26 13:23:51.832648: | ea 4d 1e b3 bd 01 c7 a6 07 c4 93 0f b9 e7 f4 49 Aug 26 13:23:51.832649: | 33 92 72 a3 8b 7a 70 66 f1 e4 9a 9f f2 53 c1 2d Aug 26 13:23:51.832651: | e9 64 cc 14 31 d1 51 5c 06 f5 32 60 0b 20 94 07 Aug 26 13:23:51.832652: | b3 65 15 21 6b 37 b7 60 4b 9e c6 05 4b 57 20 b5 Aug 26 13:23:51.832654: | 2c 5a 1d a1 31 67 0c 58 ef e3 31 39 4f 79 f2 38 Aug 26 13:23:51.832655: | 8d 12 fd 83 d8 9a 98 d9 93 c8 43 d8 d3 d9 71 31 Aug 26 13:23:51.832657: | c1 0f e6 28 13 a7 4d 97 ba bc 1f a3 23 bd 1c d4 Aug 26 13:23:51.832658: | 11 8a 7c 9f 27 be df 48 ca c6 d2 09 d3 26 9a 70 Aug 26 13:23:51.832660: | 5c 02 00 6a 11 0e aa e6 25 89 41 3a df Aug 26 13:23:51.832675: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:23:51.832678: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8ed0002b78 Aug 26 13:23:51.832681: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #2 Aug 26 13:23:51.832683: | libevent_malloc: new ptr-libevent@0x565079a3d878 size 128 Aug 26 13:23:51.832686: | #2 STATE_PARENT_I2: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11117.575145 Aug 26 13:23:51.832688: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:23:51.832692: | #1 spent 0.741 milliseconds in resume sending helper answer Aug 26 13:23:51.832695: | stop processing: state #2 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:23:51.832697: | libevent_free: release ptr-libevent@0x7f8ec8000f48 Aug 26 13:23:51.858925: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:23:51.858944: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:23:51.858947: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:23:51.858949: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:23:51.858950: | 20 bc 78 c9 c9 5c c3 db a2 e3 31 b6 64 bb 53 d7 Aug 26 13:23:51.858952: | c4 c9 a0 43 a7 75 73 8b 3a e2 b7 4c 37 21 5a e6 Aug 26 13:23:51.858953: | 89 97 75 25 63 4a a0 72 ec 3b 8d 3b e2 be 76 85 Aug 26 13:23:51.858955: | d9 24 af d8 d5 47 6c a8 e2 eb 5e cc 6f 80 a6 61 Aug 26 13:23:51.858956: | 2d ba b6 7d d4 03 80 0f f8 e3 ae 5b 76 d0 97 da Aug 26 13:23:51.858958: | 0e 09 67 53 03 27 ae 77 e4 88 e6 9d a1 c6 40 0f Aug 26 13:23:51.858959: | 47 62 58 5e f9 a4 8e 00 a7 27 2b 9c 4e 79 c6 61 Aug 26 13:23:51.858961: | 43 f2 00 c4 53 60 73 21 8f 58 da 98 6a 9a 6f d3 Aug 26 13:23:51.858962: | 9f 03 64 7c d1 b7 13 91 3d 9c 67 e4 52 7e 17 b2 Aug 26 13:23:51.858964: | 96 fb bc f0 f6 89 a2 88 c4 b3 3e 25 6e a7 26 51 Aug 26 13:23:51.858965: | 05 94 8c cb f8 a7 7a 19 ef 54 67 cf cf ee 4b 82 Aug 26 13:23:51.858967: | 18 a6 a1 4c 62 2e 70 45 9e 0b 2c 21 22 6d 95 1c Aug 26 13:23:51.858968: | 3a Aug 26 13:23:51.858971: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:23:51.858974: | **parse ISAKMP Message: Aug 26 13:23:51.858976: | initiator cookie: Aug 26 13:23:51.858977: | e5 90 57 9b 11 72 98 0f Aug 26 13:23:51.858979: | responder cookie: Aug 26 13:23:51.858980: | dd 36 51 29 02 6c db 8e Aug 26 13:23:51.858982: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:23:51.858984: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:23:51.858986: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:23:51.858988: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:23:51.858989: | Message ID: 1 (0x1) Aug 26 13:23:51.858991: | length: 225 (0xe1) Aug 26 13:23:51.858993: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:23:51.858997: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:23:51.859000: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:23:51.859005: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:23:51.859007: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:23:51.859010: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:51.859012: | start processing: state #2 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:23:51.859014: | #2 is idle Aug 26 13:23:51.859016: | #2 idle Aug 26 13:23:51.859017: | unpacking clear payload Aug 26 13:23:51.859019: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:23:51.859021: | ***parse IKEv2 Encryption Payload: Aug 26 13:23:51.859023: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:23:51.859024: | flags: none (0x0) Aug 26 13:23:51.859026: | length: 197 (0xc5) Aug 26 13:23:51.859028: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:23:51.859030: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:23:51.859040: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:23:51.859042: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:23:51.859044: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:23:51.859046: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:23:51.859048: | flags: none (0x0) Aug 26 13:23:51.859049: | length: 12 (0xc) Aug 26 13:23:51.859051: | ID type: ID_FQDN (0x2) Aug 26 13:23:51.859053: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:23:51.859054: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:23:51.859056: | **parse IKEv2 Authentication Payload: Aug 26 13:23:51.859058: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:23:51.859059: | flags: none (0x0) Aug 26 13:23:51.859061: | length: 72 (0x48) Aug 26 13:23:51.859062: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:23:51.859064: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:23:51.859066: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:23:51.859067: | **parse IKEv2 Security Association Payload: Aug 26 13:23:51.859069: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:23:51.859070: | flags: none (0x0) Aug 26 13:23:51.859072: | length: 36 (0x24) Aug 26 13:23:51.859074: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:23:51.859075: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:23:51.859077: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:23:51.859078: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:23:51.859080: | flags: none (0x0) Aug 26 13:23:51.859081: | length: 24 (0x18) Aug 26 13:23:51.859083: | number of TS: 1 (0x1) Aug 26 13:23:51.859085: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:23:51.859086: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:23:51.859088: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:23:51.859090: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:23:51.859091: | flags: none (0x0) Aug 26 13:23:51.859092: | length: 24 (0x18) Aug 26 13:23:51.859094: | number of TS: 1 (0x1) Aug 26 13:23:51.859096: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:23:51.859097: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:23:51.859099: | Now let's proceed with state specific processing Aug 26 13:23:51.859101: | calling processor Initiator: process IKE_AUTH response Aug 26 13:23:51.859105: | offered CA: '%none' Aug 26 13:23:51.859107: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:23:51.859133: | verifying AUTH payload Aug 26 13:23:51.859137: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:23:51.859140: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:51.859143: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:23:51.859146: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:23:51.859148: | 1: compared key @east to @west / @east -> 004 Aug 26 13:23:51.859150: | 2: compared key @west to @west / @east -> 014 Aug 26 13:23:51.859152: | line 1: match=014 Aug 26 13:23:51.859154: | match 014 beats previous best_match 000 match=0x565079991b58 (line=1) Aug 26 13:23:51.859156: | concluding with best_match=014 best=0x565079991b58 (lineno=1) Aug 26 13:23:51.859194: "west" #2: Authenticated using authby=secret Aug 26 13:23:51.859215: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:23:51.859219: | #1 will start re-keying in 65 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:51.859221: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:23:51.859224: | libevent_free: release ptr-libevent@0x7f8ed0002888 Aug 26 13:23:51.859226: | free_event_entry: release EVENT_SA_REPLACE-pe@0x565079a3a738 Aug 26 13:23:51.859228: | event_schedule: new EVENT_SA_REKEY-pe@0x565079a3a738 Aug 26 13:23:51.859231: | inserting event EVENT_SA_REKEY, timeout in 65 seconds for #1 Aug 26 13:23:51.859233: | libevent_malloc: new ptr-libevent@0x7f8ec8000f48 size 128 Aug 26 13:23:51.859297: | pstats #1 ikev2.ike established Aug 26 13:23:51.859305: | TSi: parsing 1 traffic selectors Aug 26 13:23:51.859310: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:51.859326: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:51.859329: | IP Protocol ID: 0 (0x0) Aug 26 13:23:51.859332: | length: 16 (0x10) Aug 26 13:23:51.859335: | start port: 0 (0x0) Aug 26 13:23:51.859338: | end port: 65535 (0xffff) Aug 26 13:23:51.859341: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:51.859344: | TS low c0 00 01 00 Aug 26 13:23:51.859348: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:51.859351: | TS high c0 00 01 ff Aug 26 13:23:51.859354: | TSi: parsed 1 traffic selectors Aug 26 13:23:51.859356: | TSr: parsing 1 traffic selectors Aug 26 13:23:51.859359: | ***parse IKEv2 Traffic Selector: Aug 26 13:23:51.859360: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:23:51.859362: | IP Protocol ID: 0 (0x0) Aug 26 13:23:51.859363: | length: 16 (0x10) Aug 26 13:23:51.859365: | start port: 0 (0x0) Aug 26 13:23:51.859366: | end port: 65535 (0xffff) Aug 26 13:23:51.859368: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:23:51.859370: | TS low c0 00 02 00 Aug 26 13:23:51.859371: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:23:51.859373: | TS high c0 00 02 ff Aug 26 13:23:51.859374: | TSr: parsed 1 traffic selectors Aug 26 13:23:51.859378: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:23:51.859381: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:51.859385: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:23:51.859388: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:23:51.859389: | TSi[0] port match: YES fitness 65536 Aug 26 13:23:51.859391: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:23:51.859393: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:51.859396: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:23:51.859399: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:23:51.859401: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:23:51.859403: | TSr[0] port match: YES fitness 65536 Aug 26 13:23:51.859404: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:23:51.859406: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:23:51.859408: | best fit so far: TSi[0] TSr[0] Aug 26 13:23:51.859411: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:23:51.859413: | printing contents struct traffic_selector Aug 26 13:23:51.859414: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:51.859416: | ipprotoid: 0 Aug 26 13:23:51.859417: | port range: 0-65535 Aug 26 13:23:51.859420: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:23:51.859421: | printing contents struct traffic_selector Aug 26 13:23:51.859423: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:23:51.859424: | ipprotoid: 0 Aug 26 13:23:51.859426: | port range: 0-65535 Aug 26 13:23:51.859428: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:23:51.859437: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:23:51.859439: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:23:51.859441: | local proposal 1 type ENCR has 1 transforms Aug 26 13:23:51.859443: | local proposal 1 type PRF has 0 transforms Aug 26 13:23:51.859445: | local proposal 1 type INTEG has 1 transforms Aug 26 13:23:51.859446: | local proposal 1 type DH has 1 transforms Aug 26 13:23:51.859448: | local proposal 1 type ESN has 1 transforms Aug 26 13:23:51.859450: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:51.859452: | local proposal 2 type ENCR has 1 transforms Aug 26 13:23:51.859453: | local proposal 2 type PRF has 0 transforms Aug 26 13:23:51.859455: | local proposal 2 type INTEG has 1 transforms Aug 26 13:23:51.859457: | local proposal 2 type DH has 1 transforms Aug 26 13:23:51.859458: | local proposal 2 type ESN has 1 transforms Aug 26 13:23:51.859460: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:23:51.859462: | local proposal 3 type ENCR has 1 transforms Aug 26 13:23:51.859463: | local proposal 3 type PRF has 0 transforms Aug 26 13:23:51.859465: | local proposal 3 type INTEG has 2 transforms Aug 26 13:23:51.859466: | local proposal 3 type DH has 1 transforms Aug 26 13:23:51.859468: | local proposal 3 type ESN has 1 transforms Aug 26 13:23:51.859470: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:51.859471: | local proposal 4 type ENCR has 1 transforms Aug 26 13:23:51.859473: | local proposal 4 type PRF has 0 transforms Aug 26 13:23:51.859475: | local proposal 4 type INTEG has 2 transforms Aug 26 13:23:51.859476: | local proposal 4 type DH has 1 transforms Aug 26 13:23:51.859478: | local proposal 4 type ESN has 1 transforms Aug 26 13:23:51.859480: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:23:51.859482: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:23:51.859484: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:23:51.859485: | length: 32 (0x20) Aug 26 13:23:51.859487: | prop #: 1 (0x1) Aug 26 13:23:51.859489: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:23:51.859490: | spi size: 4 (0x4) Aug 26 13:23:51.859492: | # transforms: 2 (0x2) Aug 26 13:23:51.859494: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:23:51.859495: | remote SPI 60 62 02 2f Aug 26 13:23:51.859497: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:23:51.859499: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:51.859501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:23:51.859503: | length: 12 (0xc) Aug 26 13:23:51.859504: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:23:51.859506: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:23:51.859508: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:23:51.859509: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:23:51.859512: | length/value: 256 (0x100) Aug 26 13:23:51.859515: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:23:51.859517: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:23:51.859518: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:23:51.859520: | length: 8 (0x8) Aug 26 13:23:51.859521: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:23:51.859523: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:23:51.859525: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:23:51.859527: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:23:51.859530: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:23:51.859532: | remote proposal 1 matches local proposal 1 Aug 26 13:23:51.859534: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:23:51.859537: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6062022f;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:23:51.859539: | converting proposal to internal trans attrs Aug 26 13:23:51.859543: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:23:51.859642: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:23:51.859646: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:23:51.859648: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:51.859650: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:51.859652: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:51.859654: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:51.859657: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:51.859659: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:51.859661: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:51.859663: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:51.859666: | setting IPsec SA replay-window to 32 Aug 26 13:23:51.859668: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:51.859670: | netlink: enabling tunnel mode Aug 26 13:23:51.859672: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:51.859673: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:51.859728: | netlink response for Add SA esp.6062022f@192.1.2.23 included non-error error Aug 26 13:23:51.859731: | set up outgoing SA, ref=0/0 Aug 26 13:23:51.859733: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:23:51.859735: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:23:51.859736: | AES_GCM_16 requires 4 salt bytes Aug 26 13:23:51.859738: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:23:51.859740: | setting IPsec SA replay-window to 32 Aug 26 13:23:51.859742: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:23:51.859744: | netlink: enabling tunnel mode Aug 26 13:23:51.859745: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:23:51.859747: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:23:51.859778: | netlink response for Add SA esp.b6d91d4f@192.1.2.45 included non-error error Aug 26 13:23:51.859784: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:51.859792: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:23:51.859797: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:51.859818: | raw_eroute result=success Aug 26 13:23:51.859821: | set up incoming SA, ref=0/0 Aug 26 13:23:51.859823: | sr for #2: unrouted Aug 26 13:23:51.859824: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:23:51.859826: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:23:51.859830: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:23:51.859832: | conn west mark 0/00000000, 0/00000000 Aug 26 13:23:51.859834: | route owner of "west" unrouted: NULL; eroute owner: NULL Aug 26 13:23:51.859836: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:23:51.859838: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:23:51.859842: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:23:51.859845: | IPsec Sa SPD priority set to 1042407 Aug 26 13:23:51.859856: | raw_eroute result=success Aug 26 13:23:51.859861: | running updown command "ipsec _updown" for verb up Aug 26 13:23:51.859864: | command executing up-client Aug 26 13:23:51.859890: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6062022f SPI_OUT=0x Aug 26 13:23:51.859894: | popen cmd is 1023 chars long Aug 26 13:23:51.859896: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Aug 26 13:23:51.859897: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Aug 26 13:23:51.859900: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Aug 26 13:23:51.859904: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Aug 26 13:23:51.859907: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Aug 26 13:23:51.859911: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Aug 26 13:23:51.859915: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Aug 26 13:23:51.859918: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Aug 26 13:23:51.859922: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Aug 26 13:23:51.859923: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Aug 26 13:23:51.859925: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Aug 26 13:23:51.859927: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Aug 26 13:23:51.859928: | cmd( 960):ED='no' SPI_IN=0x6062022f SPI_OUT=0xb6d91d4f ipsec _updown 2>&1: Aug 26 13:23:51.867374: | route_and_eroute: firewall_notified: true Aug 26 13:23:51.867390: | running updown command "ipsec _updown" for verb prepare Aug 26 13:23:51.867393: | command executing prepare-client Aug 26 13:23:51.867415: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6062022f Aug 26 13:23:51.867420: | popen cmd is 1028 chars long Aug 26 13:23:51.867422: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Aug 26 13:23:51.867424: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Aug 26 13:23:51.867426: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Aug 26 13:23:51.867428: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Aug 26 13:23:51.867429: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Aug 26 13:23:51.867431: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Aug 26 13:23:51.867433: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Aug 26 13:23:51.867435: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Aug 26 13:23:51.867436: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Aug 26 13:23:51.867438: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Aug 26 13:23:51.867440: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Aug 26 13:23:51.867441: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Aug 26 13:23:51.867443: | cmd( 960):_SHARED='no' SPI_IN=0x6062022f SPI_OUT=0xb6d91d4f ipsec _updown 2>&1: Aug 26 13:23:51.874227: | running updown command "ipsec _updown" for verb route Aug 26 13:23:51.874241: | command executing route-client Aug 26 13:23:51.874264: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6062022f SPI_ Aug 26 13:23:51.874267: | popen cmd is 1026 chars long Aug 26 13:23:51.874269: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Aug 26 13:23:51.874271: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Aug 26 13:23:51.874272: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Aug 26 13:23:51.874274: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Aug 26 13:23:51.874276: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Aug 26 13:23:51.874277: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Aug 26 13:23:51.874282: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Aug 26 13:23:51.874284: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Aug 26 13:23:51.874285: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Aug 26 13:23:51.874287: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Aug 26 13:23:51.874299: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Aug 26 13:23:51.874301: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Aug 26 13:23:51.874302: | cmd( 960):HARED='no' SPI_IN=0x6062022f SPI_OUT=0xb6d91d4f ipsec _updown 2>&1: Aug 26 13:23:51.883510: | route_and_eroute: instance "west", setting eroute_owner {spd=0x565079a38a08,sr=0x565079a38a08} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:23:51.883567: | #1 spent 1.37 milliseconds in install_ipsec_sa() Aug 26 13:23:51.883574: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:23:51.883576: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:23:51.883579: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:23:51.883588: | libevent_free: release ptr-libevent@0x565079a3d878 Aug 26 13:23:51.883593: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8ed0002b78 Aug 26 13:23:51.883597: | #2 spent 1.94 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:23:51.883603: | [RE]START processing: state #2 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:23:51.883606: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:23:51.883608: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:23:51.883611: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:23:51.883613: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:23:51.883618: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:23:51.883621: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:23:51.883623: | pstats #2 ikev2.child established Aug 26 13:23:51.883630: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:23:51.883638: | NAT-T: encaps is 'auto' Aug 26 13:23:51.883641: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6062022f <0xb6d91d4f xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:23:51.883644: | releasing whack for #2 (sock=fd@25) Aug 26 13:23:51.883662: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:23:51.883664: | releasing whack and unpending for parent #1 Aug 26 13:23:51.883666: | unpending state #1 connection "west" Aug 26 13:23:51.883670: | delete from pending Child SA with 192.1.2.23 "west" Aug 26 13:23:51.883672: | removing pending policy for no connection {0x565079991898} Aug 26 13:23:51.883677: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:23:51.883680: | #2 will start re-keying in 45 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:23:51.883683: | event_schedule: new EVENT_SA_REKEY-pe@0x7f8ed0002b78 Aug 26 13:23:51.883686: | inserting event EVENT_SA_REKEY, timeout in 45 seconds for #2 Aug 26 13:23:51.883690: | libevent_malloc: new ptr-libevent@0x565079a3fda8 size 128 Aug 26 13:23:51.883696: | stop processing: state #2 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:23:51.883701: | #1 spent 2.21 milliseconds in ikev2_process_packet() Aug 26 13:23:51.883705: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:23:51.883713: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:23:51.883715: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:23:51.883719: | spent 2.23 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:23:51.883744: | processing signal PLUTO_SIGCHLD Aug 26 13:23:51.883750: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:51.883754: | spent 0.00517 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:51.883771: | processing signal PLUTO_SIGCHLD Aug 26 13:23:51.883774: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:51.883778: | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:51.883780: | processing signal PLUTO_SIGCHLD Aug 26 13:23:51.883784: | waitpid returned ECHILD (no child processes left) Aug 26 13:23:51.883787: | spent 0.00344 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:23:55.085957: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:23:55.085996: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:23:55.086002: | FOR_EACH_STATE_... in sort_states Aug 26 13:23:55.086012: | get_sa_info esp.b6d91d4f@192.1.2.45 Aug 26 13:23:55.086040: | get_sa_info esp.6062022f@192.1.2.23 Aug 26 13:23:55.086069: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:23:55.086079: | spent 0.135 milliseconds in whack Aug 26 13:24:11.636684: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:11.636716: | expiring aged bare shunts from shunt table Aug 26 13:24:11.636723: | spent 0.00552 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:31.638341: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:24:31.638373: | expiring aged bare shunts from shunt table Aug 26 13:24:31.638379: | spent 0.00435 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:24:36.864364: | timer_event_cb: processing event@0x7f8ed0002b78 Aug 26 13:24:36.864430: | handling event EVENT_SA_REKEY for child state #2 Aug 26 13:24:36.864467: | start processing: state #2 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:36.864493: | picked newest_ipsec_sa #2 for #2 Aug 26 13:24:36.864509: | rekeying stale CHILD SA Aug 26 13:24:36.864533: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:24:36.864549: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:24:36.864567: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:24:36.864592: | creating state object #3 at 0x565079a455e8 Aug 26 13:24:36.864609: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:24:36.864661: | pstats #3 ikev2.child started Aug 26 13:24:36.864679: | duplicating state object #1 "west" as #3 for IPSEC SA Aug 26 13:24:36.864712: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:24:36.864776: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:24:36.864805: | suspend processing: state #2 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:36.864832: | start processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:24:36.864855: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:24:36.864876: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:24:36.864896: | constructing ESP/AH proposals with default DH MODP2048 for west (ESP/AH initiator emitting proposals) Aug 26 13:24:36.864932: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:24:36.864965: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.864984: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:24:36.865007: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.865038: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:36.865064: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.865082: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:24:36.865107: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.865155: "west": constructed local ESP/AH proposals for west (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.865187: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:24:36.865207: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x565079a3d5a8 Aug 26 13:24:36.865229: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:24:36.865248: | libevent_malloc: new ptr-libevent@0x565079a3d7c8 size 128 Aug 26 13:24:36.865277: | RESET processing: state #3 connection "west" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:24:36.865322: | scheduling drop-dead replace event for #2 Aug 26 13:24:36.865357: | event_schedule: new EVENT_SA_REPLACE-pe@0x565079a439d8 Aug 26 13:24:36.865381: | inserting event EVENT_SA_REPLACE, timeout in 5.019191 seconds for #2 Aug 26 13:24:36.865398: | libevent_malloc: new ptr-libevent@0x565079a3d6c8 size 128 Aug 26 13:24:36.865418: | libevent_free: release ptr-libevent@0x565079a3fda8 Aug 26 13:24:36.865435: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8ed0002b78 Aug 26 13:24:36.865463: | #2 spent 1.08 milliseconds in timer_event_cb() EVENT_SA_REKEY Aug 26 13:24:36.865481: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:36.865511: | timer_event_cb: processing event@0x565079a3d5a8 Aug 26 13:24:36.865528: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:24:36.865554: | start processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:36.865579: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:24:36.865597: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8ed0002b78 Aug 26 13:24:36.865616: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:36.865631: | libevent_malloc: new ptr-libevent@0x565079a3fda8 size 128 Aug 26 13:24:36.865667: | libevent_free: release ptr-libevent@0x565079a3d7c8 Aug 26 13:24:36.865684: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x565079a3d5a8 Aug 26 13:24:36.865707: | #3 spent 0.192 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:24:36.865730: | stop processing: state #3 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:24:36.865745: | crypto helper 2 resuming Aug 26 13:24:36.865793: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:24:36.865811: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:24:36.868571: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.002759 seconds Aug 26 13:24:36.868614: | (#3) spent 2.76 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:24:36.868625: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:24:36.868636: | scheduling resume sending helper answer for #3 Aug 26 13:24:36.868647: | libevent_malloc: new ptr-libevent@0x7f8ecc002888 size 128 Aug 26 13:24:36.868657: | libevent_realloc: release ptr-libevent@0x565079a1a838 Aug 26 13:24:36.868675: | libevent_realloc: new ptr-libevent@0x7f8ecc0027d8 size 128 Aug 26 13:24:36.868702: | crypto helper 2 waiting (nothing to do) Aug 26 13:24:36.868776: | processing resume sending helper answer for #3 Aug 26 13:24:36.868820: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:36.868838: | crypto helper 2 replies to request ID 3 Aug 26 13:24:36.868847: | calling continuation function 0x565078c77b50 Aug 26 13:24:36.868859: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Aug 26 13:24:36.868870: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:36.868880: | libevent_free: release ptr-libevent@0x565079a3fda8 Aug 26 13:24:36.868891: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8ed0002b78 Aug 26 13:24:36.868901: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f8ed0002b78 Aug 26 13:24:36.868914: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:24:36.868923: | libevent_malloc: new ptr-libevent@0x565079a3fda8 size 128 Aug 26 13:24:36.868940: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:36.868958: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:24:36.868968: | libevent_malloc: new ptr-libevent@0x565079a3d7c8 size 128 Aug 26 13:24:36.868985: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:36.868997: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:24:36.869006: | suspending state #3 and saving MD Aug 26 13:24:36.869014: | #3 is busy; has a suspended MD Aug 26 13:24:36.869027: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:36.869039: | "west" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:36.869051: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:24:36.869068: | #3 spent 0.228 milliseconds in resume sending helper answer Aug 26 13:24:36.869082: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:36.869091: | libevent_free: release ptr-libevent@0x7f8ecc002888 Aug 26 13:24:36.869107: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:24:36.869121: | start processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:24:36.869139: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:36.869153: | suspend processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:36.869165: | start processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:24:36.869255: | **emit ISAKMP Message: Aug 26 13:24:36.869265: | initiator cookie: Aug 26 13:24:36.869274: | e5 90 57 9b 11 72 98 0f Aug 26 13:24:36.869282: | responder cookie: Aug 26 13:24:36.869308: | dd 36 51 29 02 6c db 8e Aug 26 13:24:36.869338: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:36.869351: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:36.869361: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:36.869374: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:36.869383: | Message ID: 2 (0x2) Aug 26 13:24:36.869393: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:36.869403: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:36.869413: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.869421: | flags: none (0x0) Aug 26 13:24:36.869431: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:36.869456: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.869468: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:36.869545: | netlink_get_spi: allocated 0x4b2e05d8 for esp.0@192.1.2.45 Aug 26 13:24:36.869556: | Emitting ikev2_proposals ... Aug 26 13:24:36.869566: | ****emit IKEv2 Security Association Payload: Aug 26 13:24:36.869574: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.869582: | flags: none (0x0) Aug 26 13:24:36.869593: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:24:36.869602: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.869611: | discarding INTEG=NONE Aug 26 13:24:36.869619: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:36.869628: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.869636: | prop #: 1 (0x1) Aug 26 13:24:36.869644: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:36.869652: | spi size: 4 (0x4) Aug 26 13:24:36.869660: | # transforms: 3 (0x3) Aug 26 13:24:36.869669: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:36.869680: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:36.869689: | our spi 4b 2e 05 d8 Aug 26 13:24:36.869697: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.869706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.869714: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:36.869723: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:36.869732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.869742: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:36.869751: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:36.869759: | length/value: 256 (0x100) Aug 26 13:24:36.869768: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:36.869775: | discarding INTEG=NONE Aug 26 13:24:36.869784: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.869792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.869800: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:36.869808: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.869818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.869828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.869837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.869845: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.869853: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:36.869861: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:36.869869: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:36.869879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.869889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.869897: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.869905: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:36.869915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:36.869922: | discarding INTEG=NONE Aug 26 13:24:36.869944: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:36.869953: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.869961: | prop #: 2 (0x2) Aug 26 13:24:36.869969: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:36.869977: | spi size: 4 (0x4) Aug 26 13:24:36.869985: | # transforms: 3 (0x3) Aug 26 13:24:36.869995: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.870004: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:36.870014: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:36.870022: | our spi 4b 2e 05 d8 Aug 26 13:24:36.870030: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870047: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:36.870055: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:36.870064: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870072: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:36.870081: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:36.870088: | length/value: 128 (0x80) Aug 26 13:24:36.870097: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:36.870105: | discarding INTEG=NONE Aug 26 13:24:36.870112: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870120: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870128: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:36.870136: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.870146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870164: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870172: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870180: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:36.870188: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:36.870196: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:36.870205: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870231: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:24:36.870240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:36.870248: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:36.870256: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.870264: | prop #: 3 (0x3) Aug 26 13:24:36.870272: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:36.870280: | spi size: 4 (0x4) Aug 26 13:24:36.870305: | # transforms: 5 (0x5) Aug 26 13:24:36.870326: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.870336: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:36.870346: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:36.870354: | our spi 4b 2e 05 d8 Aug 26 13:24:36.870366: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870375: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870383: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:36.870391: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:36.870400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870409: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:36.870417: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:36.870425: | length/value: 256 (0x100) Aug 26 13:24:36.870434: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:36.870442: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870458: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:36.870466: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:36.870475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870485: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870493: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870501: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870517: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:36.870525: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:36.870535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870553: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870561: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:36.870584: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.870594: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870612: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870619: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870627: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:36.870635: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:36.870643: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:36.870653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870670: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870679: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:36.870688: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:36.870696: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:24:36.870705: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:36.870712: | prop #: 4 (0x4) Aug 26 13:24:36.870720: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:36.870728: | spi size: 4 (0x4) Aug 26 13:24:36.870739: | # transforms: 5 (0x5) Aug 26 13:24:36.870750: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:24:36.870759: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:24:36.870769: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:24:36.870776: | our spi 4b 2e 05 d8 Aug 26 13:24:36.870784: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870800: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:36.870808: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:24:36.870817: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870826: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:24:36.870834: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:36.870842: | length/value: 128 (0x80) Aug 26 13:24:36.870850: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:24:36.870858: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870874: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:36.870882: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:24:36.870892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870910: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870918: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.870926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870934: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:24:36.870942: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:24:36.870953: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.870968: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.870981: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.870995: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.871008: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.871020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:36.871034: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.871050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.871065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.871078: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.871092: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:24:36.871106: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:36.871120: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:36.871134: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:36.871149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.871164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:24:36.871180: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:24:36.871201: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:24:36.871217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:24:36.871231: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:24:36.871246: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:24:36.871265: | #3 initiate rekey request for "west" #2 SPI 0xb6d91d4f TSi TSr Aug 26 13:24:36.871278: | printing contents struct traffic_selector Aug 26 13:24:36.871306: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:36.871326: | ipprotoid: 0 Aug 26 13:24:36.871341: | port range: 0-65535 Aug 26 13:24:36.871363: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:36.871374: | printing contents struct traffic_selector Aug 26 13:24:36.871385: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:36.871397: | ipprotoid: 0 Aug 26 13:24:36.871408: | port range: 0-65535 Aug 26 13:24:36.871429: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:36.871443: | ****emit IKEv2 Nonce Payload: Aug 26 13:24:36.871458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.871472: | flags: none (0x0) Aug 26 13:24:36.871490: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:24:36.871506: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.871524: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:24:36.871538: | IKEv2 nonce c3 39 44 ee d2 2b af d0 bf 02 88 ac 5b fc c0 c7 Aug 26 13:24:36.871552: | IKEv2 nonce 2b 09 2b 6f a1 e1 f4 10 13 f2 42 4e f4 ed 9d ef Aug 26 13:24:36.871564: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:24:36.871577: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:24:36.871592: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.871604: | flags: none (0x0) Aug 26 13:24:36.871617: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.871633: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:24:36.871648: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.871665: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:24:36.871680: | ikev2 g^x 4f 64 3c 85 9e 38 dd 51 56 48 87 d3 63 01 18 ad Aug 26 13:24:36.871694: | ikev2 g^x 60 fb fc f5 29 02 07 20 d5 0e 35 4f ee 1b 44 f2 Aug 26 13:24:36.871707: | ikev2 g^x 1b 66 5d 20 ae 64 80 77 76 97 c2 77 cf 8f c7 c6 Aug 26 13:24:36.871719: | ikev2 g^x aa 27 47 94 3e 9b ed c3 dd d7 74 b6 08 c5 2f c1 Aug 26 13:24:36.871732: | ikev2 g^x f4 ef 04 0a ea b3 48 45 20 e8 ad 04 43 5b 20 8f Aug 26 13:24:36.871744: | ikev2 g^x aa 26 2f a3 c2 cf 8c 20 09 e2 b4 70 4a 8d 50 0f Aug 26 13:24:36.871756: | ikev2 g^x 26 9d e5 cf a6 f6 ed 44 4d 0c e8 53 25 f2 58 53 Aug 26 13:24:36.871768: | ikev2 g^x a2 92 df 6e 65 39 19 17 da 95 b1 70 7b 97 a6 bb Aug 26 13:24:36.871781: | ikev2 g^x 83 e7 8f e3 0a 24 5a ff d7 77 1d a6 10 c4 f1 7b Aug 26 13:24:36.871793: | ikev2 g^x 66 7e 5f 4e 51 94 6e 39 f9 f6 17 e8 2d b6 39 c6 Aug 26 13:24:36.871804: | ikev2 g^x 6a b4 b1 c2 26 1c 05 5a e3 c2 ce 75 11 83 b7 0a Aug 26 13:24:36.871816: | ikev2 g^x f6 f2 3e 47 78 68 af 64 9d db ca fc 6b 2b 97 fc Aug 26 13:24:36.871828: | ikev2 g^x dd af 1e c7 a3 7b 8b 2b 21 bb 54 c0 52 4b fb f5 Aug 26 13:24:36.871842: | ikev2 g^x 13 7a ec 08 95 23 ac 77 0a 58 bf f7 84 9f ff 98 Aug 26 13:24:36.871854: | ikev2 g^x 47 2c 11 e7 d1 5b c4 9a df 52 0c b9 c7 26 67 47 Aug 26 13:24:36.871866: | ikev2 g^x eb 2f fb 56 35 d9 90 f0 5f 0a 95 c0 b2 78 d2 60 Aug 26 13:24:36.871879: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:24:36.871892: | Adding a v2N Payload Aug 26 13:24:36.871915: | ****emit IKEv2 Notify Payload: Aug 26 13:24:36.871930: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.871945: | flags: none (0x0) Aug 26 13:24:36.871958: | Protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:36.871970: | SPI size: 4 (0x4) Aug 26 13:24:36.871983: | Notify Message Type: v2N_REKEY_SA (0x4009) Aug 26 13:24:36.872000: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:24:36.872016: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.872032: | emitting 4 raw bytes of SPI into IKEv2 Notify Payload Aug 26 13:24:36.872046: | SPI b6 d9 1d 4f Aug 26 13:24:36.872059: | emitting length of IKEv2 Notify Payload: 12 Aug 26 13:24:36.872074: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:36.872089: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.872102: | flags: none (0x0) Aug 26 13:24:36.872115: | number of TS: 1 (0x1) Aug 26 13:24:36.872133: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:24:36.872148: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.872163: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:36.872177: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:36.872191: | IP Protocol ID: 0 (0x0) Aug 26 13:24:36.872204: | start port: 0 (0x0) Aug 26 13:24:36.872218: | end port: 65535 (0xffff) Aug 26 13:24:36.872234: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:36.872248: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:36.872263: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:36.872278: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:36.872321: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:36.872344: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 48 Aug 26 13:24:36.872359: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:36.872373: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.872386: | flags: none (0x0) Aug 26 13:24:36.872399: | number of TS: 1 (0x1) Aug 26 13:24:36.872416: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:24:36.872432: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:24:36.872446: | *****emit IKEv2 Traffic Selector: Aug 26 13:24:36.872459: | TS type: IKEv2_TS_IPV6_ADDR_RANGE (0x8) Aug 26 13:24:36.872471: | IP Protocol ID: 0 (0x0) Aug 26 13:24:36.872483: | start port: 0 (0x0) Aug 26 13:24:36.872496: | end port: 65535 (0xffff) Aug 26 13:24:36.872512: | emitting 16 raw bytes of ipv6 start into IKEv2 Traffic Selector Aug 26 13:24:36.872525: | ipv6 start 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:36.872540: | emitting 16 raw bytes of ipv6 end into IKEv2 Traffic Selector Aug 26 13:24:36.872555: | ipv6 end 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Aug 26 13:24:36.872569: | emitting length of IKEv2 Traffic Selector: 40 Aug 26 13:24:36.872583: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 48 Aug 26 13:24:36.872596: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:24:36.872612: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:36.872630: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:36.872646: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:36.872660: | emitting length of IKEv2 Encryption Payload: 633 Aug 26 13:24:36.872681: | emitting length of ISAKMP Message: 661 Aug 26 13:24:36.872771: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:36.872794: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_OK Aug 26 13:24:36.872810: | IKEv2: transition from state STATE_V2_REKEY_CHILD_I0 to state STATE_V2_REKEY_CHILD_I Aug 26 13:24:36.872827: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => V2_REKEY_CHILD_I(established IKE SA) Aug 26 13:24:36.872843: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:24:36.872859: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:24:36.872883: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:24:36.872896: "west" #3: STATE_V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:36.872912: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:24:36.872940: | sending 661 bytes for STATE_V2_REKEY_CHILD_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:24:36.872949: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:24:36.872957: | 2e 20 24 08 00 00 00 02 00 00 02 95 21 00 02 79 Aug 26 13:24:36.872965: | df 27 dc ce 35 c0 5b 6b 48 ce c7 42 aa ed a7 4c Aug 26 13:24:36.872972: | ea 41 54 42 d2 18 98 48 f6 3a 92 18 c3 a4 77 8d Aug 26 13:24:36.872980: | 1f c6 13 df 4a 2c a8 93 94 a8 b5 81 41 00 a1 4b Aug 26 13:24:36.872987: | 38 8b ba 1b 2f 4e 0e ac 0f 10 35 03 a1 a1 65 1f Aug 26 13:24:36.872995: | d2 3e 67 c1 74 4e 9b 58 b9 42 65 b2 b8 b5 a0 42 Aug 26 13:24:36.873002: | b2 b4 99 41 48 7e 8b 02 c9 f4 79 63 6d de d4 5b Aug 26 13:24:36.873010: | 5c e3 3e dc 0a 81 b0 63 8a eb 11 2f 53 51 99 71 Aug 26 13:24:36.873017: | dd a7 a3 ee c0 31 c3 e8 1a 48 18 29 e0 60 03 9f Aug 26 13:24:36.873025: | 32 07 e7 66 50 32 88 cf 13 ac a8 16 90 ba c1 46 Aug 26 13:24:36.873032: | 6d 98 a5 52 e9 fb 9e 3f 89 ac d7 a7 34 6f c8 f3 Aug 26 13:24:36.873040: | e0 03 dc 5b 62 72 27 4e 70 96 ca 32 bd 3b 69 1b Aug 26 13:24:36.873047: | 72 07 dc 38 5d ea 9f c9 11 14 f4 1f 8d ae 37 aa Aug 26 13:24:36.873055: | fd c1 13 a2 c4 cd e9 06 4b 4e ac f4 93 04 07 8e Aug 26 13:24:36.873062: | ec e0 4a e4 5e 97 40 e2 d9 55 b8 71 be 5f c1 52 Aug 26 13:24:36.873070: | 5d ae bd 3c 9d 41 f5 2f 03 54 64 90 83 27 40 51 Aug 26 13:24:36.873077: | 31 44 cc d5 26 97 d6 43 88 dd 49 c3 6f d5 62 4d Aug 26 13:24:36.873085: | aa 2f 8d 9b ed 5e 29 a4 22 4b 85 03 92 73 3b 46 Aug 26 13:24:36.873092: | cd 00 92 30 7f 57 16 09 13 7b 91 33 e3 0a 62 06 Aug 26 13:24:36.873100: | 5f d9 7e a7 02 38 08 4e 71 a2 74 fb 37 67 5d 79 Aug 26 13:24:36.873107: | 12 09 1a ce d5 a8 78 80 5d 53 e0 86 8b 4a e9 28 Aug 26 13:24:36.873115: | 0e 33 7b c6 ce c3 ac 64 31 db 93 83 45 fe 38 c7 Aug 26 13:24:36.873122: | 19 4c 27 32 09 78 ed f1 0c 79 fe c3 f6 97 e9 3a Aug 26 13:24:36.873130: | 75 25 22 d0 18 81 ca 24 3f c4 a3 89 b4 30 8b a5 Aug 26 13:24:36.873137: | bc ef d7 df b9 5d 02 c5 ac 26 b3 4d b8 4c 2a 96 Aug 26 13:24:36.873144: | 02 5b ec 5e b0 c2 d0 8e e2 83 85 b6 a3 dc 53 5d Aug 26 13:24:36.873152: | 4d da eb a2 7d b8 22 db c6 6f da b5 a1 4d 53 52 Aug 26 13:24:36.873159: | 62 f4 9f 68 6a d0 78 6d 00 f6 28 bf a2 fc eb 3f Aug 26 13:24:36.873167: | 9d b7 31 83 47 d2 9f 8a 2e cc df f9 f5 b4 49 c4 Aug 26 13:24:36.873174: | 16 9c 58 92 2c 2c cd 30 7c 1c 28 b1 dc 96 be 6e Aug 26 13:24:36.873182: | ef 8d cb 51 e0 99 a3 de 1d 82 90 5c f4 4e bb b3 Aug 26 13:24:36.873189: | dd d9 cc c4 4a 0f cc f9 3a 4d 6f 32 36 3b 92 2a Aug 26 13:24:36.873197: | 87 1b 9f 8f a5 63 9a 0c b1 62 17 56 23 5c 1a 28 Aug 26 13:24:36.873204: | b3 6b d2 a1 9b 15 d7 aa d2 02 82 e8 e3 56 86 46 Aug 26 13:24:36.873212: | 24 90 40 5e 3e 27 c3 de d6 51 16 25 d7 72 b2 1d Aug 26 13:24:36.873235: | 37 eb 73 98 46 a0 0c c4 e9 d5 9f d1 18 2b 25 95 Aug 26 13:24:36.873244: | 26 84 29 99 cb fa 0f a1 7b 49 ee 74 70 8c a2 2e Aug 26 13:24:36.873251: | 95 56 6b 17 d6 05 08 8d a7 b0 15 56 64 ac 64 b6 Aug 26 13:24:36.873259: | 16 c3 8c 8e bd 41 81 aa bf 04 5c e4 7d 6b ff cb Aug 26 13:24:36.873266: | da 22 57 e8 e6 f1 6d 3f be 5c d8 6d 63 5f e1 b3 Aug 26 13:24:36.873273: | cc 1d 02 48 b4 Aug 26 13:24:36.873380: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:36.873406: | libevent_free: release ptr-libevent@0x565079a3fda8 Aug 26 13:24:36.873417: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f8ed0002b78 Aug 26 13:24:36.873426: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Aug 26 13:24:36.873439: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8ed0002b78 Aug 26 13:24:36.873451: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #3 Aug 26 13:24:36.873461: | libevent_malloc: new ptr-libevent@0x565079a3fda8 size 128 Aug 26 13:24:36.873476: | #3 STATE_V2_REKEY_CHILD_I: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11162.615902 Aug 26 13:24:36.873494: | stop processing: state #3 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:36.873508: | resume processing: state #1 connection "west" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:24:36.873525: | #1 spent 4.28 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:24:36.873539: | stop processing: state #1 connection "west" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:24:36.873548: | libevent_free: release ptr-libevent@0x565079a3d7c8 Aug 26 13:24:36.887888: | spent 0.0107 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:36.887963: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:36.887976: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:24:36.887985: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:24:36.887993: | e2 ef fb 81 ee 23 7b ef ce 57 29 97 9a c9 d8 71 Aug 26 13:24:36.888001: | f7 d4 0d 75 70 9b 00 fe cc d4 5c 37 3e c2 cf 7d Aug 26 13:24:36.888008: | ff af 8a 81 4f d2 45 8b 9b cd d4 72 32 ad 1c 60 Aug 26 13:24:36.888016: | 6c c3 c2 ba 16 b4 13 01 7d 28 ad 5f 4d 10 f1 5b Aug 26 13:24:36.888023: | ce 55 d4 22 34 7f 5b 14 c8 f7 53 b8 4b 3b 2d 7c Aug 26 13:24:36.888031: | c7 8c 01 25 0f 77 a2 b1 53 d8 69 ea bd 76 00 f9 Aug 26 13:24:36.888038: | 30 04 2a 2e 02 c4 57 ff 2f 18 4f d4 13 2e 4d c5 Aug 26 13:24:36.888046: | 8e 4d af 9d 86 74 f0 4c d2 b6 63 51 9a d1 d7 21 Aug 26 13:24:36.888053: | a9 d2 de 3a be aa 3d 0c 00 b8 bf d2 d3 9c 84 88 Aug 26 13:24:36.888061: | 2f 4f 17 37 ad 87 01 19 03 d7 a5 24 81 d7 3d ca Aug 26 13:24:36.888068: | 71 6f 7c 87 eb af 20 df a2 7c 3c 17 bc 09 9e c1 Aug 26 13:24:36.888076: | a7 46 5e 71 ae 31 3e 90 02 40 b9 72 cb 40 6a 28 Aug 26 13:24:36.888084: | a0 d9 95 8f 98 90 85 22 ba 2c e5 7b dd 1a e8 36 Aug 26 13:24:36.888091: | d7 e9 df 17 d1 bd 63 13 e7 31 0a 6f c3 94 d1 3d Aug 26 13:24:36.888098: | f7 f9 17 e2 72 a2 08 e0 93 2e f3 a6 19 98 86 d4 Aug 26 13:24:36.888106: | 09 e6 3e ff b7 89 4f 68 e7 da 5d 39 bf 93 51 d5 Aug 26 13:24:36.888113: | 97 27 9c d9 49 39 4e d1 c6 cb fd b6 9d 2d 6c 60 Aug 26 13:24:36.888121: | e2 c1 eb 52 a5 f4 fe 65 d9 75 90 a9 22 84 96 fa Aug 26 13:24:36.888128: | fd e0 f5 3b 6b 67 c9 5a aa a2 be 66 85 5d 8d d3 Aug 26 13:24:36.888136: | 8b 0a c8 ba b1 c0 a4 2f aa 60 cf da 6b 34 f5 22 Aug 26 13:24:36.888143: | 9a 72 02 46 c6 98 9c 8f 1a 2b a9 28 9e 14 25 48 Aug 26 13:24:36.888151: | 8e 6d 22 11 d8 f2 09 a9 30 a8 9c 37 b8 5e 05 09 Aug 26 13:24:36.888158: | cb 20 fd a8 2d db bc c5 c2 e8 bf d9 ea ef 19 c5 Aug 26 13:24:36.888166: | d7 6d eb 7d 63 51 61 f7 73 b0 cd 63 4a 34 15 d0 Aug 26 13:24:36.888173: | 6d c5 42 6f b4 0b c7 10 d8 c5 b0 09 cd 51 07 71 Aug 26 13:24:36.888190: | f0 c3 bb 41 9e b8 bf a3 8d a5 c9 aa e9 cb 7d 88 Aug 26 13:24:36.888198: | 7c Aug 26 13:24:36.888213: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:36.888225: | **parse ISAKMP Message: Aug 26 13:24:36.888234: | initiator cookie: Aug 26 13:24:36.888242: | e5 90 57 9b 11 72 98 0f Aug 26 13:24:36.888250: | responder cookie: Aug 26 13:24:36.888257: | dd 36 51 29 02 6c db 8e Aug 26 13:24:36.888266: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:36.888275: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:36.888284: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:24:36.888320: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:36.888331: | Message ID: 2 (0x2) Aug 26 13:24:36.888339: | length: 449 (0x1c1) Aug 26 13:24:36.888349: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:24:36.888360: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:24:36.888372: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:36.888391: | start processing: state #1 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:36.888402: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I (find_v2_sa_by_initiator_wip) Aug 26 13:24:36.888415: | suspend processing: state #1 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:36.888428: | start processing: state #3 connection "west" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:36.888436: | #3 is idle Aug 26 13:24:36.888443: | #3 idle Aug 26 13:24:36.888451: | unpacking clear payload Aug 26 13:24:36.888460: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:36.888469: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:36.888477: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:24:36.888485: | flags: none (0x0) Aug 26 13:24:36.888493: | length: 421 (0x1a5) Aug 26 13:24:36.888502: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:24:36.888511: | #3 in state V2_REKEY_CHILD_I: STATE_V2_REKEY_CHILD_I Aug 26 13:24:36.888563: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:24:36.888574: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:24:36.888582: | **parse IKEv2 Security Association Payload: Aug 26 13:24:36.888591: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:24:36.888598: | flags: none (0x0) Aug 26 13:24:36.888606: | length: 44 (0x2c) Aug 26 13:24:36.888614: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:24:36.888622: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:24:36.888630: | **parse IKEv2 Nonce Payload: Aug 26 13:24:36.888638: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:24:36.888646: | flags: none (0x0) Aug 26 13:24:36.888653: | length: 36 (0x24) Aug 26 13:24:36.888661: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:24:36.888669: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:24:36.888677: | **parse IKEv2 Key Exchange Payload: Aug 26 13:24:36.888685: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:24:36.888693: | flags: none (0x0) Aug 26 13:24:36.888701: | length: 264 (0x108) Aug 26 13:24:36.888709: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.888717: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:24:36.888725: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:24:36.888734: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:24:36.888742: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:24:36.888754: | flags: none (0x0) Aug 26 13:24:36.888766: | length: 24 (0x18) Aug 26 13:24:36.888777: | number of TS: 1 (0x1) Aug 26 13:24:36.888791: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:24:36.888803: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:24:36.888816: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:24:36.888840: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:36.888853: | flags: none (0x0) Aug 26 13:24:36.888866: | length: 24 (0x18) Aug 26 13:24:36.888879: | number of TS: 1 (0x1) Aug 26 13:24:36.888893: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:24:36.888910: | state #3 forced to match CREATE_CHILD_SA from V2_CREATE_I->V2_IPSEC_I by ignoring from state Aug 26 13:24:36.888924: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:36.888954: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:24:36.888970: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:24:36.888983: | Now let's proceed with state specific processing Aug 26 13:24:36.888995: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:24:36.889060: | using existing local ESP/AH proposals for west (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.889080: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:24:36.889105: | local proposal 1 type ENCR has 1 transforms Aug 26 13:24:36.889119: | local proposal 1 type PRF has 0 transforms Aug 26 13:24:36.889133: | local proposal 1 type INTEG has 1 transforms Aug 26 13:24:36.889147: | local proposal 1 type DH has 1 transforms Aug 26 13:24:36.889160: | local proposal 1 type ESN has 1 transforms Aug 26 13:24:36.889179: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:36.889194: | local proposal 2 type ENCR has 1 transforms Aug 26 13:24:36.889208: | local proposal 2 type PRF has 0 transforms Aug 26 13:24:36.889222: | local proposal 2 type INTEG has 1 transforms Aug 26 13:24:36.889236: | local proposal 2 type DH has 1 transforms Aug 26 13:24:36.889249: | local proposal 2 type ESN has 1 transforms Aug 26 13:24:36.889266: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:24:36.889279: | local proposal 3 type ENCR has 1 transforms Aug 26 13:24:36.889306: | local proposal 3 type PRF has 0 transforms Aug 26 13:24:36.889321: | local proposal 3 type INTEG has 2 transforms Aug 26 13:24:36.889335: | local proposal 3 type DH has 1 transforms Aug 26 13:24:36.889346: | local proposal 3 type ESN has 1 transforms Aug 26 13:24:36.889362: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:36.889382: | local proposal 4 type ENCR has 1 transforms Aug 26 13:24:36.889396: | local proposal 4 type PRF has 0 transforms Aug 26 13:24:36.889410: | local proposal 4 type INTEG has 2 transforms Aug 26 13:24:36.889424: | local proposal 4 type DH has 1 transforms Aug 26 13:24:36.889437: | local proposal 4 type ESN has 1 transforms Aug 26 13:24:36.889454: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:24:36.889470: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:24:36.889485: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:24:36.889498: | length: 40 (0x28) Aug 26 13:24:36.889513: | prop #: 1 (0x1) Aug 26 13:24:36.889526: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:24:36.889540: | spi size: 4 (0x4) Aug 26 13:24:36.889553: | # transforms: 3 (0x3) Aug 26 13:24:36.889569: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:24:36.889582: | remote SPI aa 49 8d 43 Aug 26 13:24:36.889598: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:24:36.889613: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:36.889629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.889651: | length: 12 (0xc) Aug 26 13:24:36.889666: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:24:36.889681: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:24:36.889696: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:24:36.889710: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:24:36.889725: | length/value: 256 (0x100) Aug 26 13:24:36.889747: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:24:36.889764: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:36.889778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:24:36.889792: | length: 8 (0x8) Aug 26 13:24:36.889805: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:24:36.889820: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:24:36.889840: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:24:36.889855: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:24:36.889870: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:24:36.889884: | length: 8 (0x8) Aug 26 13:24:36.889897: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:24:36.889911: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:24:36.889930: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:24:36.889951: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:24:36.889975: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:24:36.889991: | remote proposal 1 matches local proposal 1 Aug 26 13:24:36.890007: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:24:36.890035: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=aa498d43;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:24:36.890049: | converting proposal to internal trans attrs Aug 26 13:24:36.890071: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:24:36.890105: | adding ikev2 Child Rekey SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:24:36.890121: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:24:36.890136: | #3 STATE_V2_REKEY_CHILD_I: retransmits: cleared Aug 26 13:24:36.890154: | libevent_free: release ptr-libevent@0x565079a3fda8 Aug 26 13:24:36.890172: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8ed0002b78 Aug 26 13:24:36.890187: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8ed0002b78 Aug 26 13:24:36.890207: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:24:36.890224: | libevent_malloc: new ptr-libevent@0x565079a3d7c8 size 128 Aug 26 13:24:36.890272: | #3 spent 1.24 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:24:36.890332: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:36.890354: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:24:36.890363: | crypto helper 3 resuming Aug 26 13:24:36.890375: | suspending state #3 and saving MD Aug 26 13:24:36.890460: | #3 is busy; has a suspended MD Aug 26 13:24:36.890433: | crypto helper 3 starting work-order 4 for state #3 Aug 26 13:24:36.890493: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:24:36.890525: | crypto helper 3 doing crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 Aug 26 13:24:36.890554: | "west" #3 complete v2 state STATE_V2_REKEY_CHILD_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:24:36.890610: | stop processing: state #3 connection "west" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:36.890637: | #1 spent 2.61 milliseconds in ikev2_process_packet() Aug 26 13:24:36.890651: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:36.890661: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:36.890670: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:36.890683: | spent 2.66 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:36.895217: | crypto helper 3 finished crypto (ikev2 Child Rekey SA initiator pfs=yes); request ID 4 time elapsed 0.004693 seconds Aug 26 13:24:36.895265: | (#3) spent 4.68 milliseconds in crypto helper computing work-order 4: ikev2 Child Rekey SA initiator pfs=yes (dh) Aug 26 13:24:36.895285: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 13:24:36.895320: | scheduling resume sending helper answer for #3 Aug 26 13:24:36.895341: | libevent_malloc: new ptr-libevent@0x7f8ec0001f78 size 128 Aug 26 13:24:36.895378: | crypto helper 3 waiting (nothing to do) Aug 26 13:24:36.895413: | processing resume sending helper answer for #3 Aug 26 13:24:36.895459: | start processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:24:36.895482: | crypto helper 3 replies to request ID 4 Aug 26 13:24:36.895497: | calling continuation function 0x565078c789d0 Aug 26 13:24:36.895516: | ikev2_child_inR_continue for #3 STATE_V2_REKEY_CHILD_I Aug 26 13:24:36.895532: | TSi: parsing 1 traffic selectors Aug 26 13:24:36.895548: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:36.895563: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:36.895577: | IP Protocol ID: 0 (0x0) Aug 26 13:24:36.895592: | length: 16 (0x10) Aug 26 13:24:36.895605: | start port: 0 (0x0) Aug 26 13:24:36.895618: | end port: 65535 (0xffff) Aug 26 13:24:36.895634: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:36.895648: | TS low c0 00 01 00 Aug 26 13:24:36.895662: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:36.895675: | TS high c0 00 01 ff Aug 26 13:24:36.895688: | TSi: parsed 1 traffic selectors Aug 26 13:24:36.895700: | TSr: parsing 1 traffic selectors Aug 26 13:24:36.895714: | ***parse IKEv2 Traffic Selector: Aug 26 13:24:36.895727: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:24:36.895740: | IP Protocol ID: 0 (0x0) Aug 26 13:24:36.895752: | length: 16 (0x10) Aug 26 13:24:36.895763: | start port: 0 (0x0) Aug 26 13:24:36.895776: | end port: 65535 (0xffff) Aug 26 13:24:36.895790: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:24:36.895802: | TS low c0 00 02 00 Aug 26 13:24:36.895817: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:24:36.895830: | TS high c0 00 02 ff Aug 26 13:24:36.895843: | TSr: parsed 1 traffic selectors Aug 26 13:24:36.895872: | evaluating our conn="west" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:24:36.895898: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:36.895932: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:24:36.895949: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:24:36.895964: | TSi[0] port match: YES fitness 65536 Aug 26 13:24:36.895979: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:24:36.895995: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:36.896019: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:24:36.896050: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:24:36.896066: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:24:36.896080: | TSr[0] port match: YES fitness 65536 Aug 26 13:24:36.896095: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:24:36.896111: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:24:36.896136: | best fit so far: TSi[0] TSr[0] Aug 26 13:24:36.896151: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:24:36.896163: | printing contents struct traffic_selector Aug 26 13:24:36.896176: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:36.896189: | ipprotoid: 0 Aug 26 13:24:36.896201: | port range: 0-65535 Aug 26 13:24:36.896223: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:24:36.896235: | printing contents struct traffic_selector Aug 26 13:24:36.896247: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:24:36.896259: | ipprotoid: 0 Aug 26 13:24:36.896271: | port range: 0-65535 Aug 26 13:24:36.896309: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:24:36.896331: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:24:36.897226: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:24:36.897263: | could_route called for west (kind=CK_PERMANENT) Aug 26 13:24:36.897278: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:36.897312: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:36.897331: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:36.897350: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:36.897368: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:36.897386: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:36.897400: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:36.897416: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:36.897436: | setting IPsec SA replay-window to 32 Aug 26 13:24:36.897451: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:36.897465: | netlink: enabling tunnel mode Aug 26 13:24:36.897479: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:36.897493: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:36.897666: | netlink response for Add SA esp.aa498d43@192.1.2.23 included non-error error Aug 26 13:24:36.897687: | set up outgoing SA, ref=0/0 Aug 26 13:24:36.897702: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:24:36.897717: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:24:36.897729: | AES_GCM_16 requires 4 salt bytes Aug 26 13:24:36.897743: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:24:36.897762: | setting IPsec SA replay-window to 32 Aug 26 13:24:36.897777: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Aug 26 13:24:36.897789: | netlink: enabling tunnel mode Aug 26 13:24:36.897802: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:24:36.897814: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:24:36.897947: | netlink response for Add SA esp.4b2e05d8@192.1.2.45 included non-error error Aug 26 13:24:36.897967: | set up incoming SA, ref=0/0 Aug 26 13:24:36.897981: | sr for #3: erouted Aug 26 13:24:36.897996: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:24:36.898010: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:24:36.898024: | conn west mark 0/00000000, 0/00000000 vs Aug 26 13:24:36.898038: | conn west mark 0/00000000, 0/00000000 Aug 26 13:24:36.898055: | route owner of "west" erouted: self; eroute owner: self Aug 26 13:24:36.898072: | route_and_eroute with c: west (next: none) ero:west esr:{(nil)} ro:west rosr:{(nil)} and state: #3 Aug 26 13:24:36.898086: | priority calculation of connection "west" is 0xfe7e7 Aug 26 13:24:36.898126: | eroute_connection replace eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:24:36.898142: | IPsec Sa SPD priority set to 1042407 Aug 26 13:24:36.898206: | raw_eroute result=success Aug 26 13:24:36.898223: | route_and_eroute: firewall_notified: true Aug 26 13:24:36.898241: | route_and_eroute: instance "west", setting eroute_owner {spd=0x565079a38a08,sr=0x565079a38a08} to #3 (was #2) (newest_ipsec_sa=#2) Aug 26 13:24:36.898440: | #1 spent 1.19 milliseconds in install_ipsec_sa() Aug 26 13:24:36.898475: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #3 (was #2) (spd.eroute=#3) cloned from #1 Aug 26 13:24:36.898491: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:24:36.898508: | libevent_free: release ptr-libevent@0x565079a3d7c8 Aug 26 13:24:36.898524: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8ed0002b78 Aug 26 13:24:36.898546: "west" #3: rekeyed #2 STATE_V2_REKEY_CHILD_I and expire it remaining life 4s Aug 26 13:24:36.898562: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:24:36.898577: | libevent_free: release ptr-libevent@0x565079a3d6c8 Aug 26 13:24:36.898591: | free_event_entry: release EVENT_SA_REPLACE-pe@0x565079a439d8 Aug 26 13:24:36.898606: | event_schedule: new EVENT_SA_EXPIRE-pe@0x565079a439d8 Aug 26 13:24:36.898624: | inserting event EVENT_SA_EXPIRE, timeout in 1 seconds for #2 Aug 26 13:24:36.898639: | libevent_malloc: new ptr-libevent@0x565079a4bb28 size 128 Aug 26 13:24:36.898669: | [RE]START processing: state #3 connection "west" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:36.898691: | #3 complete_v2_state_transition() md.from_state=V2_CREATE_I md.svm.state[from]=V2_CREATE_I V2_REKEY_CHILD_I->V2_IPSEC_I with status STF_OK Aug 26 13:24:36.898706: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:24:36.898723: | child state #3: V2_REKEY_CHILD_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:24:36.898737: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:24:36.898764: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:24:36.898787: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:36.898801: | pstats #3 ikev2.child established Aug 26 13:24:36.898834: "west" #3: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:24:36.898854: | NAT-T: encaps is 'auto' Aug 26 13:24:36.898875: "west" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xaa498d43 <0x4b2e05d8 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:24:36.898891: | releasing whack for #3 (sock=fd@-1) Aug 26 13:24:36.898906: | releasing whack and unpending for parent #1 Aug 26 13:24:36.898922: | unpending state #1 connection "west" Aug 26 13:24:36.898945: | #3 will start re-keying in 45 seconds with margin of 5 seconds (attempting re-key) Aug 26 13:24:36.898962: | event_schedule: new EVENT_SA_REKEY-pe@0x7f8ed0002b78 Aug 26 13:24:36.898981: | inserting event EVENT_SA_REKEY, timeout in 45 seconds for #3 Aug 26 13:24:36.898997: | libevent_malloc: new ptr-libevent@0x565079a3d878 size 128 Aug 26 13:24:36.899026: | #3 spent 3.5 milliseconds in resume sending helper answer Aug 26 13:24:36.899048: | stop processing: state #3 connection "west" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:24:36.899060: | libevent_free: release ptr-libevent@0x7f8ec0001f78 Aug 26 13:24:37.900209: | timer_event_cb: processing event@0x565079a439d8 Aug 26 13:24:37.900274: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:24:37.900396: | start processing: state #2 connection "west" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:24:37.900433: | picked newest_ipsec_sa #3 for #2 Aug 26 13:24:37.900450: | CHILD SA expired (superseded by #3) Aug 26 13:24:37.900467: | pstats #2 ikev2.child deleted completed Aug 26 13:24:37.900489: | #2 spent 3.02 milliseconds in total Aug 26 13:24:37.900508: | [RE]START processing: state #2 connection "west" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:24:37.900525: "west" #2: deleting state (STATE_V2_IPSEC_I) aged 46.068s and sending notification Aug 26 13:24:37.900537: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:24:37.900569: | get_sa_info esp.6062022f@192.1.2.23 Aug 26 13:24:37.900618: | get_sa_info esp.b6d91d4f@192.1.2.45 Aug 26 13:24:37.900647: "west" #2: ESP traffic information: in=336B out=336B Aug 26 13:24:37.900660: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:24:37.900671: | Opening output PBS informational exchange delete request Aug 26 13:24:37.900682: | **emit ISAKMP Message: Aug 26 13:24:37.900692: | initiator cookie: Aug 26 13:24:37.900700: | e5 90 57 9b 11 72 98 0f Aug 26 13:24:37.900708: | responder cookie: Aug 26 13:24:37.900716: | dd 36 51 29 02 6c db 8e Aug 26 13:24:37.900726: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:24:37.900735: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:37.900744: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:37.900753: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:24:37.900762: | Message ID: 3 (0x3) Aug 26 13:24:37.900772: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:24:37.900783: | ***emit IKEv2 Encryption Payload: Aug 26 13:24:37.900792: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:37.900800: | flags: none (0x0) Aug 26 13:24:37.900811: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:24:37.900821: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:37.900832: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:24:37.900856: | ****emit IKEv2 Delete Payload: Aug 26 13:24:37.900866: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:37.900876: | flags: none (0x0) Aug 26 13:24:37.900885: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:37.900893: | SPI size: 4 (0x4) Aug 26 13:24:37.900901: | number of SPIs: 1 (0x1) Aug 26 13:24:37.900911: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:24:37.900921: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:24:37.900932: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:24:37.900941: | local spis b6 d9 1d 4f Aug 26 13:24:37.900950: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:24:37.900959: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:24:37.900970: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:24:37.900981: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:24:37.900989: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:24:37.900998: | emitting length of ISAKMP Message: 69 Aug 26 13:24:37.901055: | sending 69 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) Aug 26 13:24:37.901068: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:24:37.901076: | 2e 20 25 08 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:37.901084: | e9 c2 17 2a a4 8f 6a f4 bb 59 f5 84 1f 13 71 02 Aug 26 13:24:37.901092: | f0 71 41 49 6c 04 6d 47 32 57 82 51 e0 7d 16 1d Aug 26 13:24:37.901101: | 3e 55 eb 39 b5 Aug 26 13:24:37.901847: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:24:37.901876: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:24:37.901893: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:24:37.902144: | delete esp.6062022f@192.1.2.23 Aug 26 13:24:37.902212: | netlink response for Del SA esp.6062022f@192.1.2.23 included non-error error Aug 26 13:24:37.902237: | delete esp.b6d91d4f@192.1.2.45 Aug 26 13:24:37.902318: | netlink response for Del SA esp.b6d91d4f@192.1.2.45 included non-error error Aug 26 13:24:37.902339: | in connection_discard for connection west Aug 26 13:24:37.902350: | State DB: deleting IKEv2 state #2 in V2_IPSEC_I Aug 26 13:24:37.902362: | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:24:37.902380: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:24:37.902409: | State DB: found IKEv2 state #3 in V2_IPSEC_I (v2_expire_unused_ike_sa) Aug 26 13:24:37.902419: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:24:37.902432: | libevent_free: release ptr-libevent@0x565079a4bb28 Aug 26 13:24:37.902441: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x565079a439d8 Aug 26 13:24:37.902451: | in statetime_stop() and could not find #2 Aug 26 13:24:37.902460: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:24:37.903712: | spent 0.0101 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:24:37.903786: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:24:37.903799: | e5 90 57 9b 11 72 98 0f dd 36 51 29 02 6c db 8e Aug 26 13:24:37.903808: | 2e 20 25 20 00 00 00 03 00 00 00 45 2a 00 00 29 Aug 26 13:24:37.903816: | 0e 05 5a 36 e8 19 04 31 40 90 42 e7 37 0b 16 eb Aug 26 13:24:37.903823: | b6 6d 7d 19 33 37 25 48 f8 50 cf 07 21 98 ff cc Aug 26 13:24:37.903831: | 52 7a e1 c2 a1 Aug 26 13:24:37.903846: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:24:37.903857: | **parse ISAKMP Message: Aug 26 13:24:37.903866: | initiator cookie: Aug 26 13:24:37.903874: | e5 90 57 9b 11 72 98 0f Aug 26 13:24:37.903882: | responder cookie: Aug 26 13:24:37.903889: | dd 36 51 29 02 6c db 8e Aug 26 13:24:37.903898: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:24:37.903907: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:24:37.903915: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:24:37.903924: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:24:37.903933: | Message ID: 3 (0x3) Aug 26 13:24:37.903941: | length: 69 (0x45) Aug 26 13:24:37.903951: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:24:37.903961: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:24:37.903973: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:24:37.903992: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:24:37.904007: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:24:37.904016: | #1 is idle Aug 26 13:24:37.904024: | #1 idle Aug 26 13:24:37.904031: | unpacking clear payload Aug 26 13:24:37.904040: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:24:37.904049: | ***parse IKEv2 Encryption Payload: Aug 26 13:24:37.904058: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:24:37.904066: | flags: none (0x0) Aug 26 13:24:37.904074: | length: 41 (0x29) Aug 26 13:24:37.904082: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:24:37.904091: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:24:37.904127: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:24:37.904137: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:24:37.904146: | **parse IKEv2 Delete Payload: Aug 26 13:24:37.904155: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:24:37.904163: | flags: none (0x0) Aug 26 13:24:37.904170: | length: 12 (0xc) Aug 26 13:24:37.904179: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:24:37.904187: | SPI size: 4 (0x4) Aug 26 13:24:37.904194: | number of SPIs: 1 (0x1) Aug 26 13:24:37.904203: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:24:37.904211: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:24:37.904229: | Now let's proceed with state specific processing Aug 26 13:24:37.904237: | calling processor I3: INFORMATIONAL Request Aug 26 13:24:37.904248: | an informational response Aug 26 13:24:37.904258: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:24:37.904266: | SPI 60 62 02 2f Aug 26 13:24:37.904274: | delete PROTO_v2_ESP SA(0x6062022f) Aug 26 13:24:37.904284: | State DB: IKEv2 state not found (find_v2_child_sa_by_outbound_spi) Aug 26 13:24:37.904310: "west" #1: received delete request for PROTO_v2_ESP SA(0x6062022f) but corresponding state not found Aug 26 13:24:37.904329: | #1 spent 0.0632 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:24:37.904346: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:24:37.904363: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:24:37.904373: | Message ID: updating counters for #1 to 3 after switching state Aug 26 13:24:37.904389: | Message ID: recv #1 response 3; ike: initiator.sent=3 initiator.recv=2->3 responder.sent=-1 responder.recv=-1 wip.initiator=3->-1 wip.responder=-1 Aug 26 13:24:37.904403: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:24:37.904412: "west" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:24:37.904427: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:24:37.904441: | #1 spent 0.67 milliseconds in ikev2_process_packet() Aug 26 13:24:37.904454: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:24:37.904465: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:24:37.904474: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:24:37.904487: | spent 0.716 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:24:48.390166: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:48.390198: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:24:48.390203: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:48.390211: | get_sa_info esp.4b2e05d8@192.1.2.45 Aug 26 13:24:48.390229: | get_sa_info esp.aa498d43@192.1.2.23 Aug 26 13:24:48.390250: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:48.390259: | spent 0.101 milliseconds in whack Aug 26 13:24:48.446112: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:24:48.446440: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:48.446448: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:24:48.446496: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:24:48.446499: | FOR_EACH_STATE_... in sort_states Aug 26 13:24:48.446509: | get_sa_info esp.4b2e05d8@192.1.2.45 Aug 26 13:24:48.446533: | get_sa_info esp.aa498d43@192.1.2.23 Aug 26 13:24:48.446564: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:24:48.446570: | spent 0.454 milliseconds in whack