Aug 26 13:30:43.284229: FIPS Product: YES Aug 26 13:30:43.284322: FIPS Kernel: NO Aug 26 13:30:43.284325: FIPS Mode: NO Aug 26 13:30:43.284326: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:30:43.284483: Initializing NSS Aug 26 13:30:43.284490: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:30:43.322563: NSS initialized Aug 26 13:30:43.322577: NSS crypto library initialized Aug 26 13:30:43.322579: FIPS HMAC integrity support [enabled] Aug 26 13:30:43.322580: FIPS mode disabled for pluto daemon Aug 26 13:30:43.364539: FIPS HMAC integrity verification self-test FAILED Aug 26 13:30:43.364646: libcap-ng support [enabled] Aug 26 13:30:43.364657: Linux audit support [enabled] Aug 26 13:30:43.364684: Linux audit activated Aug 26 13:30:43.364691: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11881 Aug 26 13:30:43.364696: core dump dir: /tmp Aug 26 13:30:43.364698: secrets file: /etc/ipsec.secrets Aug 26 13:30:43.364700: leak-detective enabled Aug 26 13:30:43.364702: NSS crypto [enabled] Aug 26 13:30:43.364704: XAUTH PAM support [enabled] Aug 26 13:30:43.364780: | libevent is using pluto's memory allocator Aug 26 13:30:43.364789: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:30:43.364804: | libevent_malloc: new ptr-libevent@0x5644e3572a08 size 40 Aug 26 13:30:43.364808: | libevent_malloc: new ptr-libevent@0x5644e3572cd8 size 40 Aug 26 13:30:43.364811: | libevent_malloc: new ptr-libevent@0x5644e3572dd8 size 40 Aug 26 13:30:43.364814: | creating event base Aug 26 13:30:43.364817: | libevent_malloc: new ptr-libevent@0x5644e35f5a48 size 56 Aug 26 13:30:43.364823: | libevent_malloc: new ptr-libevent@0x5644e35a1e68 size 664 Aug 26 13:30:43.364836: | libevent_malloc: new ptr-libevent@0x5644e35f5ab8 size 24 Aug 26 13:30:43.364840: | libevent_malloc: new ptr-libevent@0x5644e35f5b08 size 384 Aug 26 13:30:43.364850: | libevent_malloc: new ptr-libevent@0x5644e35f5a08 size 16 Aug 26 13:30:43.364853: | libevent_malloc: new ptr-libevent@0x5644e3572908 size 40 Aug 26 13:30:43.364857: | libevent_malloc: new ptr-libevent@0x5644e3572d38 size 48 Aug 26 13:30:43.364861: | libevent_realloc: new ptr-libevent@0x5644e35a2968 size 256 Aug 26 13:30:43.364863: | libevent_malloc: new ptr-libevent@0x5644e35f5cb8 size 16 Aug 26 13:30:43.364868: | libevent_free: release ptr-libevent@0x5644e35f5a48 Aug 26 13:30:43.364870: | libevent initialized Aug 26 13:30:43.364873: | libevent_realloc: new ptr-libevent@0x5644e35f5a48 size 64 Aug 26 13:30:43.364876: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:30:43.364890: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:30:43.364892: NAT-Traversal support [enabled] Aug 26 13:30:43.364894: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:30:43.364898: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:30:43.364901: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:30:43.364928: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:30:43.364930: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:30:43.364933: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:30:43.364965: Encryption algorithms: Aug 26 13:30:43.364972: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:30:43.364975: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:30:43.364979: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:30:43.364983: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:30:43.364987: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:30:43.364998: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:30:43.365002: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:30:43.365006: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:30:43.365010: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:30:43.365014: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:30:43.365018: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:30:43.365022: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:30:43.365026: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:30:43.365030: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:30:43.365034: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:30:43.365038: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:30:43.365041: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:30:43.365050: Hash algorithms: Aug 26 13:30:43.365053: MD5 IKEv1: IKE IKEv2: Aug 26 13:30:43.365056: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:30:43.365060: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:30:43.365063: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:30:43.365066: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:30:43.365080: PRF algorithms: Aug 26 13:30:43.365083: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:30:43.365087: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:30:43.365090: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:30:43.365094: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:30:43.365098: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:30:43.365101: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:30:43.365128: Integrity algorithms: Aug 26 13:30:43.365132: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:30:43.365136: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:30:43.365141: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:30:43.365145: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:30:43.365149: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:30:43.365153: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:30:43.365156: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:30:43.365160: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:30:43.365163: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:30:43.365177: DH algorithms: Aug 26 13:30:43.365181: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:30:43.365185: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:30:43.365188: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:30:43.365195: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:30:43.365199: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:30:43.365202: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:30:43.365205: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:30:43.365209: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:30:43.365212: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:30:43.365216: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:30:43.365219: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:30:43.365222: testing CAMELLIA_CBC: Aug 26 13:30:43.365225: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.365358: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.365395: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.365430: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.365462: testing AES_GCM_16: Aug 26 13:30:43.365467: empty string Aug 26 13:30:43.365498: one block Aug 26 13:30:43.365527: two blocks Aug 26 13:30:43.365558: two blocks with associated data Aug 26 13:30:43.365588: testing AES_CTR: Aug 26 13:30:43.365593: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:30:43.365622: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:30:43.365652: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:30:43.365683: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:30:43.365712: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:30:43.365743: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:30:43.365775: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:30:43.365803: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:30:43.365833: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:30:43.365864: testing AES_CBC: Aug 26 13:30:43.365868: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:30:43.365898: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.365933: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.365966: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.366005: testing AES_XCBC: Aug 26 13:30:43.366011: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:30:43.366136: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:30:43.366242: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:30:43.366367: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:30:43.366505: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:30:43.366640: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:30:43.366778: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:30:43.367087: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:30:43.367226: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:30:43.367390: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:30:43.367657: testing HMAC_MD5: Aug 26 13:30:43.367663: RFC 2104: MD5_HMAC test 1 Aug 26 13:30:43.367827: RFC 2104: MD5_HMAC test 2 Aug 26 13:30:43.367923: RFC 2104: MD5_HMAC test 3 Aug 26 13:30:43.368096: 8 CPU cores online Aug 26 13:30:43.368101: starting up 7 crypto helpers Aug 26 13:30:43.368133: started thread for crypto helper 0 Aug 26 13:30:43.368138: | starting up helper thread 0 Aug 26 13:30:43.368156: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:30:43.368160: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.368160: started thread for crypto helper 1 Aug 26 13:30:43.368176: | starting up helper thread 1 Aug 26 13:30:43.368182: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:30:43.368185: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.368188: started thread for crypto helper 2 Aug 26 13:30:43.368194: | starting up helper thread 2 Aug 26 13:30:43.368207: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:30:43.368209: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:43.368214: started thread for crypto helper 3 Aug 26 13:30:43.368236: started thread for crypto helper 4 Aug 26 13:30:43.368255: started thread for crypto helper 5 Aug 26 13:30:43.368257: | starting up helper thread 5 Aug 26 13:30:43.368263: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:30:43.368266: | crypto helper 5 waiting (nothing to do) Aug 26 13:30:43.368274: started thread for crypto helper 6 Aug 26 13:30:43.368276: | starting up helper thread 6 Aug 26 13:30:43.368279: | checking IKEv1 state table Aug 26 13:30:43.368282: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:30:43.368284: | crypto helper 6 waiting (nothing to do) Aug 26 13:30:43.368300: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368307: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:30:43.368310: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368313: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:30:43.368316: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.368319: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:30:43.368322: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.368325: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.368328: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.368330: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:30:43.368333: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.368335: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.368338: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:30:43.368341: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.368344: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.368346: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.368349: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:30:43.368352: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.368355: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.368357: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.368360: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:30:43.368363: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368366: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:30:43.368369: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368372: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368374: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:30:43.368378: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368380: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.368383: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.368386: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.368389: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.368391: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.368394: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:30:43.368397: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368400: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.368403: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368406: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:30:43.368409: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:30:43.368412: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:30:43.368415: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:30:43.368419: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:30:43.368422: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:30:43.368424: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:30:43.368427: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368433: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:30:43.368436: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368440: | INFO: category: informational flags: 0: Aug 26 13:30:43.368442: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368445: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:30:43.368448: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368451: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:30:43.368454: | -> XAUTH_R1 EVENT_NULL Aug 26 13:30:43.368457: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.368459: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.368462: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:30:43.368465: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:30:43.368468: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.368471: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:30:43.368474: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.368477: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.368480: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.368482: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.368485: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.368488: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:30:43.368491: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.368493: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:30:43.368500: | checking IKEv2 state table Aug 26 13:30:43.368507: | PARENT_I0: category: ignore flags: 0: Aug 26 13:30:43.368510: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:30:43.368513: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368516: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:30:43.368519: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:30:43.368523: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.368526: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:30:43.368529: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:30:43.368532: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:30:43.368535: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:30:43.368537: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:30:43.368541: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:30:43.368543: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:30:43.368546: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:30:43.368549: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:30:43.368551: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:30:43.368554: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368557: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:30:43.368560: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.368563: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:30:43.368566: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:30:43.368569: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.368572: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:30:43.368575: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:30:43.368578: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:30:43.368581: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:30:43.368584: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.368587: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:30:43.368593: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.368596: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:30:43.368599: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.368602: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.368605: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.368608: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:30:43.368611: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.368614: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:30:43.368617: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:30:43.368620: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.368623: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:30:43.368626: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.368629: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.368633: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:30:43.368636: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:30:43.368639: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:30:43.368642: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:30:43.368645: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:30:43.368648: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:30:43.368662: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:30:43.369046: | starting up helper thread 3 Aug 26 13:30:43.369056: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:30:43.369059: | crypto helper 3 waiting (nothing to do) Aug 26 13:30:43.369095: | Hard-wiring algorithms Aug 26 13:30:43.369101: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:30:43.369104: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:30:43.369106: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:30:43.369108: | adding 3DES_CBC to kernel algorithm db Aug 26 13:30:43.369109: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:30:43.369111: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:30:43.369112: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:30:43.369114: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:30:43.369116: | adding AES_CTR to kernel algorithm db Aug 26 13:30:43.369118: | adding AES_CBC to kernel algorithm db Aug 26 13:30:43.369121: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:30:43.369123: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:30:43.369126: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:30:43.369129: | adding NULL to kernel algorithm db Aug 26 13:30:43.369132: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:30:43.369135: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:30:43.369138: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:30:43.369140: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:30:43.369142: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:30:43.369145: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:30:43.369148: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:30:43.369151: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:30:43.369154: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:30:43.369157: | adding NONE to kernel algorithm db Aug 26 13:30:43.369206: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:30:43.369214: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:30:43.369217: | setup kernel fd callback Aug 26 13:30:43.369224: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5644e35fb2c8 Aug 26 13:30:43.369229: | libevent_malloc: new ptr-libevent@0x5644e35deb18 size 128 Aug 26 13:30:43.369233: | libevent_malloc: new ptr-libevent@0x5644e35fa828 size 16 Aug 26 13:30:43.369240: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5644e35fa718 Aug 26 13:30:43.369244: | libevent_malloc: new ptr-libevent@0x5644e35a5058 size 128 Aug 26 13:30:43.369247: | libevent_malloc: new ptr-libevent@0x5644e35fb218 size 16 Aug 26 13:30:43.369426: | starting up helper thread 4 Aug 26 13:30:43.369439: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:30:43.369442: | crypto helper 4 waiting (nothing to do) Aug 26 13:30:43.369491: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:30:43.369500: selinux support is enabled. Aug 26 13:30:43.370711: | unbound context created - setting debug level to 5 Aug 26 13:30:43.370738: | /etc/hosts lookups activated Aug 26 13:30:43.370751: | /etc/resolv.conf usage activated Aug 26 13:30:43.370823: | outgoing-port-avoid set 0-65535 Aug 26 13:30:43.370856: | outgoing-port-permit set 32768-60999 Aug 26 13:30:43.370860: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:30:43.370864: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:30:43.370867: | Setting up events, loop start Aug 26 13:30:43.370871: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5644e35fb258 Aug 26 13:30:43.370875: | libevent_malloc: new ptr-libevent@0x5644e3607518 size 128 Aug 26 13:30:43.370878: | libevent_malloc: new ptr-libevent@0x5644e3612828 size 16 Aug 26 13:30:43.370886: | libevent_realloc: new ptr-libevent@0x5644e35a1af8 size 256 Aug 26 13:30:43.370889: | libevent_malloc: new ptr-libevent@0x5644e3612868 size 8 Aug 26 13:30:43.370893: | libevent_realloc: new ptr-libevent@0x5644e35a23a8 size 144 Aug 26 13:30:43.370896: | libevent_malloc: new ptr-libevent@0x5644e35a2808 size 152 Aug 26 13:30:43.370900: | libevent_malloc: new ptr-libevent@0x5644e36128a8 size 16 Aug 26 13:30:43.370905: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:30:43.370908: | libevent_malloc: new ptr-libevent@0x5644e36128e8 size 8 Aug 26 13:30:43.370911: | libevent_malloc: new ptr-libevent@0x5644e3612928 size 152 Aug 26 13:30:43.370915: | signal event handler PLUTO_SIGTERM installed Aug 26 13:30:43.370918: | libevent_malloc: new ptr-libevent@0x5644e36129f8 size 8 Aug 26 13:30:43.370921: | libevent_malloc: new ptr-libevent@0x5644e3612a38 size 152 Aug 26 13:30:43.370924: | signal event handler PLUTO_SIGHUP installed Aug 26 13:30:43.370928: | libevent_malloc: new ptr-libevent@0x5644e3612b08 size 8 Aug 26 13:30:43.370931: | libevent_realloc: release ptr-libevent@0x5644e35a23a8 Aug 26 13:30:43.370934: | libevent_realloc: new ptr-libevent@0x5644e3612b48 size 256 Aug 26 13:30:43.370937: | libevent_malloc: new ptr-libevent@0x5644e3612c78 size 152 Aug 26 13:30:43.370941: | signal event handler PLUTO_SIGSYS installed Aug 26 13:30:43.371247: | created addconn helper (pid:12024) using fork+execve Aug 26 13:30:43.371270: | forked child 12024 Aug 26 13:30:43.371335: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.371359: listening for IKE messages Aug 26 13:30:43.387625: | Inspecting interface lo Aug 26 13:30:43.387648: | found lo with address 127.0.0.1 Aug 26 13:30:43.387655: | Inspecting interface eth0 Aug 26 13:30:43.387661: | found eth0 with address 192.0.3.254 Aug 26 13:30:43.387665: | Inspecting interface eth1 Aug 26 13:30:43.387669: | found eth1 with address 192.1.3.33 Aug 26 13:30:43.387672: | Inspecting interface eth1 Aug 26 13:30:43.387676: | found eth1 with address 192.1.8.22 Aug 26 13:30:43.388161: Kernel supports NIC esp-hw-offload Aug 26 13:30:43.388181: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Aug 26 13:30:43.388254: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.388262: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.388270: adding interface eth1/eth1 192.1.8.22:4500 Aug 26 13:30:43.388304: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:30:43.388330: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.388335: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.388339: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:30:43.388366: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:30:43.388389: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.388394: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.388398: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:30:43.388425: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:30:43.388449: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.388455: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.388459: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:30:43.388548: | no interfaces to sort Aug 26 13:30:43.388554: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:30:43.388565: | add_fd_read_event_handler: new ethX-pe@0x5644e36132a8 Aug 26 13:30:43.388570: | libevent_malloc: new ptr-libevent@0x5644e3607468 size 128 Aug 26 13:30:43.388576: | libevent_malloc: new ptr-libevent@0x5644e3613318 size 16 Aug 26 13:30:43.388585: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 13:30:43.388588: | add_fd_read_event_handler: new ethX-pe@0x5644e3613358 Aug 26 13:30:43.388593: | libevent_malloc: new ptr-libevent@0x5644e35a32b8 size 128 Aug 26 13:30:43.388596: | libevent_malloc: new ptr-libevent@0x5644e36133c8 size 16 Aug 26 13:30:43.388601: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 13:30:43.388604: | add_fd_read_event_handler: new ethX-pe@0x5644e3613408 Aug 26 13:30:43.388607: | libevent_malloc: new ptr-libevent@0x5644e35a5158 size 128 Aug 26 13:30:43.388610: | libevent_malloc: new ptr-libevent@0x5644e3613478 size 16 Aug 26 13:30:43.388614: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 13:30:43.388617: | add_fd_read_event_handler: new ethX-pe@0x5644e36134b8 Aug 26 13:30:43.388620: | libevent_malloc: new ptr-libevent@0x5644e35a22a8 size 128 Aug 26 13:30:43.388623: | libevent_malloc: new ptr-libevent@0x5644e3613528 size 16 Aug 26 13:30:43.388628: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 13:30:43.388631: | add_fd_read_event_handler: new ethX-pe@0x5644e3613568 Aug 26 13:30:43.388635: | libevent_malloc: new ptr-libevent@0x5644e35734e8 size 128 Aug 26 13:30:43.388638: | libevent_malloc: new ptr-libevent@0x5644e36135d8 size 16 Aug 26 13:30:43.388643: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 13:30:43.388646: | add_fd_read_event_handler: new ethX-pe@0x5644e3613618 Aug 26 13:30:43.388649: | libevent_malloc: new ptr-libevent@0x5644e35731d8 size 128 Aug 26 13:30:43.388652: | libevent_malloc: new ptr-libevent@0x5644e3613688 size 16 Aug 26 13:30:43.388658: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 13:30:43.388661: | add_fd_read_event_handler: new ethX-pe@0x5644e36136c8 Aug 26 13:30:43.388665: | libevent_malloc: new ptr-libevent@0x5644e3613cc8 size 128 Aug 26 13:30:43.388668: | libevent_malloc: new ptr-libevent@0x5644e3613d78 size 16 Aug 26 13:30:43.388673: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 13:30:43.388677: | add_fd_read_event_handler: new ethX-pe@0x5644e3613db8 Aug 26 13:30:43.388680: | libevent_malloc: new ptr-libevent@0x5644e3613e28 size 128 Aug 26 13:30:43.388682: | libevent_malloc: new ptr-libevent@0x5644e3613ed8 size 16 Aug 26 13:30:43.388687: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 13:30:43.388692: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:43.388695: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:43.388720: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:43.388734: | Processing PSK at line 1: passed Aug 26 13:30:43.388739: | certs and keys locked by 'process_secret' Aug 26 13:30:43.388742: | certs and keys unlocked by 'process_secret' Aug 26 13:30:43.388753: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.388761: | spent 0.895 milliseconds in whack Aug 26 13:30:43.394330: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.394358: listening for IKE messages Aug 26 13:30:43.394393: | Inspecting interface lo Aug 26 13:30:43.394399: | found lo with address 127.0.0.1 Aug 26 13:30:43.394401: | Inspecting interface eth0 Aug 26 13:30:43.394404: | found eth0 with address 192.0.3.254 Aug 26 13:30:43.394406: | Inspecting interface eth1 Aug 26 13:30:43.394409: | found eth1 with address 192.1.3.33 Aug 26 13:30:43.394410: | Inspecting interface eth1 Aug 26 13:30:43.394413: | found eth1 with address 192.1.8.22 Aug 26 13:30:43.394463: | no interfaces to sort Aug 26 13:30:43.394470: | libevent_free: release ptr-libevent@0x5644e3607468 Aug 26 13:30:43.394472: | free_event_entry: release EVENT_NULL-pe@0x5644e36132a8 Aug 26 13:30:43.394475: | add_fd_read_event_handler: new ethX-pe@0x5644e36132a8 Aug 26 13:30:43.394477: | libevent_malloc: new ptr-libevent@0x5644e3607468 size 128 Aug 26 13:30:43.394482: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 13:30:43.394485: | libevent_free: release ptr-libevent@0x5644e35a32b8 Aug 26 13:30:43.394487: | free_event_entry: release EVENT_NULL-pe@0x5644e3613358 Aug 26 13:30:43.394489: | add_fd_read_event_handler: new ethX-pe@0x5644e3613358 Aug 26 13:30:43.394490: | libevent_malloc: new ptr-libevent@0x5644e35a32b8 size 128 Aug 26 13:30:43.394494: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 13:30:43.394496: | libevent_free: release ptr-libevent@0x5644e35a5158 Aug 26 13:30:43.394498: | free_event_entry: release EVENT_NULL-pe@0x5644e3613408 Aug 26 13:30:43.394500: | add_fd_read_event_handler: new ethX-pe@0x5644e3613408 Aug 26 13:30:43.394501: | libevent_malloc: new ptr-libevent@0x5644e35a5158 size 128 Aug 26 13:30:43.394504: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 13:30:43.394507: | libevent_free: release ptr-libevent@0x5644e35a22a8 Aug 26 13:30:43.394509: | free_event_entry: release EVENT_NULL-pe@0x5644e36134b8 Aug 26 13:30:43.394511: | add_fd_read_event_handler: new ethX-pe@0x5644e36134b8 Aug 26 13:30:43.394512: | libevent_malloc: new ptr-libevent@0x5644e35a22a8 size 128 Aug 26 13:30:43.394515: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 13:30:43.394518: | libevent_free: release ptr-libevent@0x5644e35734e8 Aug 26 13:30:43.394519: | free_event_entry: release EVENT_NULL-pe@0x5644e3613568 Aug 26 13:30:43.394521: | add_fd_read_event_handler: new ethX-pe@0x5644e3613568 Aug 26 13:30:43.394523: | libevent_malloc: new ptr-libevent@0x5644e35734e8 size 128 Aug 26 13:30:43.394526: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 13:30:43.394529: | libevent_free: release ptr-libevent@0x5644e35731d8 Aug 26 13:30:43.394530: | free_event_entry: release EVENT_NULL-pe@0x5644e3613618 Aug 26 13:30:43.394532: | add_fd_read_event_handler: new ethX-pe@0x5644e3613618 Aug 26 13:30:43.394534: | libevent_malloc: new ptr-libevent@0x5644e35731d8 size 128 Aug 26 13:30:43.394537: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 13:30:43.394539: | libevent_free: release ptr-libevent@0x5644e3613cc8 Aug 26 13:30:43.394541: | free_event_entry: release EVENT_NULL-pe@0x5644e36136c8 Aug 26 13:30:43.394543: | add_fd_read_event_handler: new ethX-pe@0x5644e36136c8 Aug 26 13:30:43.394544: | libevent_malloc: new ptr-libevent@0x5644e3613cc8 size 128 Aug 26 13:30:43.394547: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 13:30:43.394550: | libevent_free: release ptr-libevent@0x5644e3613e28 Aug 26 13:30:43.394552: | free_event_entry: release EVENT_NULL-pe@0x5644e3613db8 Aug 26 13:30:43.394553: | add_fd_read_event_handler: new ethX-pe@0x5644e3613db8 Aug 26 13:30:43.394559: | libevent_malloc: new ptr-libevent@0x5644e3613e28 size 128 Aug 26 13:30:43.394563: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 13:30:43.394565: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:43.394567: forgetting secrets Aug 26 13:30:43.394573: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:43.394589: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:43.394597: | Processing PSK at line 1: passed Aug 26 13:30:43.394600: | certs and keys locked by 'process_secret' Aug 26 13:30:43.394602: | certs and keys unlocked by 'process_secret' Aug 26 13:30:43.394610: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.394617: | spent 0.298 milliseconds in whack Aug 26 13:30:43.396613: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.396635: | waitpid returned pid 12024 (exited with status 0) Aug 26 13:30:43.396639: | reaped addconn helper child (status 0) Aug 26 13:30:43.396643: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.396648: | spent 0.0152 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.471131: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.471378: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.471386: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.471388: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.471390: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.471393: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.471428: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.471467: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:30:43.471471: | from whack: got --esp=aes256-sha2 Aug 26 13:30:43.471480: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 13:30:43.471485: | counting wild cards for 192.1.3.33 is 0 Aug 26 13:30:43.471488: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:30:43.471496: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:43.471498: | new hp@0x5644e36159c8 Aug 26 13:30:43.471501: added connection description "northnet-eastnet" Aug 26 13:30:43.471510: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.471521: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 13:30:43.471531: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.471539: | spent 0.401 milliseconds in whack Aug 26 13:30:43.529148: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.529169: | old debugging base+cpu-usage + none Aug 26 13:30:43.529173: | base debugging = base+cpu-usage Aug 26 13:30:43.529176: | old impairing none + suppress-retransmits Aug 26 13:30:43.529179: | base impairing = suppress-retransmits Aug 26 13:30:43.529187: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.529195: | spent 0.053 milliseconds in whack Aug 26 13:30:43.644342: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.644370: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590) Aug 26 13:30:43.644374: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.644380: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:30:43.644390: | connection 'northnet-eastnet' +POLICY_UP Aug 26 13:30:43.644393: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 13:30:43.644396: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:30:43.644417: | creating state object #1 at 0x5644e3615aa8 Aug 26 13:30:43.644421: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:30:43.644429: | pstats #1 ikev2.ike started Aug 26 13:30:43.644433: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:30:43.644437: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:30:43.644443: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.644451: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.644457: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.644461: | dup_any(fd@26) -> fd@27 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:30:43.644465: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Aug 26 13:30:43.644469: "northnet-eastnet" #1: initiating v2 parent SA Aug 26 13:30:43.644482: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Aug 26 13:30:43.644492: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.644502: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.644506: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.644513: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.644517: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.644522: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.644526: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.644532: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.644544: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.644556: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:30:43.644561: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5644e3618218 Aug 26 13:30:43.644565: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.644569: | libevent_malloc: new ptr-libevent@0x5644e3618288 size 128 Aug 26 13:30:43.644585: | #1 spent 0.203 milliseconds in ikev2_parent_outI1() Aug 26 13:30:43.644588: | crypto helper 0 resuming Aug 26 13:30:43.644588: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.644608: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:30:43.644618: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.644620: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:30:43.644623: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.644627: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:30:43.644631: | close_any(fd@25) (in initiate_connection() at initiate.c:372) Aug 26 13:30:43.644635: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.644640: | spent 0.304 milliseconds in whack Aug 26 13:30:43.645391: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00077 seconds Aug 26 13:30:43.645402: | (#1) spent 0.762 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:30:43.645405: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:30:43.645407: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.645409: | libevent_malloc: new ptr-libevent@0x7fbb2c002888 size 128 Aug 26 13:30:43.645417: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.645425: | processing resume sending helper answer for #1 Aug 26 13:30:43.645432: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.645435: | crypto helper 0 replies to request ID 1 Aug 26 13:30:43.645437: | calling continuation function 0x5644e21e8b50 Aug 26 13:30:43.645439: | ikev2_parent_outI1_continue for #1 Aug 26 13:30:43.645462: | **emit ISAKMP Message: Aug 26 13:30:43.645465: | initiator cookie: Aug 26 13:30:43.645467: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.645468: | responder cookie: Aug 26 13:30:43.645470: | 00 00 00 00 00 00 00 00 Aug 26 13:30:43.645472: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.645474: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.645476: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.645478: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.645480: | Message ID: 0 (0x0) Aug 26 13:30:43.645482: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.645493: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.645495: | Emitting ikev2_proposals ... Aug 26 13:30:43.645497: | ***emit IKEv2 Security Association Payload: Aug 26 13:30:43.645499: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.645501: | flags: none (0x0) Aug 26 13:30:43.645503: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.645505: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.645507: | discarding INTEG=NONE Aug 26 13:30:43.645509: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.645514: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.645516: | prop #: 1 (0x1) Aug 26 13:30:43.645517: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.645519: | spi size: 0 (0x0) Aug 26 13:30:43.645521: | # transforms: 11 (0xb) Aug 26 13:30:43.645523: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.645525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645528: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.645530: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.645532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645534: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.645536: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.645537: | length/value: 256 (0x100) Aug 26 13:30:43.645539: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.645541: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645544: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645546: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.645548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645552: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645553: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645557: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645558: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.645560: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645564: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645565: | discarding INTEG=NONE Aug 26 13:30:43.645567: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645570: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645572: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.645574: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645577: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645579: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645582: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645584: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.645586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645589: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645592: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645597: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.645599: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645603: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645609: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.645611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645613: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645614: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645616: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645619: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645621: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.645623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645626: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645628: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645633: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.645635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645638: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645640: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645643: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645645: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.645647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645648: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645650: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645652: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645653: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.645655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645657: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.645658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645663: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645665: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.645667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.645668: | discarding INTEG=NONE Aug 26 13:30:43.645670: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.645672: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.645673: | prop #: 2 (0x2) Aug 26 13:30:43.645675: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.645676: | spi size: 0 (0x0) Aug 26 13:30:43.645678: | # transforms: 11 (0xb) Aug 26 13:30:43.645680: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.645682: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.645684: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645685: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645687: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.645689: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.645691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645692: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.645694: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.645696: | length/value: 128 (0x80) Aug 26 13:30:43.645697: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.645699: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645702: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645704: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.645706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645709: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645714: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645716: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.645718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645721: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645723: | discarding INTEG=NONE Aug 26 13:30:43.645724: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645727: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645729: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.645731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645735: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645736: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645742: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.645744: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645747: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645749: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645754: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.645756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645759: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645761: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645766: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.645768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645771: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645773: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645776: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645778: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.645780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645783: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645785: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645788: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645790: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.645792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645794: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645795: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645797: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645798: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645800: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645802: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.645804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645813: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.645815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645816: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.645818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645824: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.645825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.645827: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.645829: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.645830: | prop #: 3 (0x3) Aug 26 13:30:43.645832: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.645834: | spi size: 0 (0x0) Aug 26 13:30:43.645835: | # transforms: 13 (0xd) Aug 26 13:30:43.645837: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.645839: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.645841: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645844: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.645846: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.645847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645849: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.645851: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.645852: | length/value: 256 (0x100) Aug 26 13:30:43.645854: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.645856: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645859: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645861: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.645862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645864: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645866: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645868: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645871: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.645872: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.645874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645878: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645879: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645883: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.645885: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.645887: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645892: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645894: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645895: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.645897: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.645899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645903: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645904: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645907: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645909: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.645911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645914: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645921: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.645923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645926: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645928: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645933: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.645935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645938: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645945: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.645947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645950: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645952: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645956: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645957: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.645959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645963: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645964: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645968: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645969: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.645971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645975: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645976: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645980: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645981: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.645983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.645988: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.645990: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.645992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.645993: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.645995: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.645997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.645999: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646000: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.646002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.646004: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.646006: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.646007: | prop #: 4 (0x4) Aug 26 13:30:43.646009: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.646010: | spi size: 0 (0x0) Aug 26 13:30:43.646012: | # transforms: 13 (0xd) Aug 26 13:30:43.646014: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.646016: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.646017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646019: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646021: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.646022: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.646025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646026: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.646028: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.646030: | length/value: 128 (0x80) Aug 26 13:30:43.646031: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.646033: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646036: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.646038: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.646040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646045: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646048: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.646050: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.646052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646055: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646057: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646060: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.646062: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.646064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646072: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.646074: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.646076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646079: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646081: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646084: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646086: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.646088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646091: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646098: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.646100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646104: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646105: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646108: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646110: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.646112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646116: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646117: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646120: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646122: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.646124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646126: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646127: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646132: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646134: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.646136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646141: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646146: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.646148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646151: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646153: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646156: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646158: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.646159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646164: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.646167: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.646169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.646170: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.646172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.646174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.646176: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.646177: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.646179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.646181: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:30:43.646183: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.646184: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:30:43.646186: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.646188: | flags: none (0x0) Aug 26 13:30:43.646190: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.646192: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:30:43.646194: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.646196: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:30:43.646198: | ikev2 g^x 64 70 a7 83 90 dd c5 8b 66 95 f7 15 5d 64 c5 b7 Aug 26 13:30:43.646199: | ikev2 g^x 0b 85 3f 77 23 4a 74 c3 eb d1 a1 f5 3d ca 78 77 Aug 26 13:30:43.646201: | ikev2 g^x 05 0d f5 69 43 7b 77 52 a7 ff c1 52 af b6 09 d4 Aug 26 13:30:43.646203: | ikev2 g^x a0 fa a7 8c 78 18 e3 33 57 d3 47 ca 89 7b 2c 0d Aug 26 13:30:43.646204: | ikev2 g^x 9f 64 bf 0d 16 d8 62 33 dd 5d 31 fa 70 7d 1e 7e Aug 26 13:30:43.646206: | ikev2 g^x dc 1a 96 a9 38 6d 91 e4 74 db 0b 59 5d c5 3a a2 Aug 26 13:30:43.646207: | ikev2 g^x a9 ed 11 53 e1 43 f3 97 b6 61 56 95 33 01 66 0c Aug 26 13:30:43.646209: | ikev2 g^x bd 7a ac 60 34 1e 9a a5 68 69 88 98 5d d2 31 dc Aug 26 13:30:43.646210: | ikev2 g^x ce 57 c7 2a e4 97 82 29 e2 35 a3 10 5a 09 f6 9a Aug 26 13:30:43.646212: | ikev2 g^x 4b 1f a6 32 3a 46 31 48 a7 83 a3 64 aa 18 b3 0f Aug 26 13:30:43.646214: | ikev2 g^x 0e 9c 81 23 14 99 e4 c5 71 b1 a3 b6 24 6b 62 a4 Aug 26 13:30:43.646215: | ikev2 g^x 33 8a f9 64 73 90 90 ed 60 93 73 fb 78 69 d4 db Aug 26 13:30:43.646217: | ikev2 g^x 1c dc 6f 59 13 5c 73 5b 77 f3 60 0b ec 2a 40 03 Aug 26 13:30:43.646218: | ikev2 g^x d2 d3 80 be 97 73 81 51 ce b5 36 d3 27 d1 84 49 Aug 26 13:30:43.646220: | ikev2 g^x 4c c5 22 51 d0 54 17 74 9b a0 63 b8 8f f3 54 ca Aug 26 13:30:43.646221: | ikev2 g^x b7 bf 82 e4 67 f0 91 f8 60 a3 21 32 01 45 77 d6 Aug 26 13:30:43.646223: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:30:43.646225: | ***emit IKEv2 Nonce Payload: Aug 26 13:30:43.646226: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.646228: | flags: none (0x0) Aug 26 13:30:43.646230: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:30:43.646232: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.646234: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.646236: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:30:43.646238: | IKEv2 nonce af 7f 06 d1 ef 59 f9 3e 4c 00 dd fb d2 fa ab 9f Aug 26 13:30:43.646240: | IKEv2 nonce 59 64 36 00 a8 2a 29 d0 f8 b4 ba 90 ee 01 a3 b5 Aug 26 13:30:43.646242: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:30:43.646244: | Adding a v2N Payload Aug 26 13:30:43.646245: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.646247: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.646249: | flags: none (0x0) Aug 26 13:30:43.646251: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.646252: | SPI size: 0 (0x0) Aug 26 13:30:43.646254: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.646256: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.646258: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.646260: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.646262: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:43.646264: | natd_hash: rcookie is zero Aug 26 13:30:43.646272: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:43.646274: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.646276: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.646278: | natd_hash: ip= c0 01 03 21 Aug 26 13:30:43.646279: | natd_hash: port=500 Aug 26 13:30:43.646281: | natd_hash: hash= 73 b9 34 7b 6d ee 0e 70 8b 00 60 c3 5c 71 0a 6a Aug 26 13:30:43.646283: | natd_hash: hash= 3c 50 3d 61 Aug 26 13:30:43.646284: | Adding a v2N Payload Aug 26 13:30:43.646286: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.646291: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.646297: | flags: none (0x0) Aug 26 13:30:43.646299: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.646302: | SPI size: 0 (0x0) Aug 26 13:30:43.646305: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.646308: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.646310: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.646313: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.646315: | Notify data 73 b9 34 7b 6d ee 0e 70 8b 00 60 c3 5c 71 0a 6a Aug 26 13:30:43.646317: | Notify data 3c 50 3d 61 Aug 26 13:30:43.646320: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.646322: | natd_hash: rcookie is zero Aug 26 13:30:43.646329: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:43.646332: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.646335: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.646337: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.646339: | natd_hash: port=500 Aug 26 13:30:43.646341: | natd_hash: hash= 53 aa 15 0f 66 6d 08 d2 fd f2 a9 06 22 a6 82 db Aug 26 13:30:43.646343: | natd_hash: hash= 87 7a f6 7e Aug 26 13:30:43.646344: | Adding a v2N Payload Aug 26 13:30:43.646346: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.646348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.646349: | flags: none (0x0) Aug 26 13:30:43.646351: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.646352: | SPI size: 0 (0x0) Aug 26 13:30:43.646354: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.646356: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.646358: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.646360: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.646362: | Notify data 53 aa 15 0f 66 6d 08 d2 fd f2 a9 06 22 a6 82 db Aug 26 13:30:43.646363: | Notify data 87 7a f6 7e Aug 26 13:30:43.646365: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.646368: | emitting length of ISAKMP Message: 828 Aug 26 13:30:43.646373: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:30:43.646382: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.646385: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:30:43.646387: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:30:43.646390: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:30:43.646392: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:30:43.646394: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:30:43.646397: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.646400: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.646409: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:30:43.646421: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.646424: | c1 0c 6a f1 31 90 61 76 00 00 00 00 00 00 00 00 Aug 26 13:30:43.646425: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:30:43.646427: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.646428: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:30:43.646430: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:30:43.646431: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:30:43.646433: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:30:43.646434: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:30:43.646436: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:30:43.646438: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:30:43.646439: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:30:43.646441: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:30:43.646442: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:30:43.646444: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:30:43.646445: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:30:43.646447: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:30:43.646448: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:30:43.646450: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:30:43.646451: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:30:43.646453: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:30:43.646454: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:30:43.646456: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:30:43.646457: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:30:43.646459: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:30:43.646460: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:30:43.646462: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:30:43.646464: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:30:43.646465: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:30:43.646467: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:30:43.646468: | 28 00 01 08 00 0e 00 00 64 70 a7 83 90 dd c5 8b Aug 26 13:30:43.646470: | 66 95 f7 15 5d 64 c5 b7 0b 85 3f 77 23 4a 74 c3 Aug 26 13:30:43.646471: | eb d1 a1 f5 3d ca 78 77 05 0d f5 69 43 7b 77 52 Aug 26 13:30:43.646473: | a7 ff c1 52 af b6 09 d4 a0 fa a7 8c 78 18 e3 33 Aug 26 13:30:43.646474: | 57 d3 47 ca 89 7b 2c 0d 9f 64 bf 0d 16 d8 62 33 Aug 26 13:30:43.646476: | dd 5d 31 fa 70 7d 1e 7e dc 1a 96 a9 38 6d 91 e4 Aug 26 13:30:43.646478: | 74 db 0b 59 5d c5 3a a2 a9 ed 11 53 e1 43 f3 97 Aug 26 13:30:43.646480: | b6 61 56 95 33 01 66 0c bd 7a ac 60 34 1e 9a a5 Aug 26 13:30:43.646481: | 68 69 88 98 5d d2 31 dc ce 57 c7 2a e4 97 82 29 Aug 26 13:30:43.646483: | e2 35 a3 10 5a 09 f6 9a 4b 1f a6 32 3a 46 31 48 Aug 26 13:30:43.646485: | a7 83 a3 64 aa 18 b3 0f 0e 9c 81 23 14 99 e4 c5 Aug 26 13:30:43.646486: | 71 b1 a3 b6 24 6b 62 a4 33 8a f9 64 73 90 90 ed Aug 26 13:30:43.646488: | 60 93 73 fb 78 69 d4 db 1c dc 6f 59 13 5c 73 5b Aug 26 13:30:43.646489: | 77 f3 60 0b ec 2a 40 03 d2 d3 80 be 97 73 81 51 Aug 26 13:30:43.646491: | ce b5 36 d3 27 d1 84 49 4c c5 22 51 d0 54 17 74 Aug 26 13:30:43.646492: | 9b a0 63 b8 8f f3 54 ca b7 bf 82 e4 67 f0 91 f8 Aug 26 13:30:43.646494: | 60 a3 21 32 01 45 77 d6 29 00 00 24 af 7f 06 d1 Aug 26 13:30:43.646495: | ef 59 f9 3e 4c 00 dd fb d2 fa ab 9f 59 64 36 00 Aug 26 13:30:43.646497: | a8 2a 29 d0 f8 b4 ba 90 ee 01 a3 b5 29 00 00 08 Aug 26 13:30:43.646498: | 00 00 40 2e 29 00 00 1c 00 00 40 04 73 b9 34 7b Aug 26 13:30:43.646500: | 6d ee 0e 70 8b 00 60 c3 5c 71 0a 6a 3c 50 3d 61 Aug 26 13:30:43.646501: | 00 00 00 1c 00 00 40 05 53 aa 15 0f 66 6d 08 d2 Aug 26 13:30:43.646503: | fd f2 a9 06 22 a6 82 db 87 7a f6 7e Aug 26 13:30:43.646580: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.646584: | libevent_free: release ptr-libevent@0x5644e3618288 Aug 26 13:30:43.646587: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5644e3618218 Aug 26 13:30:43.646589: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.646591: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:30:43.646597: | event_schedule: new EVENT_RETRANSMIT-pe@0x5644e3618218 Aug 26 13:30:43.646601: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:30:43.646604: | libevent_malloc: new ptr-libevent@0x5644e3618288 size 128 Aug 26 13:30:43.646609: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.389063 Aug 26 13:30:43.646611: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:30:43.646616: | #1 spent 1.13 milliseconds in resume sending helper answer Aug 26 13:30:43.646619: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.646621: | libevent_free: release ptr-libevent@0x7fbb2c002888 Aug 26 13:30:43.649995: | spent 0.0033 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.650022: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:30:43.650026: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.650029: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:30:43.650031: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.650034: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:30:43.650036: | 04 00 00 0e 28 00 01 08 00 0e 00 00 bb 9a 2b 1c Aug 26 13:30:43.650038: | d4 2d 11 a4 e3 c0 c8 73 a8 07 73 35 bd 64 9c 46 Aug 26 13:30:43.650041: | 55 1d a3 66 a5 22 e8 fb bf 5b 6e 7f 2f d9 d2 4e Aug 26 13:30:43.650043: | 18 c6 94 03 c4 50 a7 d7 f2 73 29 1b c2 f0 25 14 Aug 26 13:30:43.650046: | 1d 65 7e 5d 92 4a 34 a3 23 b3 60 8c 90 99 b1 56 Aug 26 13:30:43.650048: | 81 0d 29 81 86 4a e7 0f e2 f2 05 02 e7 e0 86 3b Aug 26 13:30:43.650051: | 5b cc 12 8a 4e ec b4 b9 65 d6 2f 18 9f 09 73 50 Aug 26 13:30:43.650053: | b3 9c 8f 3b 7f a2 6a c7 07 0d 86 11 b8 f1 55 e4 Aug 26 13:30:43.650055: | e8 77 86 f3 bf ec d8 e9 a7 48 93 84 58 06 f4 99 Aug 26 13:30:43.650058: | 94 c0 79 0d 54 1d b3 c9 82 5b 5d 79 f0 79 f1 4f Aug 26 13:30:43.650060: | ec d8 39 f3 81 b1 56 6a d1 d2 e7 62 0a 3a 3e c1 Aug 26 13:30:43.650063: | a6 2e e7 3b 18 12 eb 9b c1 3a 81 46 ba e4 e1 06 Aug 26 13:30:43.650067: | d1 e6 33 c7 26 af f1 a5 54 76 ea 51 18 dd f9 b1 Aug 26 13:30:43.650070: | 95 45 19 dd 0a ae 53 4a 0c 9f b7 ef e9 6c b3 cf Aug 26 13:30:43.650072: | 0d 3a 14 0b a0 91 8e ca 97 87 ca 99 c7 e9 77 1c Aug 26 13:30:43.650075: | 23 55 c1 bf c6 b9 e3 19 2c 0c 89 0b 18 e9 87 e4 Aug 26 13:30:43.650077: | 0e 20 91 07 31 e4 9f 91 48 b2 3e d4 29 00 00 24 Aug 26 13:30:43.650080: | 75 cb ec 48 a6 2b fd eb 14 fb fb f4 22 cf b4 d1 Aug 26 13:30:43.650082: | 9c 6a 0b cd 15 89 13 b2 e9 18 0f cc 6d ea b0 ca Aug 26 13:30:43.650084: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:30:43.650087: | fe a7 84 5e ed 0d c6 f0 c2 e0 2c 4c 9a c1 25 05 Aug 26 13:30:43.650089: | 6c 05 37 38 00 00 00 1c 00 00 40 05 ad d9 e7 c9 Aug 26 13:30:43.650092: | e6 32 e9 c0 44 e5 03 9b 46 fe 5b 0f 3a 6a 11 b2 Aug 26 13:30:43.650097: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.650101: | **parse ISAKMP Message: Aug 26 13:30:43.650104: | initiator cookie: Aug 26 13:30:43.650106: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.650109: | responder cookie: Aug 26 13:30:43.650111: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.650114: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.650117: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.650119: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.650122: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.650125: | Message ID: 0 (0x0) Aug 26 13:30:43.650127: | length: 432 (0x1b0) Aug 26 13:30:43.650130: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:30:43.650134: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:30:43.650138: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:30:43.650145: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.650149: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.650152: | #1 is idle Aug 26 13:30:43.650155: | #1 idle Aug 26 13:30:43.650157: | unpacking clear payload Aug 26 13:30:43.650160: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.650163: | ***parse IKEv2 Security Association Payload: Aug 26 13:30:43.650166: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:30:43.650168: | flags: none (0x0) Aug 26 13:30:43.650171: | length: 40 (0x28) Aug 26 13:30:43.650174: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:30:43.650176: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:30:43.650179: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:30:43.650182: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:30:43.650184: | flags: none (0x0) Aug 26 13:30:43.650187: | length: 264 (0x108) Aug 26 13:30:43.650190: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.650192: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:30:43.650195: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.650198: | ***parse IKEv2 Nonce Payload: Aug 26 13:30:43.650200: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.650203: | flags: none (0x0) Aug 26 13:30:43.650205: | length: 36 (0x24) Aug 26 13:30:43.650208: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:30:43.650210: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.650213: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.650216: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.650218: | flags: none (0x0) Aug 26 13:30:43.650221: | length: 8 (0x8) Aug 26 13:30:43.650223: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.650226: | SPI size: 0 (0x0) Aug 26 13:30:43.650229: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.650232: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.650236: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.650238: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.650241: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.650243: | flags: none (0x0) Aug 26 13:30:43.650246: | length: 28 (0x1c) Aug 26 13:30:43.650248: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.650251: | SPI size: 0 (0x0) Aug 26 13:30:43.650253: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.650256: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.650259: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.650261: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.650264: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.650266: | flags: none (0x0) Aug 26 13:30:43.650269: | length: 28 (0x1c) Aug 26 13:30:43.650271: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.650274: | SPI size: 0 (0x0) Aug 26 13:30:43.650276: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.650279: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.650282: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:30:43.650294: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.650300: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.650302: | Now let's proceed with state specific processing Aug 26 13:30:43.650305: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.650309: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:30:43.650327: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.650331: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:30:43.650334: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.650337: | local proposal 1 type PRF has 2 transforms Aug 26 13:30:43.650340: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.650343: | local proposal 1 type DH has 8 transforms Aug 26 13:30:43.650345: | local proposal 1 type ESN has 0 transforms Aug 26 13:30:43.650349: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.650351: | local proposal 2 type ENCR has 1 transforms Aug 26 13:30:43.650354: | local proposal 2 type PRF has 2 transforms Aug 26 13:30:43.650357: | local proposal 2 type INTEG has 1 transforms Aug 26 13:30:43.650359: | local proposal 2 type DH has 8 transforms Aug 26 13:30:43.650362: | local proposal 2 type ESN has 0 transforms Aug 26 13:30:43.650365: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.650368: | local proposal 3 type ENCR has 1 transforms Aug 26 13:30:43.650370: | local proposal 3 type PRF has 2 transforms Aug 26 13:30:43.650373: | local proposal 3 type INTEG has 2 transforms Aug 26 13:30:43.650375: | local proposal 3 type DH has 8 transforms Aug 26 13:30:43.650378: | local proposal 3 type ESN has 0 transforms Aug 26 13:30:43.650381: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.650384: | local proposal 4 type ENCR has 1 transforms Aug 26 13:30:43.650386: | local proposal 4 type PRF has 2 transforms Aug 26 13:30:43.650389: | local proposal 4 type INTEG has 2 transforms Aug 26 13:30:43.650393: | local proposal 4 type DH has 8 transforms Aug 26 13:30:43.650396: | local proposal 4 type ESN has 0 transforms Aug 26 13:30:43.650399: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.650402: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.650405: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.650407: | length: 36 (0x24) Aug 26 13:30:43.650410: | prop #: 1 (0x1) Aug 26 13:30:43.650412: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.650415: | spi size: 0 (0x0) Aug 26 13:30:43.650418: | # transforms: 3 (0x3) Aug 26 13:30:43.650421: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:30:43.650424: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.650427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.650429: | length: 12 (0xc) Aug 26 13:30:43.650432: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.650435: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.650437: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.650440: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.650443: | length/value: 256 (0x100) Aug 26 13:30:43.650447: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.650450: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.650453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.650455: | length: 8 (0x8) Aug 26 13:30:43.650458: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.650461: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.650464: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:30:43.650467: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.650470: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.650472: | length: 8 (0x8) Aug 26 13:30:43.650475: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.650477: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.650481: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:30:43.650485: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:30:43.650489: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:30:43.650492: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.650496: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:30:43.650498: | converting proposal to internal trans attrs Aug 26 13:30:43.650515: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:43.650518: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.650521: | natd_hash: rcookie= 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.650523: | natd_hash: ip= c0 01 03 21 Aug 26 13:30:43.650526: | natd_hash: port=500 Aug 26 13:30:43.650528: | natd_hash: hash= ad d9 e7 c9 e6 32 e9 c0 44 e5 03 9b 46 fe 5b 0f Aug 26 13:30:43.650531: | natd_hash: hash= 3a 6a 11 b2 Aug 26 13:30:43.650537: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:43.650540: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.650542: | natd_hash: rcookie= 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.650544: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.650547: | natd_hash: port=500 Aug 26 13:30:43.650549: | natd_hash: hash= fe a7 84 5e ed 0d c6 f0 c2 e0 2c 4c 9a c1 25 05 Aug 26 13:30:43.650552: | natd_hash: hash= 6c 05 37 38 Aug 26 13:30:43.650555: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:30:43.650557: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:30:43.650559: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:30:43.650563: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:30:43.650568: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:30:43.650572: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:30:43.650575: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.650578: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:30:43.650582: | libevent_free: release ptr-libevent@0x5644e3618288 Aug 26 13:30:43.650585: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5644e3618218 Aug 26 13:30:43.650588: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5644e3618218 Aug 26 13:30:43.650592: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.650595: | libevent_malloc: new ptr-libevent@0x5644e3617fb8 size 128 Aug 26 13:30:43.650606: | #1 spent 0.296 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:30:43.650611: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.650612: | crypto helper 1 resuming Aug 26 13:30:43.650615: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:30:43.650631: | suspending state #1 and saving MD Aug 26 13:30:43.650626: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:30:43.650635: | #1 is busy; has a suspended MD Aug 26 13:30:43.650644: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:30:43.650648: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:43.650652: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:43.650657: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.650661: | #1 spent 0.64 milliseconds in ikev2_process_packet() Aug 26 13:30:43.650666: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.650669: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.650672: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.650676: | spent 0.654 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.651233: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:30:43.651525: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000882 seconds Aug 26 13:30:43.651535: | (#1) spent 0.88 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:30:43.651538: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:30:43.651540: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.651542: | libevent_malloc: new ptr-libevent@0x7fbb24000f48 size 128 Aug 26 13:30:43.651548: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.651558: | processing resume sending helper answer for #1 Aug 26 13:30:43.651569: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.651573: | crypto helper 1 replies to request ID 2 Aug 26 13:30:43.651576: | calling continuation function 0x5644e21e8b50 Aug 26 13:30:43.651579: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:30:43.651589: | creating state object #2 at 0x5644e361ae98 Aug 26 13:30:43.651592: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:30:43.651596: | pstats #2 ikev2.child started Aug 26 13:30:43.651599: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Aug 26 13:30:43.651604: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:30:43.651611: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.651620: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.651625: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.651628: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.651631: | libevent_free: release ptr-libevent@0x5644e3617fb8 Aug 26 13:30:43.651635: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5644e3618218 Aug 26 13:30:43.651638: | event_schedule: new EVENT_SA_REPLACE-pe@0x5644e3618218 Aug 26 13:30:43.651642: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:30:43.651645: | libevent_malloc: new ptr-libevent@0x5644e3617fb8 size 128 Aug 26 13:30:43.651648: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:30:43.651655: | **emit ISAKMP Message: Aug 26 13:30:43.651658: | initiator cookie: Aug 26 13:30:43.651660: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.651662: | responder cookie: Aug 26 13:30:43.651664: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.651667: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.651669: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.651672: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.651675: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.651678: | Message ID: 1 (0x1) Aug 26 13:30:43.651680: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.651684: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:43.651687: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.651689: | flags: none (0x0) Aug 26 13:30:43.651693: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:43.651696: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.651699: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:43.651708: | IKEv2 CERT: send a certificate? Aug 26 13:30:43.651712: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:30:43.651715: | IDr payload will NOT be sent Aug 26 13:30:43.651735: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:30:43.651739: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.651741: | flags: none (0x0) Aug 26 13:30:43.651744: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.651747: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:30:43.651750: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.651754: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:30:43.651756: | my identity c0 01 03 21 Aug 26 13:30:43.651759: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:30:43.651768: | not sending INITIAL_CONTACT Aug 26 13:30:43.651772: | ****emit IKEv2 Authentication Payload: Aug 26 13:30:43.651774: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.651777: | flags: none (0x0) Aug 26 13:30:43.651780: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.651783: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.651786: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.651789: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:30:43.651795: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.651800: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.651805: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 13:30:43.651809: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.651812: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.651815: | line 1: match=002 Aug 26 13:30:43.651818: | match 002 beats previous best_match 000 match=0x5644e356ec48 (line=1) Aug 26 13:30:43.651821: | concluding with best_match=002 best=0x5644e356ec48 (lineno=1) Aug 26 13:30:43.651882: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:30:43.651885: | PSK auth 08 8b c3 c0 d7 76 8c ff d1 69 35 39 f0 e4 33 c5 Aug 26 13:30:43.651888: | PSK auth 0e 1e 17 2b bd a6 65 18 2f 91 59 9c e3 53 60 14 Aug 26 13:30:43.651890: | PSK auth 76 d4 e8 ff 39 de 2f 39 70 3b ca f2 19 6d 2e 2e Aug 26 13:30:43.651893: | PSK auth 89 eb 89 f2 31 63 d0 aa 22 23 8d 7c 34 f8 08 d7 Aug 26 13:30:43.651896: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:30:43.651899: | getting first pending from state #1 Aug 26 13:30:43.651919: | netlink_get_spi: allocated 0x42147c9c for esp.0@192.1.3.33 Aug 26 13:30:43.651924: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:30:43.651928: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:30:43.651934: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.651939: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.651949: | Emitting ikev2_proposals ... Aug 26 13:30:43.651953: | ****emit IKEv2 Security Association Payload: Aug 26 13:30:43.651955: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.651958: | flags: none (0x0) Aug 26 13:30:43.651961: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.651965: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.651967: | discarding DH=NONE Aug 26 13:30:43.651970: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.651973: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.651975: | prop #: 1 (0x1) Aug 26 13:30:43.651978: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.651981: | spi size: 4 (0x4) Aug 26 13:30:43.651983: | # transforms: 3 (0x3) Aug 26 13:30:43.651986: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.651989: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:30:43.651992: | our spi 42 14 7c 9c Aug 26 13:30:43.651995: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.651998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.652000: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.652003: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.652006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.652009: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.652012: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.652014: | length/value: 256 (0x100) Aug 26 13:30:43.652017: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.652020: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.652023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.652025: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.652028: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.652033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.652036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.652039: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.652041: | discarding DH=NONE Aug 26 13:30:43.652044: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.652046: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.652049: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.652052: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.652055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.652058: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.652060: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.652063: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:30:43.652066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.652069: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:30:43.652072: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.652075: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.652078: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.652080: | flags: none (0x0) Aug 26 13:30:43.652083: | number of TS: 1 (0x1) Aug 26 13:30:43.652086: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.652089: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.652092: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.652095: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.652098: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.652100: | start port: 0 (0x0) Aug 26 13:30:43.652103: | end port: 65535 (0xffff) Aug 26 13:30:43.652106: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.652108: | ipv4 start c0 00 03 00 Aug 26 13:30:43.652111: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.652114: | ipv4 end c0 00 03 ff Aug 26 13:30:43.652116: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.652119: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:30:43.652122: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.652124: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.652127: | flags: none (0x0) Aug 26 13:30:43.652129: | number of TS: 1 (0x1) Aug 26 13:30:43.652133: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.652136: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.652138: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.652141: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.652144: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.652146: | start port: 0 (0x0) Aug 26 13:30:43.652149: | end port: 65535 (0xffff) Aug 26 13:30:43.652151: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.652154: | ipv4 start c0 00 02 00 Aug 26 13:30:43.652157: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.652160: | ipv4 end c0 00 02 ff Aug 26 13:30:43.652163: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.652166: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:30:43.652168: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:30:43.652171: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:43.652174: | Adding a v2N Payload Aug 26 13:30:43.652177: | ****emit IKEv2 Notify Payload: Aug 26 13:30:43.652179: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.652182: | flags: none (0x0) Aug 26 13:30:43.652185: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.652187: | SPI size: 0 (0x0) Aug 26 13:30:43.652190: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.652193: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.652196: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.652199: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.652202: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:43.652205: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:43.652209: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:43.652211: | emitting length of IKEv2 Encryption Payload: 213 Aug 26 13:30:43.652214: | emitting length of ISAKMP Message: 241 Aug 26 13:30:43.652227: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.652233: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.652237: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:30:43.652240: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:30:43.652244: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:30:43.652246: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:30:43.652252: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.652257: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:30:43.652262: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:30:43.652271: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:30:43.652277: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.652280: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.652283: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Aug 26 13:30:43.652285: | c8 bb e9 b7 38 7c 21 72 de 17 51 cc 68 34 3b 84 Aug 26 13:30:43.652333: | 0e 2d 23 4f fc 31 6b 56 86 da a4 61 65 99 e1 99 Aug 26 13:30:43.652340: | b6 97 55 bd 38 41 48 42 3c ca 13 fe 5a 3f 2e 27 Aug 26 13:30:43.652342: | 62 87 01 d4 32 45 31 52 52 cf 47 b0 87 ae 77 83 Aug 26 13:30:43.652345: | 47 79 86 73 12 4e de 2d 0c 8c ee 07 42 78 ea 8d Aug 26 13:30:43.652347: | bf 7c a8 02 0a 98 c5 9e 7d d2 db 99 18 62 e9 97 Aug 26 13:30:43.652350: | f9 1f 0f bd 05 6f 15 88 ce c7 99 41 51 ce 6b de Aug 26 13:30:43.652352: | 51 03 4d a4 a7 6c c0 54 e1 4a 07 d5 bf 4d 35 3e Aug 26 13:30:43.652354: | f0 46 e7 c4 33 4b 9e 0f 2e 8b cb 76 74 2e 69 f8 Aug 26 13:30:43.652357: | 46 ab 76 94 18 cf fe da f3 ce 7f 37 a1 ea 1b 29 Aug 26 13:30:43.652361: | af cf 61 a1 5b 92 7c 71 68 45 95 ed 6e 70 71 26 Aug 26 13:30:43.652363: | a6 97 4d f5 fe 29 8d 8e f6 43 c0 66 4b 41 37 0d Aug 26 13:30:43.652366: | 40 7c 86 d7 76 ba 8c fe 82 e3 d0 4f b4 30 af c1 Aug 26 13:30:43.652368: | b1 Aug 26 13:30:43.652391: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.652395: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:30:43.652404: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fbb2c002b78 Aug 26 13:30:43.652408: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:30:43.652411: | libevent_malloc: new ptr-libevent@0x5644e361bb68 size 128 Aug 26 13:30:43.652416: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.39487 Aug 26 13:30:43.652420: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:43.652426: | #1 spent 0.807 milliseconds in resume sending helper answer Aug 26 13:30:43.652431: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.652435: | libevent_free: release ptr-libevent@0x7fbb24000f48 Aug 26 13:30:43.698028: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.698050: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:30:43.698055: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.698058: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Aug 26 13:30:43.698060: | 69 7c 0f 48 93 52 e2 0e e5 b9 27 4d ba 8b 51 34 Aug 26 13:30:43.698063: | 04 7c f7 c7 d7 36 aa df 33 3d 55 9c fb ab 96 0a Aug 26 13:30:43.698065: | 1d 6e 80 a8 28 63 7c 9d 8b 61 b4 78 6e dd d8 4c Aug 26 13:30:43.698068: | 7c 9b 18 73 ad e9 42 d2 1d 68 97 da 1d f2 fa 2d Aug 26 13:30:43.698070: | 91 c5 db 2c 51 7b f0 4d 73 f9 c4 2f f5 14 dd 90 Aug 26 13:30:43.698073: | 1a 20 aa 56 71 75 d4 78 df 24 58 78 46 91 bf 0f Aug 26 13:30:43.698075: | 8e 86 3a 49 22 2c fb a1 ad a9 8c e2 c8 1c 7b 78 Aug 26 13:30:43.698078: | 88 f8 34 e1 42 19 7d a9 12 5f 71 73 21 39 57 14 Aug 26 13:30:43.698080: | fc 34 7d ec a6 7f 92 19 88 fb b8 f2 4a 8d 79 ef Aug 26 13:30:43.698082: | 1e 9f a2 ad 5a 2a 6b 87 70 4f 67 6b 5c 8b b9 49 Aug 26 13:30:43.698085: | e1 8d 88 c6 a3 fc 1b 83 7a c9 4b dd 11 cc 1e 56 Aug 26 13:30:43.698088: | 4c a9 01 10 21 02 2f 3b 49 98 bf ca c6 0c 0a 19 Aug 26 13:30:43.698090: | 3e 0c 13 19 54 c9 a3 ba 72 1b 99 6f f2 55 82 ee Aug 26 13:30:43.698092: | 60 Aug 26 13:30:43.698097: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.698102: | **parse ISAKMP Message: Aug 26 13:30:43.698105: | initiator cookie: Aug 26 13:30:43.698108: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:43.698110: | responder cookie: Aug 26 13:30:43.698113: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:43.698116: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:43.698119: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.698122: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.698124: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.698127: | Message ID: 1 (0x1) Aug 26 13:30:43.698130: | length: 241 (0xf1) Aug 26 13:30:43.698133: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:30:43.698136: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:30:43.698141: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:30:43.698147: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.698150: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:30:43.698155: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.698162: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.698165: | #2 is idle Aug 26 13:30:43.698167: | #2 idle Aug 26 13:30:43.698170: | unpacking clear payload Aug 26 13:30:43.698173: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:43.698176: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:43.698179: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.698181: | flags: none (0x0) Aug 26 13:30:43.698184: | length: 213 (0xd5) Aug 26 13:30:43.698187: | processing payload: ISAKMP_NEXT_v2SK (len=209) Aug 26 13:30:43.698190: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:30:43.698205: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:30:43.698208: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.698211: | **parse IKEv2 Notify Payload: Aug 26 13:30:43.698214: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:30:43.698217: | flags: none (0x0) Aug 26 13:30:43.698220: | length: 8 (0x8) Aug 26 13:30:43.698222: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.698225: | SPI size: 0 (0x0) Aug 26 13:30:43.698228: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.698231: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.698233: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:30:43.698236: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:30:43.698239: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:30:43.698241: | flags: none (0x0) Aug 26 13:30:43.698244: | length: 12 (0xc) Aug 26 13:30:43.698247: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.698249: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:30:43.698252: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.698255: | **parse IKEv2 Authentication Payload: Aug 26 13:30:43.698258: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.698261: | flags: none (0x0) Aug 26 13:30:43.698263: | length: 72 (0x48) Aug 26 13:30:43.698266: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.698268: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:30:43.698271: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.698273: | **parse IKEv2 Security Association Payload: Aug 26 13:30:43.698276: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:30:43.698279: | flags: none (0x0) Aug 26 13:30:43.698281: | length: 44 (0x2c) Aug 26 13:30:43.698284: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:30:43.698286: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.698304: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.698307: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:30:43.698310: | flags: none (0x0) Aug 26 13:30:43.698312: | length: 24 (0x18) Aug 26 13:30:43.698315: | number of TS: 1 (0x1) Aug 26 13:30:43.698318: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:30:43.698320: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.698323: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.698326: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.698328: | flags: none (0x0) Aug 26 13:30:43.698331: | length: 24 (0x18) Aug 26 13:30:43.698333: | number of TS: 1 (0x1) Aug 26 13:30:43.698336: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:30:43.698339: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:30:43.698342: | Now let's proceed with state specific processing Aug 26 13:30:43.698344: | calling processor Initiator: process IKE_AUTH response Aug 26 13:30:43.698349: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 13:30:43.698353: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 13:30:43.698355: | peer ID c0 01 02 17 Aug 26 13:30:43.698359: | offered CA: '%none' Aug 26 13:30:43.698364: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 13:30:43.698402: | verifying AUTH payload Aug 26 13:30:43.698407: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:30:43.698413: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.698416: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.698422: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 13:30:43.698426: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.698429: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.698431: | line 1: match=002 Aug 26 13:30:43.698434: | match 002 beats previous best_match 000 match=0x5644e356ec48 (line=1) Aug 26 13:30:43.698437: | concluding with best_match=002 best=0x5644e356ec48 (lineno=1) Aug 26 13:30:43.698502: "northnet-eastnet" #2: Authenticated using authby=secret Aug 26 13:30:43.698512: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:30:43.698518: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:30:43.698521: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:30:43.698525: | libevent_free: release ptr-libevent@0x5644e3617fb8 Aug 26 13:30:43.698528: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5644e3618218 Aug 26 13:30:43.698532: | event_schedule: new EVENT_SA_REKEY-pe@0x5644e3618218 Aug 26 13:30:43.698535: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:30:43.698539: | libevent_malloc: new ptr-libevent@0x7fbb24000f48 size 128 Aug 26 13:30:43.698765: | pstats #1 ikev2.ike established Aug 26 13:30:43.698774: | TSi: parsing 1 traffic selectors Aug 26 13:30:43.698778: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.698781: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.698784: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.698787: | length: 16 (0x10) Aug 26 13:30:43.698789: | start port: 0 (0x0) Aug 26 13:30:43.698792: | end port: 65535 (0xffff) Aug 26 13:30:43.698795: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.698798: | TS low c0 00 03 00 Aug 26 13:30:43.698801: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.698803: | TS high c0 00 03 ff Aug 26 13:30:43.698806: | TSi: parsed 1 traffic selectors Aug 26 13:30:43.698808: | TSr: parsing 1 traffic selectors Aug 26 13:30:43.698811: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.698814: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.698817: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.698819: | length: 16 (0x10) Aug 26 13:30:43.698822: | start port: 0 (0x0) Aug 26 13:30:43.698824: | end port: 65535 (0xffff) Aug 26 13:30:43.698827: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.698829: | TS low c0 00 02 00 Aug 26 13:30:43.698832: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.698834: | TS high c0 00 02 ff Aug 26 13:30:43.698837: | TSr: parsed 1 traffic selectors Aug 26 13:30:43.698843: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:30:43.698848: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.698855: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:30:43.698858: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:30:43.698861: | TSi[0] port match: YES fitness 65536 Aug 26 13:30:43.698864: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:30:43.698868: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.698872: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.698878: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:30:43.698881: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:30:43.698886: | TSr[0] port match: YES fitness 65536 Aug 26 13:30:43.698890: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:30:43.698893: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.698895: | best fit so far: TSi[0] TSr[0] Aug 26 13:30:43.698898: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:30:43.698901: | printing contents struct traffic_selector Aug 26 13:30:43.698903: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.698906: | ipprotoid: 0 Aug 26 13:30:43.698908: | port range: 0-65535 Aug 26 13:30:43.698912: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:30:43.698915: | printing contents struct traffic_selector Aug 26 13:30:43.698917: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.698920: | ipprotoid: 0 Aug 26 13:30:43.698922: | port range: 0-65535 Aug 26 13:30:43.698926: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:30:43.698934: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.698938: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:30:43.698942: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.698945: | local proposal 1 type PRF has 0 transforms Aug 26 13:30:43.698947: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.698950: | local proposal 1 type DH has 1 transforms Aug 26 13:30:43.698952: | local proposal 1 type ESN has 1 transforms Aug 26 13:30:43.698956: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:30:43.698959: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.698962: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.698965: | length: 40 (0x28) Aug 26 13:30:43.698967: | prop #: 1 (0x1) Aug 26 13:30:43.698970: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.698972: | spi size: 4 (0x4) Aug 26 13:30:43.698975: | # transforms: 3 (0x3) Aug 26 13:30:43.698979: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:30:43.698981: | remote SPI 1b 00 0b a4 Aug 26 13:30:43.698984: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:30:43.698987: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.698990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.698993: | length: 12 (0xc) Aug 26 13:30:43.698995: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.698998: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.699001: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.699004: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.699006: | length/value: 256 (0x100) Aug 26 13:30:43.699011: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.699014: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.699017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.699019: | length: 8 (0x8) Aug 26 13:30:43.699022: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.699024: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.699028: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:30:43.699031: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.699034: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.699036: | length: 8 (0x8) Aug 26 13:30:43.699039: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.699042: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.699045: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:30:43.699050: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:30:43.699056: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:30:43.699059: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.699062: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 13:30:43.699068: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=1b000ba4;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:30:43.699071: | converting proposal to internal trans attrs Aug 26 13:30:43.699076: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 13:30:43.699080: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 13:30:43.699242: | #1 spent 1.04 milliseconds Aug 26 13:30:43.699247: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:30:43.699250: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Aug 26 13:30:43.699253: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.699256: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.699259: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.699263: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.699267: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.699270: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.699273: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.699277: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.699281: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 13:30:43.699284: | netlink: enabling tunnel mode Aug 26 13:30:43.699287: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.699309: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.699391: | netlink response for Add SA esp.1b000ba4@192.1.2.23 included non-error error Aug 26 13:30:43.699395: | set up outgoing SA, ref=0/0 Aug 26 13:30:43.699399: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.699402: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.699404: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.699408: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.699411: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 13:30:43.699413: | netlink: enabling tunnel mode Aug 26 13:30:43.699416: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.699419: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.699450: | netlink response for Add SA esp.42147c9c@192.1.3.33 included non-error error Aug 26 13:30:43.699454: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:30:43.699461: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:30:43.699464: | IPsec Sa SPD priority set to 1042407 Aug 26 13:30:43.699484: | raw_eroute result=success Aug 26 13:30:43.699487: | set up incoming SA, ref=0/0 Aug 26 13:30:43.699490: | sr for #2: unrouted Aug 26 13:30:43.699493: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:30:43.699496: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.699499: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.699502: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.699505: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.699509: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:30:43.699512: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:30:43.699519: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:30:43.699524: | IPsec Sa SPD priority set to 1042407 Aug 26 13:30:43.699534: | raw_eroute result=success Aug 26 13:30:43.699537: | running updown command "ipsec _updown" for verb up Aug 26 13:30:43.699540: | command executing up-client Aug 26 13:30:43.699566: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 13:30:43.699570: | popen cmd is 1052 chars long Aug 26 13:30:43.699573: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 13:30:43.699576: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:30:43.699579: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 13:30:43.699581: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 13:30:43.699585: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Aug 26 13:30:43.699587: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 13:30:43.699590: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:30:43.699593: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 13:30:43.699595: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Aug 26 13:30:43.699598: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:30:43.699600: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:30:43.699603: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:30:43.699606: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x42147c9c ipsec : Aug 26 13:30:43.699608: | cmd(1040):_updown 2>&1: Aug 26 13:30:43.711229: | route_and_eroute: firewall_notified: true Aug 26 13:30:43.711246: | running updown command "ipsec _updown" for verb prepare Aug 26 13:30:43.711250: | command executing prepare-client Aug 26 13:30:43.711284: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:30:43.711300: | popen cmd is 1057 chars long Aug 26 13:30:43.711303: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:30:43.711306: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 13:30:43.711308: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:43.711311: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:43.711313: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:43.711315: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:43.711318: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:43.711320: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 13:30:43.711323: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Aug 26 13:30:43.711325: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 13:30:43.711328: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 13:30:43.711331: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 13:30:43.711334: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x42147c9c i: Aug 26 13:30:43.711336: | cmd(1040):psec _updown 2>&1: Aug 26 13:30:43.721946: | running updown command "ipsec _updown" for verb route Aug 26 13:30:43.721970: | command executing route-client Aug 26 13:30:43.722006: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Aug 26 13:30:43.722012: | popen cmd is 1055 chars long Aug 26 13:30:43.722016: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:30:43.722019: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:30:43.722021: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:30:43.722024: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:30:43.722027: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:30:43.722030: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:30:43.722032: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:30:43.722035: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Aug 26 13:30:43.722038: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Aug 26 13:30:43.722044: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:30:43.722047: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:30:43.722050: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:30:43.722053: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x42147c9c ips: Aug 26 13:30:43.722055: | cmd(1040):ec _updown 2>&1: Aug 26 13:30:43.735069: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x5644e36140a8,sr=0x5644e36140a8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:30:43.735153: | #1 spent 1.83 milliseconds in install_ipsec_sa() Aug 26 13:30:43.735163: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:30:43.735168: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.735173: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:30:43.735182: | libevent_free: release ptr-libevent@0x5644e361bb68 Aug 26 13:30:43.735190: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fbb2c002b78 Aug 26 13:30:43.735197: | #2 spent 2.61 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:30:43.735206: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.735212: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:30:43.735215: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:30:43.735221: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:30:43.735224: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:30:43.735232: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:30:43.735239: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:43.735242: | pstats #2 ikev2.child established Aug 26 13:30:43.735252: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:30:43.735265: | NAT-T: encaps is 'auto' Aug 26 13:30:43.735270: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x1b000ba4 <0x42147c9c xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 13:30:43.735276: | releasing whack for #2 (sock=fd@27) Aug 26 13:30:43.735280: | close_any(fd@27) (in release_whack() at state.c:654) Aug 26 13:30:43.735283: | releasing whack and unpending for parent #1 Aug 26 13:30:43.735286: | unpending state #1 connection "northnet-eastnet" Aug 26 13:30:43.735312: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Aug 26 13:30:43.735317: | removing pending policy for no connection {0x5644e36068f8} Aug 26 13:30:43.735329: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 13:30:43.735336: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:30:43.735340: | event_schedule: new EVENT_SA_REKEY-pe@0x7fbb2c002b78 Aug 26 13:30:43.735344: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:30:43.735347: | libevent_malloc: new ptr-libevent@0x5644e361aaf8 size 128 Aug 26 13:30:43.735356: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.735363: | #1 spent 3.06 milliseconds in ikev2_process_packet() Aug 26 13:30:43.735368: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.735372: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.735375: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.735383: | spent 3.08 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.735397: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.735403: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.735408: | spent 0.00566 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.735410: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.735414: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.735417: | spent 0.00331 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.735419: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.735423: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.735426: | spent 0.00348 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.870101: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.870131: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:30:44.870136: | FOR_EACH_STATE_... in sort_states Aug 26 13:30:44.870145: | get_sa_info esp.42147c9c@192.1.3.33 Aug 26 13:30:44.870165: | get_sa_info esp.1b000ba4@192.1.2.23 Aug 26 13:30:44.870188: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.870196: | spent 0.105 milliseconds in whack Aug 26 13:30:50.184798: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.184818: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.184828: | spent 0.0103 milliseconds in kernel message Aug 26 13:30:50.238845: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.238867: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.238873: | spent 0.00733 milliseconds in kernel message Aug 26 13:30:50.291199: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.291218: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:30:50.291223: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 13:30:50.291228: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Aug 26 13:30:50.291231: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:30:50.291238: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.291243: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.291248: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.291251: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:50.291255: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:50.291258: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:50.291261: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 13:30:50.291264: | running updown command "ipsec _updown" for verb down Aug 26 13:30:50.291267: | command executing down-client Aug 26 13:30:50.291298: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 13:30:50.291306: | popen cmd is 1063 chars long Aug 26 13:30:50.291310: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 13:30:50.291315: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 13:30:50.291318: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 13:30:50.291321: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 13:30:50.291323: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 13:30:50.291326: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 13:30:50.291329: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:30:50.291331: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_P: Aug 26 13:30:50.291334: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 13:30:50.291337: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 13:30:50.291339: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 13:30:50.291342: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 13:30:50.291343: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x4214: Aug 26 13:30:50.291345: | cmd(1040):7c9c ipsec _updown 2>&1: Aug 26 13:30:50.300595: | running updown command "ipsec _updown" for verb unroute Aug 26 13:30:50.300609: | command executing unroute-client Aug 26 13:30:50.300632: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Aug 26 13:30:50.300636: | popen cmd is 1066 chars long Aug 26 13:30:50.300638: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:30:50.300640: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 13:30:50.300642: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:50.300644: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:50.300645: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:50.300660: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:50.300662: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:50.300663: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CON: Aug 26 13:30:50.300665: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 13:30:50.300667: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 13:30:50.300668: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 13:30:50.300672: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 13:30:50.300674: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x4: Aug 26 13:30:50.300675: | cmd(1040):2147c9c ipsec _updown 2>&1: Aug 26 13:30:50.310525: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310543: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310547: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310549: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310550: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310554: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310606: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310613: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310615: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310617: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310619: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310627: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310676: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310683: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310685: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.310687: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.320122: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x5644e3618388 Aug 26 13:30:50.320145: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 13:30:50.320151: | libevent_malloc: new ptr-libevent@0x5644e3617f08 size 128 Aug 26 13:30:50.320166: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.320173: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:30:50.320175: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:30:50.320178: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:30:50.320188: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.320192: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.320196: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.320199: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.320209: | spent 1.12 milliseconds in kernel message Aug 26 13:30:50.320227: | timer_event_cb: processing event@0x5644e3618388 Aug 26 13:30:50.320232: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:30:50.320238: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:30:50.320243: | #1 IKEv2 local address change Aug 26 13:30:50.320525: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23 and gateway 192.1.8.254 Aug 26 13:30:50.320535: | Opening output PBS mobike informational request Aug 26 13:30:50.320539: | **emit ISAKMP Message: Aug 26 13:30:50.320542: | initiator cookie: Aug 26 13:30:50.320545: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:50.320548: | responder cookie: Aug 26 13:30:50.320550: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.320553: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:50.320555: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:50.320558: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:50.320563: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:50.320565: | Message ID: 2 (0x2) Aug 26 13:30:50.320572: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:50.320576: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:50.320579: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:50.320582: | flags: none (0x0) Aug 26 13:30:50.320585: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:50.320588: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:50.320592: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:50.320609: | Adding a v2N Payload Aug 26 13:30:50.320612: | ****emit IKEv2 Notify Payload: Aug 26 13:30:50.320615: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:50.320618: | flags: none (0x0) Aug 26 13:30:50.320621: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:50.320624: | SPI size: 0 (0x0) Aug 26 13:30:50.320627: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:50.320630: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:50.320633: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:50.320636: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:50.320639: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:50.320662: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:50.320666: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:50.320669: | natd_hash: rcookie= 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.320671: | natd_hash: ip= c0 01 08 16 Aug 26 13:30:50.320673: | natd_hash: port=500 Aug 26 13:30:50.320676: | natd_hash: hash= 9c 8b f0 d0 b5 40 12 ef c4 15 73 b1 8e 8e 36 c0 Aug 26 13:30:50.320678: | natd_hash: hash= bb 02 a0 22 Aug 26 13:30:50.320680: | Adding a v2N Payload Aug 26 13:30:50.320683: | ****emit IKEv2 Notify Payload: Aug 26 13:30:50.320685: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:50.320688: | flags: none (0x0) Aug 26 13:30:50.320691: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:50.320693: | SPI size: 0 (0x0) Aug 26 13:30:50.320696: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:50.320699: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:50.320702: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:50.320705: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:50.320708: | Notify data 9c 8b f0 d0 b5 40 12 ef c4 15 73 b1 8e 8e 36 c0 Aug 26 13:30:50.320711: | Notify data bb 02 a0 22 Aug 26 13:30:50.320713: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:50.320721: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:30:50.320724: | natd_hash: icookie= c1 0c 6a f1 31 90 61 76 Aug 26 13:30:50.320726: | natd_hash: rcookie= 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.320729: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:50.320731: | natd_hash: port=500 Aug 26 13:30:50.320733: | natd_hash: hash= fe a7 84 5e ed 0d c6 f0 c2 e0 2c 4c 9a c1 25 05 Aug 26 13:30:50.320748: | natd_hash: hash= 6c 05 37 38 Aug 26 13:30:50.320750: | Adding a v2N Payload Aug 26 13:30:50.320753: | ****emit IKEv2 Notify Payload: Aug 26 13:30:50.320755: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:50.320757: | flags: none (0x0) Aug 26 13:30:50.320760: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:50.320762: | SPI size: 0 (0x0) Aug 26 13:30:50.320764: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:50.320768: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:50.320773: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:50.320776: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:50.320779: | Notify data fe a7 84 5e ed 0d c6 f0 c2 e0 2c 4c 9a c1 25 05 Aug 26 13:30:50.320781: | Notify data 6c 05 37 38 Aug 26 13:30:50.320783: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:50.320786: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:50.320789: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:50.320793: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:50.320795: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 13:30:50.320798: | emitting length of ISAKMP Message: 121 Aug 26 13:30:50.320822: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:50.320826: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.320829: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 13:30:50.320832: | 31 35 69 ea 38 d9 06 7f 19 4e 2d a1 63 06 d9 74 Aug 26 13:30:50.320834: | 64 a8 4c 1e 66 1f bd c2 bf 77 e9 69 4a 5f 89 56 Aug 26 13:30:50.320836: | 14 b7 cf 02 db 5a e9 3e 25 0f 38 61 8a d1 99 c8 Aug 26 13:30:50.320839: | 11 97 ee 0d 40 f6 e3 3b a0 96 6c ce 6f 9f 84 c8 Aug 26 13:30:50.320841: | 33 92 ad 01 e5 85 3b d9 cd 9b 6f cd 7f 46 53 5e Aug 26 13:30:50.320844: | 5f 0d f8 73 25 fc e1 7d 7c Aug 26 13:30:50.320947: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:50.320957: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 13:30:50.320962: | libevent_free: release ptr-libevent@0x5644e3617f08 Aug 26 13:30:50.320965: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x5644e3618388 Aug 26 13:30:50.320972: | #1 spent 0.661 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:30:50.320978: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:30:50.320982: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.320990: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.320994: | spent 0.00696 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.320997: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.321002: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.321006: | spent 0.00429 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.321718: | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:50.321745: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:30:50.321750: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.321753: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 13:30:50.321755: | 51 97 c0 3e 86 4e 42 a6 f4 52 d9 b7 56 f5 9c 63 Aug 26 13:30:50.321757: | 3f 3c b7 78 f0 f6 e7 3f e2 b9 8e c6 91 2f 63 fe Aug 26 13:30:50.321760: | 3f c8 7d 15 68 7a b1 02 15 45 09 9d e6 92 bf 20 Aug 26 13:30:50.321762: | 8c fd b9 71 dd 94 46 a8 19 c5 9e 03 4e ab 9a 84 Aug 26 13:30:50.321764: | 38 36 df 6a 8f ea b4 ab 38 4b 26 a2 3a 9e 8a a6 Aug 26 13:30:50.321766: | 87 Aug 26 13:30:50.321771: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:50.321775: | **parse ISAKMP Message: Aug 26 13:30:50.321778: | initiator cookie: Aug 26 13:30:50.321780: | c1 0c 6a f1 31 90 61 76 Aug 26 13:30:50.321783: | responder cookie: Aug 26 13:30:50.321785: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:30:50.321788: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:50.321791: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:50.321796: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:50.321800: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:50.321802: | Message ID: 2 (0x2) Aug 26 13:30:50.321805: | length: 113 (0x71) Aug 26 13:30:50.321808: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:50.321811: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:30:50.321815: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:30:50.321822: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:50.321827: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:50.321830: | #1 is idle Aug 26 13:30:50.321832: | #1 idle Aug 26 13:30:50.321834: | unpacking clear payload Aug 26 13:30:50.321837: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:50.321840: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:50.321843: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:50.321845: | flags: none (0x0) Aug 26 13:30:50.321848: | length: 85 (0x55) Aug 26 13:30:50.321851: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 13:30:50.321854: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:30:50.321871: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:50.321875: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:50.321878: | **parse IKEv2 Notify Payload: Aug 26 13:30:50.321881: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:50.321884: | flags: none (0x0) Aug 26 13:30:50.321886: | length: 28 (0x1c) Aug 26 13:30:50.321889: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:50.321891: | SPI size: 0 (0x0) Aug 26 13:30:50.321894: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:50.321897: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:50.321899: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:50.321902: | **parse IKEv2 Notify Payload: Aug 26 13:30:50.321905: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:50.321907: | flags: none (0x0) Aug 26 13:30:50.321910: | length: 28 (0x1c) Aug 26 13:30:50.321912: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:50.321915: | SPI size: 0 (0x0) Aug 26 13:30:50.321917: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:50.321920: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:50.321923: | selected state microcode I3: Informational Request Aug 26 13:30:50.321926: | Now let's proceed with state specific processing Aug 26 13:30:50.321928: | calling processor I3: Informational Request Aug 26 13:30:50.321932: | an informational response Aug 26 13:30:50.321935: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 13:30:50.321938: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 13:30:50.321944: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 13:30:50.321950: | initiator migrate kernel SA esp.1b000ba4@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Aug 26 13:30:50.322005: | initiator migrate kernel SA esp.42147c9c@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Aug 26 13:30:50.322036: | initiator migrate kernel SA esp.42147c9c@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Aug 26 13:30:50.322048: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 13:30:50.322055: | free hp@0x5644e36159c8 Aug 26 13:30:50.322061: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:50.322064: | new hp@0x5644e36159c8 Aug 26 13:30:50.322068: | running updown command "ipsec _updown" for verb up Aug 26 13:30:50.322071: | command executing up-client Aug 26 13:30:50.322098: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:30:50.322104: | popen cmd is 1062 chars long Aug 26 13:30:50.322108: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 13:30:50.322111: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Aug 26 13:30:50.322113: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 13:30:50.322116: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:30:50.322118: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 13:30:50.322121: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 13:30:50.322124: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 13:30:50.322126: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_PO: Aug 26 13:30:50.322129: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Aug 26 13:30:50.322131: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Aug 26 13:30:50.322134: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Aug 26 13:30:50.322136: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Aug 26 13:30:50.322139: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x42147: Aug 26 13:30:50.322141: | cmd(1040):c9c ipsec _updown 2>&1: Aug 26 13:30:50.331755: | running updown command "ipsec _updown" for verb route Aug 26 13:30:50.331775: | command executing route-client Aug 26 13:30:50.331801: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 13:30:50.331805: | popen cmd is 1065 chars long Aug 26 13:30:50.331807: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:30:50.331809: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Aug 26 13:30:50.331816: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 13:30:50.331817: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 13:30:50.331819: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 13:30:50.331821: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:30:50.331823: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:30:50.331824: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN: Aug 26 13:30:50.331826: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Aug 26 13:30:50.331828: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 13:30:50.331829: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 13:30:50.331831: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 13:30:50.331833: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x42: Aug 26 13:30:50.331834: | cmd(1040):147c9c ipsec _updown 2>&1: Aug 26 13:30:50.344228: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:50.344243: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Aug 26 13:30:50.344247: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 13:30:50.344256: | #1 spent 1.08 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 13:30:50.344260: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:50.344263: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:30:50.344266: | Message ID: updating counters for #1 to 2 after switching state Aug 26 13:30:50.344270: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 13:30:50.344273: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:50.344275: | STATE_PARENT_I3: PARENT SA established Aug 26 13:30:50.344281: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:50.344285: | #1 spent 1.31 milliseconds in ikev2_process_packet() Aug 26 13:30:50.344293: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:50.344303: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:50.344306: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:50.344309: | spent 1.33 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:50.344338: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.344342: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.344345: | spent 0.00413 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.344347: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.344349: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.344352: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:03.382340: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:31:03.382360: | expiring aged bare shunts from shunt table Aug 26 13:31:03.382367: | spent 0.00498 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:31:04.789148: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:04.789245: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:31:04.789265: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:04.789324: | get_sa_info esp.42147c9c@192.1.8.22 Aug 26 13:31:04.789404: | get_sa_info esp.1b000ba4@192.1.2.23 Aug 26 13:31:04.789481: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:04.789504: | spent 0.385 milliseconds in whack Aug 26 13:31:05.015336: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:05.015559: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:05.015565: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:05.015623: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:31:05.015626: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:05.015637: | get_sa_info esp.42147c9c@192.1.8.22 Aug 26 13:31:05.015653: | get_sa_info esp.1b000ba4@192.1.2.23 Aug 26 13:31:05.015684: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:05.015705: | spent 0.362 milliseconds in whack Aug 26 13:31:05.314600: | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:05.314623: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:31:05.314627: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.314630: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:05.314632: | b2 09 b1 d0 d9 38 1a 8c b4 7c 60 54 fd 09 2a 9d Aug 26 13:31:05.314635: | 6f 21 b8 18 17 e5 a6 73 15 91 b9 cb 38 c8 94 bd Aug 26 13:31:05.314636: | 85 ed 12 7a 8a Aug 26 13:31:05.314643: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:31:05.314647: | **parse ISAKMP Message: Aug 26 13:31:05.314650: | initiator cookie: Aug 26 13:31:05.314653: | c1 0c 6a f1 31 90 61 76 Aug 26 13:31:05.314655: | responder cookie: Aug 26 13:31:05.314658: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.314661: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:05.314663: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.314666: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.314670: | flags: none (0x0) Aug 26 13:31:05.314672: | Message ID: 0 (0x0) Aug 26 13:31:05.314675: | length: 69 (0x45) Aug 26 13:31:05.314678: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:05.314681: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:05.314685: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:05.314692: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:05.314695: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:05.314700: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:05.314704: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:31:05.314708: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 13:31:05.314711: | unpacking clear payload Aug 26 13:31:05.314714: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:05.314718: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:05.314721: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:05.314724: | flags: none (0x0) Aug 26 13:31:05.314727: | length: 41 (0x29) Aug 26 13:31:05.314729: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:31:05.314734: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:31:05.314737: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:05.314758: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:05.314762: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:05.314765: | **parse IKEv2 Delete Payload: Aug 26 13:31:05.314767: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.314771: | flags: none (0x0) Aug 26 13:31:05.314774: | length: 12 (0xc) Aug 26 13:31:05.314776: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:05.314778: | SPI size: 4 (0x4) Aug 26 13:31:05.314780: | number of SPIs: 1 (0x1) Aug 26 13:31:05.314782: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:31:05.314785: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:05.314787: | Now let's proceed with state specific processing Aug 26 13:31:05.314789: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:05.314793: | an informational request should send a response Aug 26 13:31:05.314816: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:05.314820: | **emit ISAKMP Message: Aug 26 13:31:05.314822: | initiator cookie: Aug 26 13:31:05.314825: | c1 0c 6a f1 31 90 61 76 Aug 26 13:31:05.314827: | responder cookie: Aug 26 13:31:05.314829: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.314832: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.314834: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.314836: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.314839: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:05.314842: | Message ID: 0 (0x0) Aug 26 13:31:05.314844: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.314847: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:05.314850: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.314852: | flags: none (0x0) Aug 26 13:31:05.314855: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:05.314858: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:05.314861: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:05.314873: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:31:05.314875: | SPI 1b 00 0b a4 Aug 26 13:31:05.314878: | delete PROTO_v2_ESP SA(0x1b000ba4) Aug 26 13:31:05.314881: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:31:05.314907: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:31:05.314909: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x1b000ba4) Aug 26 13:31:05.314913: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:31:05.314916: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:05.314919: | libevent_free: release ptr-libevent@0x5644e361aaf8 Aug 26 13:31:05.314924: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fbb2c002b78 Aug 26 13:31:05.314927: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fbb2c002b78 Aug 26 13:31:05.314931: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:31:05.314934: | libevent_malloc: new ptr-libevent@0x5644e36209d8 size 128 Aug 26 13:31:05.314938: | ****emit IKEv2 Delete Payload: Aug 26 13:31:05.314941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.314943: | flags: none (0x0) Aug 26 13:31:05.314946: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:05.314948: | SPI size: 4 (0x4) Aug 26 13:31:05.314950: | number of SPIs: 1 (0x1) Aug 26 13:31:05.314953: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:05.314956: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:05.314959: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:31:05.314962: | local SPIs 42 14 7c 9c Aug 26 13:31:05.314964: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:31:05.314967: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:05.314971: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:05.314974: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:05.314977: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:31:05.314979: | emitting length of ISAKMP Message: 69 Aug 26 13:31:05.315010: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:31:05.315013: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.315015: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:05.315017: | b0 fc 69 15 ec 32 4b 1d 05 96 ce c7 07 c1 c5 83 Aug 26 13:31:05.315020: | b7 9d f3 4f e6 b5 d4 09 0e da 18 9f ea 65 a9 c8 Aug 26 13:31:05.315022: | 4c a3 e3 2b b4 Aug 26 13:31:05.315052: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:05.315058: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:05.315064: | #1 spent 0.255 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:31:05.315069: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:05.315073: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:31:05.315076: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:31:05.315080: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:31:05.315084: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:31:05.315087: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:31:05.315092: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:05.315096: | #1 spent 0.47 milliseconds in ikev2_process_packet() Aug 26 13:31:05.315100: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:31:05.315104: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:05.315107: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:05.315110: | spent 0.484 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:05.315117: | timer_event_cb: processing event@0x7fbb2c002b78 Aug 26 13:31:05.315121: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:31:05.315126: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:05.315130: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:05.315133: | replacing stale CHILD SA Aug 26 13:31:05.315137: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:31:05.315140: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:31:05.315144: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:31:05.315148: | creating state object #3 at 0x5644e3620a88 Aug 26 13:31:05.315151: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:31:05.315171: | pstats #3 ikev2.child started Aug 26 13:31:05.315174: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Aug 26 13:31:05.315178: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:31:05.315184: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:31:05.315188: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:05.315192: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:05.315194: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:31:05.315197: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:31:05.315201: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Aug 26 13:31:05.315204: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:31:05.315209: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:05.315211: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:05.315215: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:31:05.315217: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x5644e3618388 Aug 26 13:31:05.315220: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:31:05.315222: | libevent_malloc: new ptr-libevent@0x5644e3617f08 size 128 Aug 26 13:31:05.315225: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:31:05.315227: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5644e361bb68 Aug 26 13:31:05.315229: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:31:05.315231: | libevent_malloc: new ptr-libevent@0x5644e3620878 size 128 Aug 26 13:31:05.315233: | libevent_free: release ptr-libevent@0x5644e36209d8 Aug 26 13:31:05.315235: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fbb2c002b78 Aug 26 13:31:05.315238: | #2 spent 0.121 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:31:05.315240: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:05.315244: | timer_event_cb: processing event@0x5644e3618388 Aug 26 13:31:05.315246: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:31:05.315248: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:31:05.315252: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:31:05.315255: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fbb2c002b78 Aug 26 13:31:05.315257: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:31:05.315259: | libevent_malloc: new ptr-libevent@0x5644e36209d8 size 128 Aug 26 13:31:05.315264: | libevent_free: release ptr-libevent@0x5644e3617f08 Aug 26 13:31:05.315268: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x5644e3618388 Aug 26 13:31:05.315271: | crypto helper 2 resuming Aug 26 13:31:05.315272: | #3 spent 0.0273 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:31:05.315284: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:31:05.315305: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:31:05.315287: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:31:05.315335: | timer_event_cb: processing event@0x5644e361bb68 Aug 26 13:31:05.315338: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:31:05.315342: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:05.315345: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:05.315348: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:31:05.315351: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:31:05.315353: | pstats #2 ikev2.child deleted completed Aug 26 13:31:05.315358: | #2 spent 2.74 milliseconds in total Aug 26 13:31:05.315363: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:05.315367: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 21.663s and NOT sending notification Aug 26 13:31:05.315370: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:31:05.315374: | get_sa_info esp.1b000ba4@192.1.2.23 Aug 26 13:31:05.315388: | get_sa_info esp.42147c9c@192.1.8.22 Aug 26 13:31:05.315395: "northnet-eastnet" #2: ESP traffic information: in=336B out=336B Aug 26 13:31:05.315399: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:31:05.315440: | running updown command "ipsec _updown" for verb down Aug 26 13:31:05.315444: | command executing down-client Aug 26 13:31:05.315487: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 13:31:05.315491: | popen cmd is 1064 chars long Aug 26 13:31:05.315494: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 13:31:05.315497: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Aug 26 13:31:05.315499: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:31:05.315502: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:31:05.315505: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:31:05.315508: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:31:05.315510: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:31:05.315513: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_: Aug 26 13:31:05.315516: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Aug 26 13:31:05.315518: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 13:31:05.315521: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 13:31:05.315524: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 13:31:05.315527: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1b000ba4 SPI_OUT=0x421: Aug 26 13:31:05.315529: | cmd(1040):47c9c ipsec _updown 2>&1: Aug 26 13:31:05.316217: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000927 seconds Aug 26 13:31:05.316230: | (#3) spent 0.921 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:31:05.316234: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:31:05.316238: | scheduling resume sending helper answer for #3 Aug 26 13:31:05.316241: | libevent_malloc: new ptr-libevent@0x7fbb28002888 size 128 Aug 26 13:31:05.316258: | crypto helper 2 waiting (nothing to do) Aug 26 13:31:05.322845: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:31:05.322856: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:05.322859: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:05.322863: | IPsec Sa SPD priority set to 1042407 Aug 26 13:31:05.322888: | delete esp.1b000ba4@192.1.2.23 Aug 26 13:31:05.322902: | netlink response for Del SA esp.1b000ba4@192.1.2.23 included non-error error Aug 26 13:31:05.322907: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:05.322914: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 13:31:05.322932: | raw_eroute result=success Aug 26 13:31:05.322936: | delete esp.42147c9c@192.1.8.22 Aug 26 13:31:05.322948: | netlink response for Del SA esp.42147c9c@192.1.8.22 included non-error error Aug 26 13:31:05.322973: | in connection_discard for connection northnet-eastnet Aug 26 13:31:05.322976: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:31:05.322980: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:05.323001: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:05.323017: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:31:05.323020: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:31:05.323037: | libevent_free: release ptr-libevent@0x5644e3620878 Aug 26 13:31:05.323041: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5644e361bb68 Aug 26 13:31:05.323045: | in statetime_stop() and could not find #2 Aug 26 13:31:05.323048: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:05.323061: | processing resume sending helper answer for #3 Aug 26 13:31:05.323068: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:31:05.323072: | crypto helper 2 replies to request ID 3 Aug 26 13:31:05.323075: | calling continuation function 0x5644e21e8b50 Aug 26 13:31:05.323081: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Aug 26 13:31:05.323085: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:31:05.323088: | libevent_free: release ptr-libevent@0x5644e36209d8 Aug 26 13:31:05.323092: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fbb2c002b78 Aug 26 13:31:05.323096: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fbb2c002b78 Aug 26 13:31:05.323100: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:31:05.323103: | libevent_malloc: new ptr-libevent@0x5644e3620878 size 128 Aug 26 13:31:05.323109: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:31:05.323113: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:31:05.323117: | libevent_malloc: new ptr-libevent@0x5644e3617f08 size 128 Aug 26 13:31:05.323123: | [RE]START processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:05.323128: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:31:05.323131: | suspending state #3 and saving MD Aug 26 13:31:05.323133: | #3 is busy; has a suspended MD Aug 26 13:31:05.323138: | [RE]START processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:31:05.323142: | "northnet-eastnet" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:31:05.323146: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:31:05.323151: | #3 spent 0.0777 milliseconds in resume sending helper answer Aug 26 13:31:05.323157: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:31:05.323160: | libevent_free: release ptr-libevent@0x7fbb28002888 Aug 26 13:31:05.323163: | processing signal PLUTO_SIGCHLD Aug 26 13:31:05.323168: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:05.323172: | spent 0.005 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:05.323177: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:31:05.323181: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:31:05.323187: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:31:05.323192: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:31:05.323196: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:31:05.323221: | **emit ISAKMP Message: Aug 26 13:31:05.323224: | initiator cookie: Aug 26 13:31:05.323227: | c1 0c 6a f1 31 90 61 76 Aug 26 13:31:05.323229: | responder cookie: Aug 26 13:31:05.323232: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.323235: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.323238: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.323241: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:31:05.323245: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:31:05.323248: | Message ID: 3 (0x3) Aug 26 13:31:05.323250: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.323253: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:05.323256: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.323259: | flags: none (0x0) Aug 26 13:31:05.323262: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:05.323265: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.323269: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:05.323293: | netlink_get_spi: allocated 0xe1788761 for esp.0@192.1.8.22 Aug 26 13:31:05.323310: | Emitting ikev2_proposals ... Aug 26 13:31:05.323315: | ****emit IKEv2 Security Association Payload: Aug 26 13:31:05.323317: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.323320: | flags: none (0x0) Aug 26 13:31:05.323324: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:31:05.323327: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.323330: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:05.323333: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:31:05.323348: | prop #: 1 (0x1) Aug 26 13:31:05.323351: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:31:05.323354: | spi size: 4 (0x4) Aug 26 13:31:05.323356: | # transforms: 4 (0x4) Aug 26 13:31:05.323359: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:05.323363: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:31:05.323366: | our spi e1 78 87 61 Aug 26 13:31:05.323368: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.323371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323374: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:05.323377: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:31:05.323381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.323386: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:05.323389: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:05.323392: | length/value: 256 (0x100) Aug 26 13:31:05.323395: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:05.323398: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.323401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323404: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:05.323406: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:31:05.323410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.323415: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.323418: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.323421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323423: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.323426: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.323429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323431: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.323434: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.323436: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.323439: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:05.323442: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:31:05.323445: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:31:05.323448: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.323451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.323454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.323457: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:31:05.323460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:05.323463: | emitting length of IKEv2 Security Association Payload: 52 Aug 26 13:31:05.323465: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:31:05.323469: "northnet-eastnet" #3: CHILD SA to rekey #2 vanished abort this exchange Aug 26 13:31:05.323472: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:31:05.323478: | [RE]START processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:05.323482: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:31:05.323520: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:31:05.323527: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:31:05.323531: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:31:05.323536: | #1 spent 0.347 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:31:05.323541: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:31:05.323544: | libevent_free: release ptr-libevent@0x5644e3617f08 Aug 26 13:31:05.323556: | spent 0.00169 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:05.323571: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:31:05.323574: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.323576: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:31:05.323578: | b4 3a 48 d6 77 f8 c4 78 26 55 25 25 04 34 59 af Aug 26 13:31:05.323581: | 70 43 60 54 53 13 bf fa 4a 64 b6 ab 41 12 0a e2 Aug 26 13:31:05.323583: | 09 Aug 26 13:31:05.323586: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:31:05.323590: | **parse ISAKMP Message: Aug 26 13:31:05.323592: | initiator cookie: Aug 26 13:31:05.323595: | c1 0c 6a f1 31 90 61 76 Aug 26 13:31:05.323597: | responder cookie: Aug 26 13:31:05.323600: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.323602: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:05.323605: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.323607: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.323610: | flags: none (0x0) Aug 26 13:31:05.323612: | Message ID: 1 (0x1) Aug 26 13:31:05.323615: | length: 65 (0x41) Aug 26 13:31:05.323617: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:05.323621: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:05.323624: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:05.323629: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:05.323632: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:05.323636: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:05.323639: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:31:05.323642: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 13:31:05.323645: | unpacking clear payload Aug 26 13:31:05.323647: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:05.323650: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:05.323652: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:05.323655: | flags: none (0x0) Aug 26 13:31:05.323657: | length: 37 (0x25) Aug 26 13:31:05.323659: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:31:05.323663: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:31:05.323666: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:05.323680: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:05.323683: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:05.323686: | **parse IKEv2 Delete Payload: Aug 26 13:31:05.323688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.323690: | flags: none (0x0) Aug 26 13:31:05.323693: | length: 8 (0x8) Aug 26 13:31:05.323695: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:31:05.323697: | SPI size: 0 (0x0) Aug 26 13:31:05.323699: | number of SPIs: 0 (0x0) Aug 26 13:31:05.323702: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:31:05.323704: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:05.323707: | Now let's proceed with state specific processing Aug 26 13:31:05.323709: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:05.323712: | an informational request should send a response Aug 26 13:31:05.323717: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:05.323720: | **emit ISAKMP Message: Aug 26 13:31:05.323722: | initiator cookie: Aug 26 13:31:05.323725: | c1 0c 6a f1 31 90 61 76 Aug 26 13:31:05.323727: | responder cookie: Aug 26 13:31:05.323731: | 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.323733: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.323736: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.323738: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.323741: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:05.323743: | Message ID: 1 (0x1) Aug 26 13:31:05.323746: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.323748: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:05.323751: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.323753: | flags: none (0x0) Aug 26 13:31:05.323757: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:05.323759: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:05.323762: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:05.323767: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:05.323770: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:05.323773: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:05.323775: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:31:05.323778: | emitting length of ISAKMP Message: 57 Aug 26 13:31:05.323793: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:31:05.323796: | c1 0c 6a f1 31 90 61 76 15 04 c6 8e 39 77 35 d8 Aug 26 13:31:05.323799: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:31:05.323801: | b9 72 3e e1 84 8a 04 41 97 6e 5f 2f 97 7d 6d 8e Aug 26 13:31:05.323803: | 4f 44 1c f8 fe dd 90 58 01 Aug 26 13:31:05.323838: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:05.323846: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:05.323850: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:31:05.323854: | pstats #3 ikev2.child deleted other Aug 26 13:31:05.323857: | #3 spent 1.03 milliseconds in total Aug 26 13:31:05.323862: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:05.323866: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:05.323870: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification Aug 26 13:31:05.323874: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:31:05.323877: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:31:05.323880: | libevent_free: release ptr-libevent@0x5644e3620878 Aug 26 13:31:05.323883: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fbb2c002b78 Aug 26 13:31:05.323887: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:05.323894: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 13:31:05.323907: | raw_eroute result=success Aug 26 13:31:05.323912: | in connection_discard for connection northnet-eastnet Aug 26 13:31:05.323915: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:31:05.323922: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:05.323944: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:05.323950: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:05.323956: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:31:05.323959: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:31:05.323962: | pstats #1 ikev2.ike deleted completed Aug 26 13:31:05.323966: | #1 spent 10.3 milliseconds in total Aug 26 13:31:05.323970: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:05.323973: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 21.679s and NOT sending notification Aug 26 13:31:05.323976: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:31:05.324007: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:05.324011: | libevent_free: release ptr-libevent@0x7fbb24000f48 Aug 26 13:31:05.324016: | free_event_entry: release EVENT_SA_REKEY-pe@0x5644e3618218 Aug 26 13:31:05.324019: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:05.324022: | picked newest_isakmp_sa #0 for #1 Aug 26 13:31:05.324025: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:05.324028: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Aug 26 13:31:05.324031: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:31:05.324034: | in connection_discard for connection northnet-eastnet Aug 26 13:31:05.324037: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:31:05.324040: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:31:05.324058: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:05.324083: | in statetime_stop() and could not find #1 Aug 26 13:31:05.324087: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:05.324091: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:31:05.324093: | STF_OK but no state object remains Aug 26 13:31:05.324096: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:05.324098: | in statetime_stop() and could not find #1 Aug 26 13:31:05.324102: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:31:05.324105: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:05.324108: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:05.324113: | spent 0.532 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:05.324118: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:31:05.324121: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Aug 26 13:31:05.324124: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:31:05.324128: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:31:05.324131: | connection 'northnet-eastnet' +POLICY_UP Aug 26 13:31:05.324134: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:31:05.324137: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:31:05.324142: | creating state object #4 at 0x5644e361ae98 Aug 26 13:31:05.324146: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:31:05.324151: | pstats #4 ikev2.ike started Aug 26 13:31:05.324155: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:31:05.324158: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:31:05.324163: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:31:05.324169: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:31:05.324173: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:31:05.324178: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:31:05.324182: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Aug 26 13:31:05.324186: "northnet-eastnet" #4: initiating v2 parent SA Aug 26 13:31:05.324202: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:31:05.324207: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:31:05.324211: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fbb28002b78 Aug 26 13:31:05.324214: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:31:05.324218: | libevent_malloc: new ptr-libevent@0x5644e3617f08 size 128 Aug 26 13:31:05.324227: | #4 spent 0.0981 milliseconds in ikev2_parent_outI1() Aug 26 13:31:05.324247: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:31:05.324251: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:31:05.324253: | crypto helper 5 resuming Aug 26 13:31:05.324254: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:31:05.324267: | crypto helper 5 starting work-order 4 for state #4 Aug 26 13:31:05.324274: | spent 0.147 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:31:05.324276: | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:31:05.324870: | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000594 seconds Aug 26 13:31:05.324879: | (#4) spent 0.565 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:31:05.324882: | crypto helper 5 sending results from work-order 4 for state #4 to event queue Aug 26 13:31:05.324884: | scheduling resume sending helper answer for #4 Aug 26 13:31:05.324886: | libevent_malloc: new ptr-libevent@0x7fbb1c002888 size 128 Aug 26 13:31:05.324892: | crypto helper 5 waiting (nothing to do) Aug 26 13:31:05.324900: | processing resume sending helper answer for #4 Aug 26 13:31:05.324910: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:31:05.324914: | crypto helper 5 replies to request ID 4 Aug 26 13:31:05.324917: | calling continuation function 0x5644e21e8b50 Aug 26 13:31:05.324919: | ikev2_parent_outI1_continue for #4 Aug 26 13:31:05.324924: | **emit ISAKMP Message: Aug 26 13:31:05.324926: | initiator cookie: Aug 26 13:31:05.324929: | 58 53 db a0 9a 3d 47 7b Aug 26 13:31:05.324931: | responder cookie: Aug 26 13:31:05.324933: | 00 00 00 00 00 00 00 00 Aug 26 13:31:05.324936: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.324939: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.324941: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:31:05.324944: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:31:05.324947: | Message ID: 0 (0x0) Aug 26 13:31:05.324949: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.324964: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:31:05.324969: | Emitting ikev2_proposals ... Aug 26 13:31:05.324972: | ***emit IKEv2 Security Association Payload: Aug 26 13:31:05.324975: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.324978: | flags: none (0x0) Aug 26 13:31:05.324981: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:31:05.324984: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.324987: | discarding INTEG=NONE Aug 26 13:31:05.324990: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:05.324992: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.324995: | prop #: 1 (0x1) Aug 26 13:31:05.324998: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:05.325000: | spi size: 0 (0x0) Aug 26 13:31:05.325003: | # transforms: 11 (0xb) Aug 26 13:31:05.325006: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:05.325008: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325014: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:05.325016: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:31:05.325019: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325022: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:05.325025: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:05.325027: | length/value: 256 (0x100) Aug 26 13:31:05.325030: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:05.325033: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325036: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325038: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325041: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:05.325044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325047: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325050: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325053: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325058: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325061: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:05.325064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325070: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325072: | discarding INTEG=NONE Aug 26 13:31:05.325075: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325084: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.325088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325094: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325097: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325107: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:05.325110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325113: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325116: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325118: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325120: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325125: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:05.325129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325136: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325139: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325141: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325144: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:05.325147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325153: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325155: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325163: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:05.325166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325172: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325174: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325179: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325182: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:05.325185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325191: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325195: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325203: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:05.325207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325212: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325215: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325218: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:05.325220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325223: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:05.325226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325232: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325235: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:31:05.325238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:05.325240: | discarding INTEG=NONE Aug 26 13:31:05.325243: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:05.325246: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.325248: | prop #: 2 (0x2) Aug 26 13:31:05.325251: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:05.325253: | spi size: 0 (0x0) Aug 26 13:31:05.325255: | # transforms: 11 (0xb) Aug 26 13:31:05.325257: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.325259: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:05.325261: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325264: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:05.325265: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:31:05.325267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325269: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:05.325271: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:05.325272: | length/value: 128 (0x80) Aug 26 13:31:05.325274: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:05.325276: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325279: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325280: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:05.325282: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325286: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325304: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325322: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325323: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325325: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:05.325330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325334: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325335: | discarding INTEG=NONE Aug 26 13:31:05.325337: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325342: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.325344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325347: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325349: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325365: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325367: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:05.325369: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325372: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325374: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325375: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325379: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:05.325381: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325384: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325386: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325389: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325390: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:05.325392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325397: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325402: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:05.325404: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325406: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325407: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325410: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325412: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325415: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:05.325417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325420: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325426: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:05.325428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325433: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325435: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:05.325437: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325438: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:05.325440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325442: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325444: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325445: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:31:05.325447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:05.325449: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:05.325451: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.325452: | prop #: 3 (0x3) Aug 26 13:31:05.325454: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:05.325455: | spi size: 0 (0x0) Aug 26 13:31:05.325457: | # transforms: 13 (0xd) Aug 26 13:31:05.325459: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.325461: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:05.325462: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325466: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:05.325467: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:31:05.325469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325471: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:05.325472: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:05.325474: | length/value: 256 (0x100) Aug 26 13:31:05.325476: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:05.325477: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325480: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325482: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:05.325484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325488: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325490: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325493: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325495: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:05.325497: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325500: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325502: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325505: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:05.325506: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:31:05.325508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325510: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325512: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325517: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:05.325518: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:31:05.325520: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325522: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325523: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325528: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325530: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.325532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325535: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325537: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325541: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:05.325543: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325547: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325548: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325552: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325554: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:05.325556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325559: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325561: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325566: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:05.325568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325573: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325577: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:05.325579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325583: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325584: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325587: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325589: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:05.325591: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325594: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325596: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325601: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:05.325603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325606: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325608: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325609: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:05.325611: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325612: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:05.325614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325618: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325620: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:31:05.325622: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:05.325624: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:05.325626: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:31:05.325627: | prop #: 4 (0x4) Aug 26 13:31:05.325629: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:05.325630: | spi size: 0 (0x0) Aug 26 13:31:05.325632: | # transforms: 13 (0xd) Aug 26 13:31:05.325634: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:05.325636: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:05.325637: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325640: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:05.325642: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:31:05.325644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325645: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:05.325647: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:05.325649: | length/value: 128 (0x80) Aug 26 13:31:05.325650: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:05.325652: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325655: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325657: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:05.325658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325662: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325664: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325665: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325667: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:05.325668: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:05.325670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325674: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325675: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325677: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325678: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:05.325680: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:31:05.325682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325685: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325687: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325690: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:05.325692: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:31:05.325695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325699: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325701: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325704: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325705: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.325707: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325711: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325712: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325717: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:05.325719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325724: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325727: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325729: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:05.325730: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325734: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325736: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325739: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325740: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:05.325742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325746: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325747: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325749: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325750: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325752: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:05.325754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325757: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325759: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325763: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325764: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:05.325766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325770: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325771: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325776: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:05.325778: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325782: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325783: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:05.325785: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:05.325786: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:05.325788: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:05.325790: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:05.325792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:05.325793: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:05.325795: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:31:05.325797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:05.325798: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:31:05.325800: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:31:05.325802: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:31:05.325804: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.325805: | flags: none (0x0) Aug 26 13:31:05.325807: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:05.325809: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:31:05.325811: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.325813: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:31:05.325815: | ikev2 g^x c2 ce 08 e8 b5 69 6a a0 73 1a 23 ea a5 b3 f4 fa Aug 26 13:31:05.325817: | ikev2 g^x 26 c9 04 ec ba 85 4d 5e ff 20 14 05 18 e9 9b 1e Aug 26 13:31:05.325818: | ikev2 g^x 8d 45 ab 1c a3 ab 07 c8 45 b7 22 04 1a aa 6e e4 Aug 26 13:31:05.325820: | ikev2 g^x b0 c5 67 49 4b e2 e2 9a 45 86 ef f1 88 a0 2b 91 Aug 26 13:31:05.325822: | ikev2 g^x 20 ae fb d9 5f 84 3a d6 fd e7 9b 7d c2 e8 4d 1a Aug 26 13:31:05.325823: | ikev2 g^x fb 0b d2 d1 07 43 9a e9 66 3b 65 a7 09 26 46 7e Aug 26 13:31:05.325825: | ikev2 g^x 6e 0b 34 a7 f4 41 75 7f 3b fb 71 75 a4 fd bd 3e Aug 26 13:31:05.325826: | ikev2 g^x be 43 a4 74 5b 5e 28 1f 7f 67 65 2f 38 85 dc 26 Aug 26 13:31:05.325828: | ikev2 g^x c5 54 6e 2a ea 79 44 d6 85 af a1 17 6a 56 e5 53 Aug 26 13:31:05.325829: | ikev2 g^x e4 ec e2 3b 31 63 98 53 27 91 d4 1d 91 cf f0 0d Aug 26 13:31:05.325831: | ikev2 g^x f6 04 25 0c cd cc d6 81 6a a6 e1 ad ea e7 be 7c Aug 26 13:31:05.325833: | ikev2 g^x b7 ec 8f 8e 8c bc 1b 49 5a f9 51 b1 be 98 03 e9 Aug 26 13:31:05.325835: | ikev2 g^x 0f 41 8f 02 b6 b0 9d ec f3 78 65 bf 3f e8 0c 05 Aug 26 13:31:05.325836: | ikev2 g^x 5f 55 c4 8a 13 eb 5d e7 31 21 3b ab 35 93 86 ec Aug 26 13:31:05.325838: | ikev2 g^x d2 28 c3 dc 46 b7 21 ac fd 88 63 18 94 54 78 ba Aug 26 13:31:05.325839: | ikev2 g^x 4e 6c 43 b6 44 86 00 23 e0 4f 74 a0 0f 38 18 f0 Aug 26 13:31:05.325841: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:31:05.325843: | ***emit IKEv2 Nonce Payload: Aug 26 13:31:05.325844: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:31:05.325846: | flags: none (0x0) Aug 26 13:31:05.325848: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:31:05.325850: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:31:05.325852: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.325854: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:31:05.325855: | IKEv2 nonce 72 94 46 0d 69 b4 27 61 e8 b0 b7 77 70 90 72 00 Aug 26 13:31:05.325857: | IKEv2 nonce 24 67 97 d9 7a e1 0f 37 be 9a ab 66 84 d4 e6 4d Aug 26 13:31:05.325859: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:31:05.325860: | Adding a v2N Payload Aug 26 13:31:05.325862: | ***emit IKEv2 Notify Payload: Aug 26 13:31:05.325864: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.325865: | flags: none (0x0) Aug 26 13:31:05.325867: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:05.325868: | SPI size: 0 (0x0) Aug 26 13:31:05.325870: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:31:05.325872: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:05.325874: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.325876: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:31:05.325878: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:31:05.325880: | natd_hash: rcookie is zero Aug 26 13:31:05.325888: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:31:05.325890: | natd_hash: icookie= 58 53 db a0 9a 3d 47 7b Aug 26 13:31:05.325892: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:31:05.325893: | natd_hash: ip= c0 01 08 16 Aug 26 13:31:05.325895: | natd_hash: port=500 Aug 26 13:31:05.325897: | natd_hash: hash= 43 96 49 26 65 fe a9 12 a3 f4 fe 2f f8 4e cd 72 Aug 26 13:31:05.325898: | natd_hash: hash= 62 2b 49 24 Aug 26 13:31:05.325900: | Adding a v2N Payload Aug 26 13:31:05.325901: | ***emit IKEv2 Notify Payload: Aug 26 13:31:05.325903: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.325905: | flags: none (0x0) Aug 26 13:31:05.325906: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:05.325908: | SPI size: 0 (0x0) Aug 26 13:31:05.325909: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:31:05.325911: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:05.325913: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.325915: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:31:05.325917: | Notify data 43 96 49 26 65 fe a9 12 a3 f4 fe 2f f8 4e cd 72 Aug 26 13:31:05.325918: | Notify data 62 2b 49 24 Aug 26 13:31:05.325920: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:31:05.325922: | natd_hash: rcookie is zero Aug 26 13:31:05.325925: | natd_hash: hasher=0x5644e22bd800(20) Aug 26 13:31:05.325927: | natd_hash: icookie= 58 53 db a0 9a 3d 47 7b Aug 26 13:31:05.325929: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:31:05.325931: | natd_hash: ip= c0 01 02 17 Aug 26 13:31:05.325933: | natd_hash: port=500 Aug 26 13:31:05.325934: | natd_hash: hash= 59 e7 74 ea d9 df 05 51 6a 1b 07 b1 52 f9 01 1e Aug 26 13:31:05.325936: | natd_hash: hash= b4 96 05 65 Aug 26 13:31:05.325937: | Adding a v2N Payload Aug 26 13:31:05.325939: | ***emit IKEv2 Notify Payload: Aug 26 13:31:05.325941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.325942: | flags: none (0x0) Aug 26 13:31:05.325944: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:05.325945: | SPI size: 0 (0x0) Aug 26 13:31:05.325947: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:31:05.325949: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:05.325951: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:05.325952: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:31:05.325954: | Notify data 59 e7 74 ea d9 df 05 51 6a 1b 07 b1 52 f9 01 1e Aug 26 13:31:05.325955: | Notify data b4 96 05 65 Aug 26 13:31:05.325957: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:31:05.325959: | emitting length of ISAKMP Message: 828 Aug 26 13:31:05.325963: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:31:05.325967: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:05.325969: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:31:05.325971: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:31:05.325973: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:31:05.325975: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:31:05.325977: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:31:05.325980: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:31:05.325982: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:31:05.325985: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Aug 26 13:31:05.325989: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Aug 26 13:31:05.325991: | 58 53 db a0 9a 3d 47 7b 00 00 00 00 00 00 00 00 Aug 26 13:31:05.325992: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:31:05.325994: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:31:05.325995: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:31:05.325997: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:31:05.325998: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:31:05.326000: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:31:05.326001: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:31:05.326003: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:31:05.326004: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:31:05.326006: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:31:05.326007: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:31:05.326009: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:31:05.326010: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:31:05.326012: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:31:05.326013: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:31:05.326015: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:31:05.326016: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:31:05.326018: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:31:05.326020: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:31:05.326022: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:31:05.326023: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:31:05.326025: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:31:05.326026: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:31:05.326028: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:31:05.326029: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:31:05.326031: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:31:05.326032: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:31:05.326034: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:31:05.326035: | 28 00 01 08 00 0e 00 00 c2 ce 08 e8 b5 69 6a a0 Aug 26 13:31:05.326037: | 73 1a 23 ea a5 b3 f4 fa 26 c9 04 ec ba 85 4d 5e Aug 26 13:31:05.326039: | ff 20 14 05 18 e9 9b 1e 8d 45 ab 1c a3 ab 07 c8 Aug 26 13:31:05.326040: | 45 b7 22 04 1a aa 6e e4 b0 c5 67 49 4b e2 e2 9a Aug 26 13:31:05.326042: | 45 86 ef f1 88 a0 2b 91 20 ae fb d9 5f 84 3a d6 Aug 26 13:31:05.326043: | fd e7 9b 7d c2 e8 4d 1a fb 0b d2 d1 07 43 9a e9 Aug 26 13:31:05.326045: | 66 3b 65 a7 09 26 46 7e 6e 0b 34 a7 f4 41 75 7f Aug 26 13:31:05.326046: | 3b fb 71 75 a4 fd bd 3e be 43 a4 74 5b 5e 28 1f Aug 26 13:31:05.326048: | 7f 67 65 2f 38 85 dc 26 c5 54 6e 2a ea 79 44 d6 Aug 26 13:31:05.326049: | 85 af a1 17 6a 56 e5 53 e4 ec e2 3b 31 63 98 53 Aug 26 13:31:05.326051: | 27 91 d4 1d 91 cf f0 0d f6 04 25 0c cd cc d6 81 Aug 26 13:31:05.326052: | 6a a6 e1 ad ea e7 be 7c b7 ec 8f 8e 8c bc 1b 49 Aug 26 13:31:05.326054: | 5a f9 51 b1 be 98 03 e9 0f 41 8f 02 b6 b0 9d ec Aug 26 13:31:05.326055: | f3 78 65 bf 3f e8 0c 05 5f 55 c4 8a 13 eb 5d e7 Aug 26 13:31:05.326057: | 31 21 3b ab 35 93 86 ec d2 28 c3 dc 46 b7 21 ac Aug 26 13:31:05.326058: | fd 88 63 18 94 54 78 ba 4e 6c 43 b6 44 86 00 23 Aug 26 13:31:05.326060: | e0 4f 74 a0 0f 38 18 f0 29 00 00 24 72 94 46 0d Aug 26 13:31:05.326061: | 69 b4 27 61 e8 b0 b7 77 70 90 72 00 24 67 97 d9 Aug 26 13:31:05.326063: | 7a e1 0f 37 be 9a ab 66 84 d4 e6 4d 29 00 00 08 Aug 26 13:31:05.326064: | 00 00 40 2e 29 00 00 1c 00 00 40 04 43 96 49 26 Aug 26 13:31:05.326066: | 65 fe a9 12 a3 f4 fe 2f f8 4e cd 72 62 2b 49 24 Aug 26 13:31:05.326067: | 00 00 00 1c 00 00 40 05 59 e7 74 ea d9 df 05 51 Aug 26 13:31:05.326069: | 6a 1b 07 b1 52 f9 01 1e b4 96 05 65 Aug 26 13:31:05.326089: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:31:05.326092: | libevent_free: release ptr-libevent@0x5644e3617f08 Aug 26 13:31:05.326094: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fbb28002b78 Aug 26 13:31:05.326096: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:31:05.326098: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:31:05.326100: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fbb28002b78 Aug 26 13:31:05.326103: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 13:31:05.326105: | libevent_malloc: new ptr-libevent@0x5644e361aaf8 size 128 Aug 26 13:31:05.326108: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11551.068567 Aug 26 13:31:05.326110: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:31:05.326114: | #4 spent 1.17 milliseconds in resume sending helper answer Aug 26 13:31:05.326117: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:31:05.326119: | libevent_free: release ptr-libevent@0x7fbb1c002888 Aug 26 13:31:05.764106: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:05.764127: shutting down Aug 26 13:31:05.764136: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:31:05.764140: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:31:05.764141: forgetting secrets Aug 26 13:31:05.764145: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:31:05.764148: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 13:31:05.764151: | removing pending policy for no connection {0x5644e36068f8} Aug 26 13:31:05.764153: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:05.764155: | pass 0 Aug 26 13:31:05.764157: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.764159: | state #4 Aug 26 13:31:05.764176: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:05.764180: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:05.764182: | pstats #4 ikev2.ike deleted other Aug 26 13:31:05.764186: | #4 spent 1.84 milliseconds in total Aug 26 13:31:05.764189: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:05.764192: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.440s and NOT sending notification Aug 26 13:31:05.764194: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:31:05.764197: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:31:05.764199: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:31:05.764202: | libevent_free: release ptr-libevent@0x5644e361aaf8 Aug 26 13:31:05.764204: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fbb28002b78 Aug 26 13:31:05.764207: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:05.764209: | picked newest_isakmp_sa #0 for #4 Aug 26 13:31:05.764211: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:05.764214: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Aug 26 13:31:05.764216: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:31:05.764220: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:31:05.764222: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:31:05.764224: | in connection_discard for connection northnet-eastnet Aug 26 13:31:05.764226: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:31:05.764228: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:31:05.764244: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:05.764248: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:05.764249: | pass 1 Aug 26 13:31:05.764251: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.764254: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:31:05.764256: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:05.764259: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:05.764303: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:05.764335: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:31:05.764340: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:05.764343: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:05.764347: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 13:31:05.764350: | running updown command "ipsec _updown" for verb unroute Aug 26 13:31:05.764354: | command executing unroute-client Aug 26 13:31:05.764378: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 13:31:05.764383: | popen cmd is 1045 chars long Aug 26 13:31:05.764385: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:31:05.764387: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Aug 26 13:31:05.764389: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 13:31:05.764390: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 13:31:05.764392: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 13:31:05.764394: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:31:05.764395: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:31:05.764397: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:31:05.764399: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Aug 26 13:31:05.764400: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 13:31:05.764402: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 13:31:05.764404: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 13:31:05.764405: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 13:31:05.764407: | cmd(1040): 2>&1: Aug 26 13:31:05.772599: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772618: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772621: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772622: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772624: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772651: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772665: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772669: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772681: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772697: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772709: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772716: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.772726: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.777196: | free hp@0x5644e36159c8 Aug 26 13:31:05.777213: | flush revival: connection 'northnet-eastnet' revival flushed Aug 26 13:31:05.777218: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:31:05.777230: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:31:05.777232: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:31:05.777243: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:31:05.777246: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:31:05.777248: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:31:05.777250: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:31:05.777252: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:31:05.777254: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:31:05.777256: shutting down interface eth1/eth1 192.1.8.22:4500 Aug 26 13:31:05.777258: shutting down interface eth1/eth1 192.1.8.22:500 Aug 26 13:31:05.777261: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:31:05.777271: | libevent_free: release ptr-libevent@0x5644e3607468 Aug 26 13:31:05.777273: | free_event_entry: release EVENT_NULL-pe@0x5644e36132a8 Aug 26 13:31:05.777282: | libevent_free: release ptr-libevent@0x5644e35a32b8 Aug 26 13:31:05.777284: | free_event_entry: release EVENT_NULL-pe@0x5644e3613358 Aug 26 13:31:05.777295: | libevent_free: release ptr-libevent@0x5644e35a5158 Aug 26 13:31:05.777298: | free_event_entry: release EVENT_NULL-pe@0x5644e3613408 Aug 26 13:31:05.777304: | libevent_free: release ptr-libevent@0x5644e35a22a8 Aug 26 13:31:05.777306: | free_event_entry: release EVENT_NULL-pe@0x5644e36134b8 Aug 26 13:31:05.777311: | libevent_free: release ptr-libevent@0x5644e35734e8 Aug 26 13:31:05.777313: | free_event_entry: release EVENT_NULL-pe@0x5644e3613568 Aug 26 13:31:05.777318: | libevent_free: release ptr-libevent@0x5644e35731d8 Aug 26 13:31:05.777319: | free_event_entry: release EVENT_NULL-pe@0x5644e3613618 Aug 26 13:31:05.777324: | libevent_free: release ptr-libevent@0x5644e3613cc8 Aug 26 13:31:05.777326: | free_event_entry: release EVENT_NULL-pe@0x5644e36136c8 Aug 26 13:31:05.777330: | libevent_free: release ptr-libevent@0x5644e3613e28 Aug 26 13:31:05.777332: | free_event_entry: release EVENT_NULL-pe@0x5644e3613db8 Aug 26 13:31:05.777336: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:31:05.777734: | libevent_free: release ptr-libevent@0x5644e3607518 Aug 26 13:31:05.777741: | free_event_entry: release EVENT_NULL-pe@0x5644e35fb258 Aug 26 13:31:05.777745: | libevent_free: release ptr-libevent@0x5644e35a5058 Aug 26 13:31:05.777748: | free_event_entry: release EVENT_NULL-pe@0x5644e35fa718 Aug 26 13:31:05.777752: | libevent_free: release ptr-libevent@0x5644e35deb18 Aug 26 13:31:05.777754: | free_event_entry: release EVENT_NULL-pe@0x5644e35fb2c8 Aug 26 13:31:05.777757: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:31:05.777759: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:31:05.777760: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:31:05.777762: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:31:05.777764: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:31:05.777765: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:31:05.777767: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:31:05.777769: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:31:05.777770: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:31:05.777774: | libevent_free: release ptr-libevent@0x5644e35a2808 Aug 26 13:31:05.777776: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:31:05.777778: | libevent_free: release ptr-libevent@0x5644e3612928 Aug 26 13:31:05.777780: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:31:05.777782: | libevent_free: release ptr-libevent@0x5644e3612a38 Aug 26 13:31:05.777784: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:31:05.777786: | libevent_free: release ptr-libevent@0x5644e3612c78 Aug 26 13:31:05.777787: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:31:05.777789: | releasing event base Aug 26 13:31:05.777798: | libevent_free: release ptr-libevent@0x5644e3612b48 Aug 26 13:31:05.777800: | libevent_free: release ptr-libevent@0x5644e35f5b08 Aug 26 13:31:05.777803: | libevent_free: release ptr-libevent@0x5644e35f5ab8 Aug 26 13:31:05.777804: | libevent_free: release ptr-libevent@0x5644e35f5a48 Aug 26 13:31:05.777808: | libevent_free: release ptr-libevent@0x5644e35f5a08 Aug 26 13:31:05.777810: | libevent_free: release ptr-libevent@0x5644e3612828 Aug 26 13:31:05.777812: | libevent_free: release ptr-libevent@0x5644e36128a8 Aug 26 13:31:05.777813: | libevent_free: release ptr-libevent@0x5644e35f5cb8 Aug 26 13:31:05.777815: | libevent_free: release ptr-libevent@0x5644e35fa828 Aug 26 13:31:05.777817: | libevent_free: release ptr-libevent@0x5644e35fb218 Aug 26 13:31:05.777818: | libevent_free: release ptr-libevent@0x5644e3613ed8 Aug 26 13:31:05.777820: | libevent_free: release ptr-libevent@0x5644e3613d78 Aug 26 13:31:05.777821: | libevent_free: release ptr-libevent@0x5644e3613688 Aug 26 13:31:05.777823: | libevent_free: release ptr-libevent@0x5644e36135d8 Aug 26 13:31:05.777825: | libevent_free: release ptr-libevent@0x5644e3613528 Aug 26 13:31:05.777826: | libevent_free: release ptr-libevent@0x5644e3613478 Aug 26 13:31:05.777828: | libevent_free: release ptr-libevent@0x5644e36133c8 Aug 26 13:31:05.777829: | libevent_free: release ptr-libevent@0x5644e3613318 Aug 26 13:31:05.777831: | libevent_free: release ptr-libevent@0x5644e35a2968 Aug 26 13:31:05.777833: | libevent_free: release ptr-libevent@0x5644e36129f8 Aug 26 13:31:05.777834: | libevent_free: release ptr-libevent@0x5644e36128e8 Aug 26 13:31:05.777836: | libevent_free: release ptr-libevent@0x5644e3612868 Aug 26 13:31:05.777838: | libevent_free: release ptr-libevent@0x5644e3612b08 Aug 26 13:31:05.777839: | libevent_free: release ptr-libevent@0x5644e35a1af8 Aug 26 13:31:05.777841: | libevent_free: release ptr-libevent@0x5644e3572908 Aug 26 13:31:05.777843: | libevent_free: release ptr-libevent@0x5644e3572d38 Aug 26 13:31:05.777845: | libevent_free: release ptr-libevent@0x5644e35a1e68 Aug 26 13:31:05.777846: | releasing global libevent data Aug 26 13:31:05.777848: | libevent_free: release ptr-libevent@0x5644e3572a08 Aug 26 13:31:05.777850: | libevent_free: release ptr-libevent@0x5644e3572cd8 Aug 26 13:31:05.777852: | libevent_free: release ptr-libevent@0x5644e3572dd8 Aug 26 13:31:05.777881: leak detective found no leaks