Aug 26 13:30:43.350425: FIPS Product: YES Aug 26 13:30:43.350511: FIPS Kernel: NO Aug 26 13:30:43.350513: FIPS Mode: NO Aug 26 13:30:43.350515: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:30:43.350663: Initializing NSS Aug 26 13:30:43.350674: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:30:43.377197: NSS initialized Aug 26 13:30:43.377217: NSS crypto library initialized Aug 26 13:30:43.377221: FIPS HMAC integrity support [enabled] Aug 26 13:30:43.377224: FIPS mode disabled for pluto daemon Aug 26 13:30:43.416150: FIPS HMAC integrity verification self-test FAILED Aug 26 13:30:43.416296: libcap-ng support [enabled] Aug 26 13:30:43.416310: Linux audit support [enabled] Aug 26 13:30:43.416350: Linux audit activated Aug 26 13:30:43.416355: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11990 Aug 26 13:30:43.416359: core dump dir: /tmp Aug 26 13:30:43.416361: secrets file: /etc/ipsec.secrets Aug 26 13:30:43.416364: leak-detective enabled Aug 26 13:30:43.416366: NSS crypto [enabled] Aug 26 13:30:43.416368: XAUTH PAM support [enabled] Aug 26 13:30:43.416437: | libevent is using pluto's memory allocator Aug 26 13:30:43.416446: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:30:43.416458: | libevent_malloc: new ptr-libevent@0x563350c02178 size 40 Aug 26 13:30:43.416461: | libevent_malloc: new ptr-libevent@0x563350c06cd8 size 40 Aug 26 13:30:43.416464: | libevent_malloc: new ptr-libevent@0x563350c06dd8 size 40 Aug 26 13:30:43.416466: | creating event base Aug 26 13:30:43.416468: | libevent_malloc: new ptr-libevent@0x563350c89a28 size 56 Aug 26 13:30:43.416472: | libevent_malloc: new ptr-libevent@0x563350c35e48 size 664 Aug 26 13:30:43.416480: | libevent_malloc: new ptr-libevent@0x563350c89a98 size 24 Aug 26 13:30:43.416482: | libevent_malloc: new ptr-libevent@0x563350c89ae8 size 384 Aug 26 13:30:43.416490: | libevent_malloc: new ptr-libevent@0x563350c899e8 size 16 Aug 26 13:30:43.416492: | libevent_malloc: new ptr-libevent@0x563350c06908 size 40 Aug 26 13:30:43.416493: | libevent_malloc: new ptr-libevent@0x563350c06d38 size 48 Aug 26 13:30:43.416497: | libevent_realloc: new ptr-libevent@0x563350c36948 size 256 Aug 26 13:30:43.416499: | libevent_malloc: new ptr-libevent@0x563350c89c98 size 16 Aug 26 13:30:43.416504: | libevent_free: release ptr-libevent@0x563350c89a28 Aug 26 13:30:43.416507: | libevent initialized Aug 26 13:30:43.416511: | libevent_realloc: new ptr-libevent@0x563350c89a28 size 64 Aug 26 13:30:43.416515: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:30:43.416530: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:30:43.416533: NAT-Traversal support [enabled] Aug 26 13:30:43.416537: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:30:43.416543: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:30:43.416547: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:30:43.416582: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:30:43.416587: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:30:43.416590: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:30:43.416638: Encryption algorithms: Aug 26 13:30:43.416648: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:30:43.416653: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:30:43.416657: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:30:43.416661: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:30:43.416665: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:30:43.416673: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:30:43.416677: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:30:43.416681: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:30:43.416684: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:30:43.416688: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:30:43.416692: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:30:43.416696: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:30:43.416699: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:30:43.416703: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:30:43.416707: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:30:43.416710: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:30:43.416713: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:30:43.416721: Hash algorithms: Aug 26 13:30:43.416724: MD5 IKEv1: IKE IKEv2: Aug 26 13:30:43.416728: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:30:43.416731: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:30:43.416735: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:30:43.416738: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:30:43.416752: PRF algorithms: Aug 26 13:30:43.416756: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:30:43.416759: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:30:43.416763: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:30:43.416767: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:30:43.416771: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:30:43.416774: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:30:43.416802: Integrity algorithms: Aug 26 13:30:43.416806: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:30:43.416811: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:30:43.416815: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:30:43.416819: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:30:43.416824: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:30:43.416827: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:30:43.416831: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:30:43.416834: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:30:43.416838: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:30:43.416851: DH algorithms: Aug 26 13:30:43.416854: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:30:43.416857: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:30:43.416861: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:30:43.416866: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:30:43.416870: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:30:43.416873: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:30:43.416876: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:30:43.416880: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:30:43.416883: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:30:43.416887: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:30:43.416890: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:30:43.416893: testing CAMELLIA_CBC: Aug 26 13:30:43.416896: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.417024: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.417057: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.417081: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.417099: testing AES_GCM_16: Aug 26 13:30:43.417102: empty string Aug 26 13:30:43.417120: one block Aug 26 13:30:43.417143: two blocks Aug 26 13:30:43.417170: two blocks with associated data Aug 26 13:30:43.417198: testing AES_CTR: Aug 26 13:30:43.417201: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:30:43.417228: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:30:43.417256: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:30:43.417279: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:30:43.417306: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:30:43.417329: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:30:43.417347: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:30:43.417363: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:30:43.417380: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:30:43.417398: testing AES_CBC: Aug 26 13:30:43.417400: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:30:43.417416: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.417434: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.417452: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.417473: testing AES_XCBC: Aug 26 13:30:43.417475: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:30:43.417561: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:30:43.417695: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:30:43.417831: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:30:43.417968: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:30:43.418100: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:30:43.418240: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:30:43.418535: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:30:43.418619: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:30:43.418705: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:30:43.418942: testing HMAC_MD5: Aug 26 13:30:43.418947: RFC 2104: MD5_HMAC test 1 Aug 26 13:30:43.419070: RFC 2104: MD5_HMAC test 2 Aug 26 13:30:43.419225: RFC 2104: MD5_HMAC test 3 Aug 26 13:30:43.419383: 8 CPU cores online Aug 26 13:30:43.419392: starting up 7 crypto helpers Aug 26 13:30:43.419437: started thread for crypto helper 0 Aug 26 13:30:43.419463: | starting up helper thread 0 Aug 26 13:30:43.419475: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:30:43.419476: started thread for crypto helper 1 Aug 26 13:30:43.419477: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.419501: started thread for crypto helper 2 Aug 26 13:30:43.419549: started thread for crypto helper 3 Aug 26 13:30:43.419550: | starting up helper thread 2 Aug 26 13:30:43.419559: | starting up helper thread 1 Aug 26 13:30:43.419573: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:30:43.419565: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:30:43.419577: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.419590: | starting up helper thread 4 Aug 26 13:30:43.419597: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:43.419586: started thread for crypto helper 4 Aug 26 13:30:43.419601: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:30:43.419612: | crypto helper 4 waiting (nothing to do) Aug 26 13:30:43.419624: started thread for crypto helper 5 Aug 26 13:30:43.419627: | starting up helper thread 5 Aug 26 13:30:43.419636: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:30:43.419639: | crypto helper 5 waiting (nothing to do) Aug 26 13:30:43.419646: started thread for crypto helper 6 Aug 26 13:30:43.419649: | starting up helper thread 6 Aug 26 13:30:43.419650: | checking IKEv1 state table Aug 26 13:30:43.419661: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:30:43.419664: | crypto helper 6 waiting (nothing to do) Aug 26 13:30:43.419666: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419668: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:30:43.419670: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419672: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:30:43.419674: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.419675: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:30:43.419677: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.419678: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.419680: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.419682: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:30:43.419683: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.419685: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.419686: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:30:43.419688: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.419689: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.419691: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.419693: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:30:43.419694: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.419696: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.419697: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.419699: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:30:43.419701: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419702: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:30:43.419704: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419706: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419707: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:30:43.419710: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419712: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.419714: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.419717: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.419719: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.419721: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.419724: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:30:43.419726: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419729: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.419731: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419734: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:30:43.419736: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:30:43.419739: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:30:43.419742: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:30:43.419744: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:30:43.419751: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:30:43.419754: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:30:43.419756: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419758: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:30:43.419761: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419764: | INFO: category: informational flags: 0: Aug 26 13:30:43.419766: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419769: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:30:43.419771: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419774: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:30:43.419776: | -> XAUTH_R1 EVENT_NULL Aug 26 13:30:43.419779: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.419781: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.419784: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:30:43.419787: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:30:43.419790: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.419792: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:30:43.419795: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.419798: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.419801: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.419803: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.419806: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.419808: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:30:43.419811: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.419814: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:30:43.419821: | checking IKEv2 state table Aug 26 13:30:43.419827: | PARENT_I0: category: ignore flags: 0: Aug 26 13:30:43.419831: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:30:43.419834: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419837: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:30:43.419840: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:30:43.419844: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.419846: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:30:43.419850: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:30:43.419853: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:30:43.419855: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:30:43.419858: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:30:43.419861: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:30:43.419864: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:30:43.419867: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:30:43.419870: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:30:43.419873: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:30:43.419876: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419879: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:30:43.419882: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.419885: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:30:43.419888: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:30:43.419891: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.419894: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:30:43.419897: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:30:43.419899: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:30:43.419905: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:30:43.419908: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.419911: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:30:43.419914: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.419917: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:30:43.419920: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.419924: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.419927: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.419930: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:30:43.419933: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.419936: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:30:43.419939: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:30:43.419942: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.419945: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:30:43.419948: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.419951: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.419953: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:30:43.419955: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:30:43.419957: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:30:43.419959: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:30:43.419960: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:30:43.419962: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:30:43.420001: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:30:43.420039: | Hard-wiring algorithms Aug 26 13:30:43.420042: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:30:43.420045: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:30:43.420047: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:30:43.420049: | adding 3DES_CBC to kernel algorithm db Aug 26 13:30:43.420050: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:30:43.420052: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:30:43.420053: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:30:43.420055: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:30:43.420057: | adding AES_CTR to kernel algorithm db Aug 26 13:30:43.420058: | adding AES_CBC to kernel algorithm db Aug 26 13:30:43.420060: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:30:43.420062: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:30:43.420064: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:30:43.420065: | adding NULL to kernel algorithm db Aug 26 13:30:43.420067: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:30:43.420069: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:30:43.420071: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:30:43.420072: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:30:43.420074: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:30:43.420076: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:30:43.420077: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:30:43.420079: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:30:43.420081: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:30:43.420082: | adding NONE to kernel algorithm db Aug 26 13:30:43.420100: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:30:43.420105: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:30:43.420107: | setup kernel fd callback Aug 26 13:30:43.420111: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563350c8f2a8 Aug 26 13:30:43.420115: | libevent_malloc: new ptr-libevent@0x563350c72af8 size 128 Aug 26 13:30:43.420118: | libevent_malloc: new ptr-libevent@0x563350c8e808 size 16 Aug 26 13:30:43.420123: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563350c8e6f8 Aug 26 13:30:43.420126: | libevent_malloc: new ptr-libevent@0x563350c39038 size 128 Aug 26 13:30:43.420128: | libevent_malloc: new ptr-libevent@0x563350c8f1f8 size 16 Aug 26 13:30:43.420277: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:30:43.420285: selinux support is enabled. Aug 26 13:30:43.420285: | starting up helper thread 3 Aug 26 13:30:43.420323: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:30:43.420328: | crypto helper 3 waiting (nothing to do) Aug 26 13:30:43.420507: | unbound context created - setting debug level to 5 Aug 26 13:30:43.420528: | /etc/hosts lookups activated Aug 26 13:30:43.420538: | /etc/resolv.conf usage activated Aug 26 13:30:43.420575: | outgoing-port-avoid set 0-65535 Aug 26 13:30:43.420592: | outgoing-port-permit set 32768-60999 Aug 26 13:30:43.420594: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:30:43.420596: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:30:43.420598: | Setting up events, loop start Aug 26 13:30:43.420600: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563350c8f238 Aug 26 13:30:43.420602: | libevent_malloc: new ptr-libevent@0x563350c9b4f8 size 128 Aug 26 13:30:43.420605: | libevent_malloc: new ptr-libevent@0x563350ca6808 size 16 Aug 26 13:30:43.420609: | libevent_realloc: new ptr-libevent@0x563350c35ad8 size 256 Aug 26 13:30:43.420611: | libevent_malloc: new ptr-libevent@0x563350ca6848 size 8 Aug 26 13:30:43.420614: | libevent_realloc: new ptr-libevent@0x563350c36388 size 144 Aug 26 13:30:43.420615: | libevent_malloc: new ptr-libevent@0x563350c367e8 size 152 Aug 26 13:30:43.420618: | libevent_malloc: new ptr-libevent@0x563350ca6888 size 16 Aug 26 13:30:43.420621: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:30:43.420623: | libevent_malloc: new ptr-libevent@0x563350ca68c8 size 8 Aug 26 13:30:43.420625: | libevent_malloc: new ptr-libevent@0x563350ca6908 size 152 Aug 26 13:30:43.420627: | signal event handler PLUTO_SIGTERM installed Aug 26 13:30:43.420628: | libevent_malloc: new ptr-libevent@0x563350ca69d8 size 8 Aug 26 13:30:43.420630: | libevent_malloc: new ptr-libevent@0x563350ca6a18 size 152 Aug 26 13:30:43.420632: | signal event handler PLUTO_SIGHUP installed Aug 26 13:30:43.420634: | libevent_malloc: new ptr-libevent@0x563350ca6ae8 size 8 Aug 26 13:30:43.420636: | libevent_realloc: release ptr-libevent@0x563350c36388 Aug 26 13:30:43.420638: | libevent_realloc: new ptr-libevent@0x563350ca6b28 size 256 Aug 26 13:30:43.420639: | libevent_malloc: new ptr-libevent@0x563350ca6c58 size 152 Aug 26 13:30:43.420641: | signal event handler PLUTO_SIGSYS installed Aug 26 13:30:43.420886: | created addconn helper (pid:12118) using fork+execve Aug 26 13:30:43.420898: | forked child 12118 Aug 26 13:30:43.420938: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.420951: listening for IKE messages Aug 26 13:30:43.420990: | Inspecting interface lo Aug 26 13:30:43.420997: | found lo with address 127.0.0.1 Aug 26 13:30:43.421002: | Inspecting interface eth0 Aug 26 13:30:43.421007: | found eth0 with address 192.0.3.254 Aug 26 13:30:43.421011: | Inspecting interface eth1 Aug 26 13:30:43.421015: | found eth1 with address 192.1.3.33 Aug 26 13:30:43.421096: Kernel supports NIC esp-hw-offload Aug 26 13:30:43.421108: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:30:43.421128: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.421133: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.421137: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:30:43.421165: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:30:43.421185: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.421190: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.421193: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:30:43.421217: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:30:43.421238: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.421243: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.421246: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:30:43.421332: | no interfaces to sort Aug 26 13:30:43.421342: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:30:43.421351: | add_fd_read_event_handler: new ethX-pe@0x563350ca7128 Aug 26 13:30:43.421355: | libevent_malloc: new ptr-libevent@0x563350c9b448 size 128 Aug 26 13:30:43.421358: | libevent_malloc: new ptr-libevent@0x563350ca7198 size 16 Aug 26 13:30:43.421366: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:43.421369: | add_fd_read_event_handler: new ethX-pe@0x563350ca71d8 Aug 26 13:30:43.421374: | libevent_malloc: new ptr-libevent@0x563350c37298 size 128 Aug 26 13:30:43.421377: | libevent_malloc: new ptr-libevent@0x563350ca7248 size 16 Aug 26 13:30:43.421382: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:43.421385: | add_fd_read_event_handler: new ethX-pe@0x563350ca7288 Aug 26 13:30:43.421388: | libevent_malloc: new ptr-libevent@0x563350c39138 size 128 Aug 26 13:30:43.421391: | libevent_malloc: new ptr-libevent@0x563350ca72f8 size 16 Aug 26 13:30:43.421396: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:30:43.421400: | add_fd_read_event_handler: new ethX-pe@0x563350ca7338 Aug 26 13:30:43.421403: | libevent_malloc: new ptr-libevent@0x563350c36288 size 128 Aug 26 13:30:43.421406: | libevent_malloc: new ptr-libevent@0x563350ca73a8 size 16 Aug 26 13:30:43.421410: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:30:43.421414: | add_fd_read_event_handler: new ethX-pe@0x563350ca73e8 Aug 26 13:30:43.421418: | libevent_malloc: new ptr-libevent@0x563350c074e8 size 128 Aug 26 13:30:43.421422: | libevent_malloc: new ptr-libevent@0x563350ca7458 size 16 Aug 26 13:30:43.421427: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:30:43.421431: | add_fd_read_event_handler: new ethX-pe@0x563350ca7498 Aug 26 13:30:43.421434: | libevent_malloc: new ptr-libevent@0x563350c071d8 size 128 Aug 26 13:30:43.421437: | libevent_malloc: new ptr-libevent@0x563350ca7508 size 16 Aug 26 13:30:43.421443: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:30:43.421448: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:43.421451: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:43.421472: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:43.421487: | Processing PSK at line 1: passed Aug 26 13:30:43.421492: | certs and keys locked by 'process_secret' Aug 26 13:30:43.421496: | certs and keys unlocked by 'process_secret' Aug 26 13:30:43.421505: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.421514: | spent 0.551 milliseconds in whack Aug 26 13:30:43.443392: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.443447: listening for IKE messages Aug 26 13:30:43.443908: | Inspecting interface lo Aug 26 13:30:43.443919: | found lo with address 127.0.0.1 Aug 26 13:30:43.443922: | Inspecting interface eth0 Aug 26 13:30:43.443927: | found eth0 with address 192.0.3.254 Aug 26 13:30:43.443930: | Inspecting interface eth1 Aug 26 13:30:43.443934: | found eth1 with address 192.1.3.33 Aug 26 13:30:43.443999: | no interfaces to sort Aug 26 13:30:43.444010: | libevent_free: release ptr-libevent@0x563350c9b448 Aug 26 13:30:43.444014: | free_event_entry: release EVENT_NULL-pe@0x563350ca7128 Aug 26 13:30:43.444023: | add_fd_read_event_handler: new ethX-pe@0x563350ca7128 Aug 26 13:30:43.444027: | libevent_malloc: new ptr-libevent@0x563350c9b448 size 128 Aug 26 13:30:43.444035: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:43.444039: | libevent_free: release ptr-libevent@0x563350c37298 Aug 26 13:30:43.444042: | free_event_entry: release EVENT_NULL-pe@0x563350ca71d8 Aug 26 13:30:43.444046: | add_fd_read_event_handler: new ethX-pe@0x563350ca71d8 Aug 26 13:30:43.444048: | libevent_malloc: new ptr-libevent@0x563350c37298 size 128 Aug 26 13:30:43.444054: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:43.444058: | libevent_free: release ptr-libevent@0x563350c39138 Aug 26 13:30:43.444061: | free_event_entry: release EVENT_NULL-pe@0x563350ca7288 Aug 26 13:30:43.444064: | add_fd_read_event_handler: new ethX-pe@0x563350ca7288 Aug 26 13:30:43.444066: | libevent_malloc: new ptr-libevent@0x563350c39138 size 128 Aug 26 13:30:43.444072: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:30:43.444075: | libevent_free: release ptr-libevent@0x563350c36288 Aug 26 13:30:43.444078: | free_event_entry: release EVENT_NULL-pe@0x563350ca7338 Aug 26 13:30:43.444081: | add_fd_read_event_handler: new ethX-pe@0x563350ca7338 Aug 26 13:30:43.444084: | libevent_malloc: new ptr-libevent@0x563350c36288 size 128 Aug 26 13:30:43.444089: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:30:43.444093: | libevent_free: release ptr-libevent@0x563350c074e8 Aug 26 13:30:43.444096: | free_event_entry: release EVENT_NULL-pe@0x563350ca73e8 Aug 26 13:30:43.444099: | add_fd_read_event_handler: new ethX-pe@0x563350ca73e8 Aug 26 13:30:43.444102: | libevent_malloc: new ptr-libevent@0x563350c074e8 size 128 Aug 26 13:30:43.444107: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:30:43.444111: | libevent_free: release ptr-libevent@0x563350c071d8 Aug 26 13:30:43.444114: | free_event_entry: release EVENT_NULL-pe@0x563350ca7498 Aug 26 13:30:43.444117: | add_fd_read_event_handler: new ethX-pe@0x563350ca7498 Aug 26 13:30:43.444120: | libevent_malloc: new ptr-libevent@0x563350c071d8 size 128 Aug 26 13:30:43.444125: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:30:43.444128: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:43.444131: forgetting secrets Aug 26 13:30:43.444141: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:43.444156: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:43.444163: | Processing PSK at line 1: passed Aug 26 13:30:43.444167: | certs and keys locked by 'process_secret' Aug 26 13:30:43.444169: | certs and keys unlocked by 'process_secret' Aug 26 13:30:43.444180: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.444187: | spent 0.804 milliseconds in whack Aug 26 13:30:43.444694: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.444713: | waitpid returned pid 12118 (exited with status 0) Aug 26 13:30:43.444718: | reaped addconn helper child (status 0) Aug 26 13:30:43.444723: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.444728: | spent 0.0177 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.503273: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.503311: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.503316: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.503319: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.503322: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.503326: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.503362: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.503424: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:30:43.503434: | from whack: got --esp=aes256-sha2 Aug 26 13:30:43.503450: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 13:30:43.503457: | counting wild cards for 192.1.3.33 is 0 Aug 26 13:30:43.503463: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:30:43.503473: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:43.503476: | new hp@0x563350ca9498 Aug 26 13:30:43.503480: added connection description "northnet-eastnet" Aug 26 13:30:43.503504: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.503529: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 13:30:43.503535: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.503543: | spent 0.269 milliseconds in whack Aug 26 13:30:43.560313: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.560344: | old debugging base+cpu-usage + none Aug 26 13:30:43.560349: | base debugging = base+cpu-usage Aug 26 13:30:43.560352: | old impairing none + suppress-retransmits Aug 26 13:30:43.560354: | base impairing = suppress-retransmits Aug 26 13:30:43.560363: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.560371: | spent 0.0663 milliseconds in whack Aug 26 13:30:43.676988: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.677015: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:30:43.677020: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.677026: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:30:43.677029: | connection 'northnet-eastnet' +POLICY_UP Aug 26 13:30:43.677033: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:30:43.677036: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:30:43.677057: | creating state object #1 at 0x563350ca9578 Aug 26 13:30:43.677061: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:30:43.677069: | pstats #1 ikev2.ike started Aug 26 13:30:43.677073: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:30:43.677076: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:30:43.677083: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.677090: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.677096: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.677100: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:30:43.677105: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Aug 26 13:30:43.677109: "northnet-eastnet" #1: initiating v2 parent SA Aug 26 13:30:43.677120: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Aug 26 13:30:43.677129: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.677137: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.677141: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.677153: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.677158: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.677164: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.677168: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.677174: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.677185: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.677194: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:30:43.677198: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563350cabce8 Aug 26 13:30:43.677202: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.677206: | libevent_malloc: new ptr-libevent@0x563350cabd58 size 128 Aug 26 13:30:43.677219: | #1 spent 0.193 milliseconds in ikev2_parent_outI1() Aug 26 13:30:43.677223: | crypto helper 0 resuming Aug 26 13:30:43.677223: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.677240: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:30:43.677246: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.677246: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:30:43.677255: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.677259: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:30:43.677264: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:30:43.677267: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.677273: | spent 0.294 milliseconds in whack Aug 26 13:30:43.678107: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00086 seconds Aug 26 13:30:43.678121: | (#1) spent 0.869 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:30:43.678125: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:30:43.678128: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.678131: | libevent_malloc: new ptr-libevent@0x7f6638002888 size 128 Aug 26 13:30:43.678139: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.678148: | processing resume sending helper answer for #1 Aug 26 13:30:43.678159: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.678165: | crypto helper 0 replies to request ID 1 Aug 26 13:30:43.678168: | calling continuation function 0x56335014db50 Aug 26 13:30:43.678171: | ikev2_parent_outI1_continue for #1 Aug 26 13:30:43.678202: | **emit ISAKMP Message: Aug 26 13:30:43.678210: | initiator cookie: Aug 26 13:30:43.678213: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.678216: | responder cookie: Aug 26 13:30:43.678219: | 00 00 00 00 00 00 00 00 Aug 26 13:30:43.678222: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.678226: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.678229: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.678232: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.678235: | Message ID: 0 (0x0) Aug 26 13:30:43.678238: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.678256: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.678260: | Emitting ikev2_proposals ... Aug 26 13:30:43.678263: | ***emit IKEv2 Security Association Payload: Aug 26 13:30:43.678267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.678269: | flags: none (0x0) Aug 26 13:30:43.678273: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.678277: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.678280: | discarding INTEG=NONE Aug 26 13:30:43.678283: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.678286: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.678292: | prop #: 1 (0x1) Aug 26 13:30:43.678298: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.678300: | spi size: 0 (0x0) Aug 26 13:30:43.678303: | # transforms: 11 (0xb) Aug 26 13:30:43.678306: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.678309: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678315: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.678318: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.678321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678325: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.678328: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.678331: | length/value: 256 (0x100) Aug 26 13:30:43.678334: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.678337: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678346: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.678349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678356: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678359: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678368: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678371: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.678374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678383: | discarding INTEG=NONE Aug 26 13:30:43.678386: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678392: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678395: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.678398: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678404: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678407: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678415: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.678419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678425: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678428: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678433: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678436: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.678439: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678446: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678448: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678454: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678456: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.678460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678462: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678465: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678468: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678473: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678476: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.678479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678487: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678490: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.678501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678507: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678509: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678514: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678517: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.678521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678527: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678532: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.678535: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678538: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.678541: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678546: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678549: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.678552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.678555: | discarding INTEG=NONE Aug 26 13:30:43.678558: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.678560: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.678563: | prop #: 2 (0x2) Aug 26 13:30:43.678566: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.678568: | spi size: 0 (0x0) Aug 26 13:30:43.678571: | # transforms: 11 (0xb) Aug 26 13:30:43.678574: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.678577: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.678580: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678586: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.678589: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.678592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678595: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.678597: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.678600: | length/value: 128 (0x80) Aug 26 13:30:43.678602: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.678604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678614: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678617: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.678620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678626: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678628: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678633: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678636: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.678639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678647: | discarding INTEG=NONE Aug 26 13:30:43.678649: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678654: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678657: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.678660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678668: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678673: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678675: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.678678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678684: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678687: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678692: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678695: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.678698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678706: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678711: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678714: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.678717: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678725: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678728: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678734: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678737: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.678740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678746: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678749: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678755: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678757: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.678760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678767: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678769: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678774: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678777: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.678780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678787: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678793: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.678796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678799: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.678802: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678812: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.678815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.678819: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.678821: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.678824: | prop #: 3 (0x3) Aug 26 13:30:43.678827: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.678829: | spi size: 0 (0x0) Aug 26 13:30:43.678832: | # transforms: 13 (0xd) Aug 26 13:30:43.678835: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.678838: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.678841: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678847: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.678849: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.678858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678861: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.678864: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.678868: | length/value: 256 (0x100) Aug 26 13:30:43.678871: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.678873: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678878: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678880: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.678883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678889: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678892: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678898: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.678900: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.678903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678910: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678912: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678918: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.678921: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.678924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678929: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678932: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678937: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.678940: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.678943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678948: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678951: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678956: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678958: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.678962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678970: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678980: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.678983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.678989: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.678991: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.678994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.678997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.678999: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.679002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679010: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679017: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.679020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679028: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679033: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679036: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.679039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679045: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679047: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679052: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679055: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.679058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679061: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679064: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679066: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679073: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.679075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679080: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679082: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679083: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.679085: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679086: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.679088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679092: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679094: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.679096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.679098: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.679099: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.679101: | prop #: 4 (0x4) Aug 26 13:30:43.679103: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.679104: | spi size: 0 (0x0) Aug 26 13:30:43.679106: | # transforms: 13 (0xd) Aug 26 13:30:43.679108: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.679110: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.679112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679115: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.679116: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.679118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679120: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.679122: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.679123: | length/value: 128 (0x80) Aug 26 13:30:43.679125: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.679127: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679130: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.679132: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.679134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679137: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679139: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679142: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.679144: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.679146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679149: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679151: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679154: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.679156: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.679158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679162: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679164: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679165: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679167: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.679168: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.679170: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679174: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679175: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679179: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679180: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.679182: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679186: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679187: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679191: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679192: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.679194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679198: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679199: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679204: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.679206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679209: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679211: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679216: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.679218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679221: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679224: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679227: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.679231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679236: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679240: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.679242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679246: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679247: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679251: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679252: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.679254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679258: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679259: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.679261: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.679263: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.679264: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.679266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.679268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.679270: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.679271: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.679273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.679275: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:30:43.679277: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.679279: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:30:43.679281: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.679282: | flags: none (0x0) Aug 26 13:30:43.679284: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.679286: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:30:43.679292: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.679299: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:30:43.679303: | ikev2 g^x 9b 3f d0 7e 8e c1 ca db ad 8c 53 68 5e 1a 7c 91 Aug 26 13:30:43.679306: | ikev2 g^x 25 d4 cc ba 90 35 71 05 81 be 92 f3 9a 38 70 ba Aug 26 13:30:43.679310: | ikev2 g^x 95 5b 87 ae 1f 2e 32 4a 80 cf 10 fd 99 c2 a7 c8 Aug 26 13:30:43.679312: | ikev2 g^x d9 7e 1b 7d 27 0f 90 0a c0 1e bd 7f 1d 82 24 c7 Aug 26 13:30:43.679315: | ikev2 g^x a2 91 6d 9a 03 c1 96 21 5c 73 3f f1 fb 69 f4 f2 Aug 26 13:30:43.679317: | ikev2 g^x 11 f6 9d 73 f9 f1 6e a5 d3 11 b1 87 40 5b 60 81 Aug 26 13:30:43.679319: | ikev2 g^x d8 4a d2 c0 10 2b 03 78 67 9e b2 8f a9 0a be 91 Aug 26 13:30:43.679322: | ikev2 g^x a7 a5 fb 39 75 3c 7a ef ef 8f 22 86 9c 08 9a 18 Aug 26 13:30:43.679324: | ikev2 g^x 9e 19 a4 ae af b2 d8 36 f3 64 78 34 20 51 33 cf Aug 26 13:30:43.679326: | ikev2 g^x c7 e0 82 3b fb e9 09 db 9c cb e0 72 32 66 c4 d6 Aug 26 13:30:43.679329: | ikev2 g^x f7 ea 7b 4f 13 72 85 cc 38 7b 77 db f6 7b ea 22 Aug 26 13:30:43.679331: | ikev2 g^x 99 89 00 b6 80 94 ed 51 3b d9 32 38 d5 30 08 b1 Aug 26 13:30:43.679333: | ikev2 g^x 31 63 08 97 ee 8d f8 94 9b 05 c0 e6 00 87 5e ed Aug 26 13:30:43.679336: | ikev2 g^x 02 7d 7d 5a 8f 8f 4e eb 08 99 50 44 9b 39 47 08 Aug 26 13:30:43.679339: | ikev2 g^x 2f 62 f5 1c 3d 63 42 15 be 0a 9c 99 a8 ed e7 0a Aug 26 13:30:43.679341: | ikev2 g^x db ea 32 87 87 f0 84 c0 b7 ab 93 7d 68 92 b6 46 Aug 26 13:30:43.679343: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:30:43.679346: | ***emit IKEv2 Nonce Payload: Aug 26 13:30:43.679349: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.679351: | flags: none (0x0) Aug 26 13:30:43.679355: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:30:43.679357: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.679360: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.679363: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:30:43.679365: | IKEv2 nonce 36 52 a8 ef d7 c4 40 37 06 64 e0 32 9a 04 a5 87 Aug 26 13:30:43.679367: | IKEv2 nonce 71 38 d0 f4 c2 3d 7d 9b d1 ef d2 04 db f7 d3 c8 Aug 26 13:30:43.679370: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:30:43.679372: | Adding a v2N Payload Aug 26 13:30:43.679375: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.679377: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.679380: | flags: none (0x0) Aug 26 13:30:43.679383: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.679385: | SPI size: 0 (0x0) Aug 26 13:30:43.679388: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.679391: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.679394: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.679397: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.679401: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:43.679403: | natd_hash: rcookie is zero Aug 26 13:30:43.679423: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:43.679427: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.679429: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.679431: | natd_hash: ip= c0 01 03 21 Aug 26 13:30:43.679433: | natd_hash: port=500 Aug 26 13:30:43.679436: | natd_hash: hash= 12 e9 0f 21 9a 6e 02 1e df c8 ab 45 ff 17 e9 bb Aug 26 13:30:43.679438: | natd_hash: hash= 82 a5 c7 f6 Aug 26 13:30:43.679440: | Adding a v2N Payload Aug 26 13:30:43.679442: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.679445: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.679447: | flags: none (0x0) Aug 26 13:30:43.679449: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.679451: | SPI size: 0 (0x0) Aug 26 13:30:43.679454: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.679459: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.679462: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.679464: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.679467: | Notify data 12 e9 0f 21 9a 6e 02 1e df c8 ab 45 ff 17 e9 bb Aug 26 13:30:43.679469: | Notify data 82 a5 c7 f6 Aug 26 13:30:43.679472: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.679474: | natd_hash: rcookie is zero Aug 26 13:30:43.679482: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:43.679485: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.679487: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.679489: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.679491: | natd_hash: port=500 Aug 26 13:30:43.679494: | natd_hash: hash= b7 3c fe cd 64 46 00 b9 cf b8 ee 19 c1 7d bf 6b Aug 26 13:30:43.679496: | natd_hash: hash= 0c 6e 2c 0b Aug 26 13:30:43.679498: | Adding a v2N Payload Aug 26 13:30:43.679500: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.679503: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.679505: | flags: none (0x0) Aug 26 13:30:43.679508: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.679510: | SPI size: 0 (0x0) Aug 26 13:30:43.679512: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.679515: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.679518: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.679521: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.679523: | Notify data b7 3c fe cd 64 46 00 b9 cf b8 ee 19 c1 7d bf 6b Aug 26 13:30:43.679526: | Notify data 0c 6e 2c 0b Aug 26 13:30:43.679528: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.679530: | emitting length of ISAKMP Message: 828 Aug 26 13:30:43.679538: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:30:43.679547: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.679552: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:30:43.679555: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:30:43.679558: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:30:43.679561: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:30:43.679564: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:30:43.679569: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.679573: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.679587: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:30:43.679598: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.679601: | 4d 32 ac ac c7 3d 7a d4 00 00 00 00 00 00 00 00 Aug 26 13:30:43.679604: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:30:43.679606: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.679609: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:30:43.679611: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:30:43.679613: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:30:43.679616: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:30:43.679618: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:30:43.679621: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:30:43.679625: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:30:43.679627: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:30:43.679629: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:30:43.679632: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:30:43.679634: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:30:43.679636: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:30:43.679638: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:30:43.679641: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:30:43.679643: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:30:43.679646: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:30:43.679648: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:30:43.679650: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:30:43.679652: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:30:43.679655: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:30:43.679657: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:30:43.679660: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:30:43.679662: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:30:43.679665: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:30:43.679667: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:30:43.679670: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:30:43.679672: | 28 00 01 08 00 0e 00 00 9b 3f d0 7e 8e c1 ca db Aug 26 13:30:43.679675: | ad 8c 53 68 5e 1a 7c 91 25 d4 cc ba 90 35 71 05 Aug 26 13:30:43.679677: | 81 be 92 f3 9a 38 70 ba 95 5b 87 ae 1f 2e 32 4a Aug 26 13:30:43.679680: | 80 cf 10 fd 99 c2 a7 c8 d9 7e 1b 7d 27 0f 90 0a Aug 26 13:30:43.679682: | c0 1e bd 7f 1d 82 24 c7 a2 91 6d 9a 03 c1 96 21 Aug 26 13:30:43.679685: | 5c 73 3f f1 fb 69 f4 f2 11 f6 9d 73 f9 f1 6e a5 Aug 26 13:30:43.679687: | d3 11 b1 87 40 5b 60 81 d8 4a d2 c0 10 2b 03 78 Aug 26 13:30:43.679690: | 67 9e b2 8f a9 0a be 91 a7 a5 fb 39 75 3c 7a ef Aug 26 13:30:43.679692: | ef 8f 22 86 9c 08 9a 18 9e 19 a4 ae af b2 d8 36 Aug 26 13:30:43.679695: | f3 64 78 34 20 51 33 cf c7 e0 82 3b fb e9 09 db Aug 26 13:30:43.679698: | 9c cb e0 72 32 66 c4 d6 f7 ea 7b 4f 13 72 85 cc Aug 26 13:30:43.679700: | 38 7b 77 db f6 7b ea 22 99 89 00 b6 80 94 ed 51 Aug 26 13:30:43.679703: | 3b d9 32 38 d5 30 08 b1 31 63 08 97 ee 8d f8 94 Aug 26 13:30:43.679706: | 9b 05 c0 e6 00 87 5e ed 02 7d 7d 5a 8f 8f 4e eb Aug 26 13:30:43.679708: | 08 99 50 44 9b 39 47 08 2f 62 f5 1c 3d 63 42 15 Aug 26 13:30:43.679710: | be 0a 9c 99 a8 ed e7 0a db ea 32 87 87 f0 84 c0 Aug 26 13:30:43.679713: | b7 ab 93 7d 68 92 b6 46 29 00 00 24 36 52 a8 ef Aug 26 13:30:43.679715: | d7 c4 40 37 06 64 e0 32 9a 04 a5 87 71 38 d0 f4 Aug 26 13:30:43.679718: | c2 3d 7d 9b d1 ef d2 04 db f7 d3 c8 29 00 00 08 Aug 26 13:30:43.679721: | 00 00 40 2e 29 00 00 1c 00 00 40 04 12 e9 0f 21 Aug 26 13:30:43.679723: | 9a 6e 02 1e df c8 ab 45 ff 17 e9 bb 82 a5 c7 f6 Aug 26 13:30:43.679726: | 00 00 00 1c 00 00 40 05 b7 3c fe cd 64 46 00 b9 Aug 26 13:30:43.679728: | cf b8 ee 19 c1 7d bf 6b 0c 6e 2c 0b Aug 26 13:30:43.679836: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.679845: | libevent_free: release ptr-libevent@0x563350cabd58 Aug 26 13:30:43.679849: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563350cabce8 Aug 26 13:30:43.679853: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.679857: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:30:43.679867: | event_schedule: new EVENT_RETRANSMIT-pe@0x563350cabce8 Aug 26 13:30:43.679872: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:30:43.679875: | libevent_malloc: new ptr-libevent@0x563350cabd58 size 128 Aug 26 13:30:43.679883: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.422333 Aug 26 13:30:43.679888: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:30:43.679894: | #1 spent 1.65 milliseconds in resume sending helper answer Aug 26 13:30:43.679899: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.679903: | libevent_free: release ptr-libevent@0x7f6638002888 Aug 26 13:30:43.682986: | spent 0.00345 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.683014: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:30:43.683020: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.683023: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:30:43.683025: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.683028: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:30:43.683030: | 04 00 00 0e 28 00 01 08 00 0e 00 00 1a a3 2f f0 Aug 26 13:30:43.683033: | d4 3a 37 03 4d 86 55 9d 84 41 e4 b7 fb 7a cd 37 Aug 26 13:30:43.683035: | b9 00 e4 07 ab dc 67 81 29 47 48 c3 73 30 a1 26 Aug 26 13:30:43.683038: | dc 77 36 24 76 6a 33 5d 7e 63 bd ba 8e e5 dd 18 Aug 26 13:30:43.683040: | df 54 81 ff 95 d9 22 f6 5a 38 5f df 69 9f b3 e7 Aug 26 13:30:43.683043: | c3 78 62 c6 08 63 6c d5 5c 66 74 ab e9 8a b3 a1 Aug 26 13:30:43.683045: | 2c d2 1d c0 f3 f6 40 96 1e cd fb 32 84 06 28 68 Aug 26 13:30:43.683047: | e7 53 7e 47 0f 99 01 c4 11 9b e9 e2 84 55 6e 20 Aug 26 13:30:43.683050: | 77 72 93 e3 2c dc 04 fb 15 92 39 94 03 23 d5 2e Aug 26 13:30:43.683052: | 3d 53 56 12 81 9f 04 35 48 2f 46 9d d6 14 0e e2 Aug 26 13:30:43.683055: | dd b7 01 a3 5d b7 c4 6f ad eb d8 13 cd d4 3e 08 Aug 26 13:30:43.683057: | ea d4 66 c6 5d 9b 38 c0 6c 71 15 1c d5 77 f5 80 Aug 26 13:30:43.683059: | 4e 4d dd bc d4 03 ac 1b 70 b9 ed bb 2a 91 a9 ec Aug 26 13:30:43.683062: | 61 ec 8c d8 96 2b e5 78 da fb 10 53 1d f6 52 45 Aug 26 13:30:43.683064: | 3f 08 48 ce d2 ab 96 91 9a 88 20 c8 1f 87 02 9a Aug 26 13:30:43.683067: | b0 64 59 ed 7c b0 08 72 ad 33 8b bc 40 38 47 c6 Aug 26 13:30:43.683069: | d3 7c 47 cd c3 84 62 b4 dc 17 e6 0c 29 00 00 24 Aug 26 13:30:43.683072: | 14 0b 14 f8 07 6c a5 37 dd 27 8f 9a 12 0a da e6 Aug 26 13:30:43.683074: | 39 d1 e1 2d 02 4c d1 98 ad 0d e0 1e a0 61 60 d9 Aug 26 13:30:43.683077: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:30:43.683079: | f3 d5 eb 5d 4e b6 fb f3 c3 09 a2 2a 1f 18 87 bd Aug 26 13:30:43.683082: | 6d 16 15 14 00 00 00 1c 00 00 40 05 0d d7 76 a4 Aug 26 13:30:43.683084: | b3 96 7d 3f 9e bb 1c b6 98 e4 ec 8c 74 eb b4 ec Aug 26 13:30:43.683089: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.683093: | **parse ISAKMP Message: Aug 26 13:30:43.683096: | initiator cookie: Aug 26 13:30:43.683098: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.683101: | responder cookie: Aug 26 13:30:43.683103: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.683105: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.683107: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.683109: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.683110: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.683112: | Message ID: 0 (0x0) Aug 26 13:30:43.683114: | length: 432 (0x1b0) Aug 26 13:30:43.683116: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:30:43.683118: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:30:43.683121: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:30:43.683126: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.683130: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.683133: | #1 is idle Aug 26 13:30:43.683134: | #1 idle Aug 26 13:30:43.683136: | unpacking clear payload Aug 26 13:30:43.683138: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.683140: | ***parse IKEv2 Security Association Payload: Aug 26 13:30:43.683141: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:30:43.683143: | flags: none (0x0) Aug 26 13:30:43.683145: | length: 40 (0x28) Aug 26 13:30:43.683147: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:30:43.683148: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:30:43.683150: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:30:43.683152: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:30:43.683153: | flags: none (0x0) Aug 26 13:30:43.683155: | length: 264 (0x108) Aug 26 13:30:43.683157: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.683158: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:30:43.683160: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.683162: | ***parse IKEv2 Nonce Payload: Aug 26 13:30:43.683164: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.683165: | flags: none (0x0) Aug 26 13:30:43.683167: | length: 36 (0x24) Aug 26 13:30:43.683168: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:30:43.683170: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.683172: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.683173: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.683175: | flags: none (0x0) Aug 26 13:30:43.683176: | length: 8 (0x8) Aug 26 13:30:43.683178: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.683180: | SPI size: 0 (0x0) Aug 26 13:30:43.683182: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.683183: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.683185: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.683186: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.683188: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.683190: | flags: none (0x0) Aug 26 13:30:43.683191: | length: 28 (0x1c) Aug 26 13:30:43.683193: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.683194: | SPI size: 0 (0x0) Aug 26 13:30:43.683196: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.683198: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.683199: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.683201: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.683202: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.683204: | flags: none (0x0) Aug 26 13:30:43.683205: | length: 28 (0x1c) Aug 26 13:30:43.683207: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.683208: | SPI size: 0 (0x0) Aug 26 13:30:43.683210: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.683212: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.683214: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:30:43.683218: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.683220: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.683222: | Now let's proceed with state specific processing Aug 26 13:30:43.683223: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.683226: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:30:43.683237: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.683241: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:30:43.683243: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.683245: | local proposal 1 type PRF has 2 transforms Aug 26 13:30:43.683246: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.683248: | local proposal 1 type DH has 8 transforms Aug 26 13:30:43.683250: | local proposal 1 type ESN has 0 transforms Aug 26 13:30:43.683252: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.683254: | local proposal 2 type ENCR has 1 transforms Aug 26 13:30:43.683255: | local proposal 2 type PRF has 2 transforms Aug 26 13:30:43.683257: | local proposal 2 type INTEG has 1 transforms Aug 26 13:30:43.683259: | local proposal 2 type DH has 8 transforms Aug 26 13:30:43.683260: | local proposal 2 type ESN has 0 transforms Aug 26 13:30:43.683262: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.683264: | local proposal 3 type ENCR has 1 transforms Aug 26 13:30:43.683265: | local proposal 3 type PRF has 2 transforms Aug 26 13:30:43.683267: | local proposal 3 type INTEG has 2 transforms Aug 26 13:30:43.683269: | local proposal 3 type DH has 8 transforms Aug 26 13:30:43.683270: | local proposal 3 type ESN has 0 transforms Aug 26 13:30:43.683272: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.683274: | local proposal 4 type ENCR has 1 transforms Aug 26 13:30:43.683275: | local proposal 4 type PRF has 2 transforms Aug 26 13:30:43.683277: | local proposal 4 type INTEG has 2 transforms Aug 26 13:30:43.683279: | local proposal 4 type DH has 8 transforms Aug 26 13:30:43.683280: | local proposal 4 type ESN has 0 transforms Aug 26 13:30:43.683282: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.683284: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.683286: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.683292: | length: 36 (0x24) Aug 26 13:30:43.683296: | prop #: 1 (0x1) Aug 26 13:30:43.683298: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.683300: | spi size: 0 (0x0) Aug 26 13:30:43.683301: | # transforms: 3 (0x3) Aug 26 13:30:43.683304: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:30:43.683306: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.683307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.683309: | length: 12 (0xc) Aug 26 13:30:43.683311: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.683312: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.683314: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.683316: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.683318: | length/value: 256 (0x100) Aug 26 13:30:43.683321: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.683322: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.683324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.683326: | length: 8 (0x8) Aug 26 13:30:43.683327: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.683329: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.683331: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:30:43.683333: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.683334: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.683337: | length: 8 (0x8) Aug 26 13:30:43.683339: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.683340: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.683343: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:30:43.683345: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:30:43.683348: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:30:43.683350: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.683352: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:30:43.683353: | converting proposal to internal trans attrs Aug 26 13:30:43.683367: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:43.683369: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.683371: | natd_hash: rcookie= 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.683372: | natd_hash: ip= c0 01 03 21 Aug 26 13:30:43.683374: | natd_hash: port=500 Aug 26 13:30:43.683375: | natd_hash: hash= 0d d7 76 a4 b3 96 7d 3f 9e bb 1c b6 98 e4 ec 8c Aug 26 13:30:43.683377: | natd_hash: hash= 74 eb b4 ec Aug 26 13:30:43.683381: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:43.683383: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.683384: | natd_hash: rcookie= 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.683386: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.683387: | natd_hash: port=500 Aug 26 13:30:43.683389: | natd_hash: hash= f3 d5 eb 5d 4e b6 fb f3 c3 09 a2 2a 1f 18 87 bd Aug 26 13:30:43.683390: | natd_hash: hash= 6d 16 15 14 Aug 26 13:30:43.683392: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:30:43.683394: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:30:43.683395: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:30:43.683398: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:30:43.683402: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:30:43.683404: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:30:43.683406: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.683408: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:30:43.683411: | libevent_free: release ptr-libevent@0x563350cabd58 Aug 26 13:30:43.683413: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563350cabce8 Aug 26 13:30:43.683415: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563350cabce8 Aug 26 13:30:43.683418: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.683420: | libevent_malloc: new ptr-libevent@0x563350caba88 size 128 Aug 26 13:30:43.683429: | #1 spent 0.198 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:30:43.683434: | crypto helper 1 resuming Aug 26 13:30:43.683434: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.683446: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:30:43.683449: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:30:43.683451: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:30:43.683452: | suspending state #1 and saving MD Aug 26 13:30:43.683457: | #1 is busy; has a suspended MD Aug 26 13:30:43.683462: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:43.683466: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:43.683470: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.683475: | #1 spent 0.467 milliseconds in ikev2_process_packet() Aug 26 13:30:43.683481: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.683485: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.683488: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.683492: | spent 0.484 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.683997: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:30:43.684268: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000818 seconds Aug 26 13:30:43.684274: | (#1) spent 0.823 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:30:43.684276: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:30:43.684278: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.684281: | libevent_malloc: new ptr-libevent@0x7f6630000f48 size 128 Aug 26 13:30:43.684287: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.684305: | processing resume sending helper answer for #1 Aug 26 13:30:43.684311: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.684315: | crypto helper 1 replies to request ID 2 Aug 26 13:30:43.684318: | calling continuation function 0x56335014db50 Aug 26 13:30:43.684321: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:30:43.684328: | creating state object #2 at 0x563350cae968 Aug 26 13:30:43.684332: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:30:43.684336: | pstats #2 ikev2.child started Aug 26 13:30:43.684339: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Aug 26 13:30:43.684344: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:30:43.684351: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.684355: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.684360: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.684363: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.684366: | libevent_free: release ptr-libevent@0x563350caba88 Aug 26 13:30:43.684369: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563350cabce8 Aug 26 13:30:43.684372: | event_schedule: new EVENT_SA_REPLACE-pe@0x563350cabce8 Aug 26 13:30:43.684376: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:30:43.684379: | libevent_malloc: new ptr-libevent@0x563350caba88 size 128 Aug 26 13:30:43.684382: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:30:43.684388: | **emit ISAKMP Message: Aug 26 13:30:43.684391: | initiator cookie: Aug 26 13:30:43.684393: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.684396: | responder cookie: Aug 26 13:30:43.684398: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.684401: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.684404: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.684407: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.684409: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.684412: | Message ID: 1 (0x1) Aug 26 13:30:43.684415: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.684418: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:43.684421: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.684423: | flags: none (0x0) Aug 26 13:30:43.684427: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:43.684432: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.684435: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:43.684444: | IKEv2 CERT: send a certificate? Aug 26 13:30:43.684448: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:30:43.684450: | IDr payload will NOT be sent Aug 26 13:30:43.684465: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:30:43.684469: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.684472: | flags: none (0x0) Aug 26 13:30:43.684475: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.684478: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:30:43.684481: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.684485: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:30:43.684488: | my identity c0 01 03 21 Aug 26 13:30:43.684491: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:30:43.684500: | not sending INITIAL_CONTACT Aug 26 13:30:43.684504: | ****emit IKEv2 Authentication Payload: Aug 26 13:30:43.684507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.684509: | flags: none (0x0) Aug 26 13:30:43.684512: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.684515: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.684519: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.684522: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:30:43.684529: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.684532: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.684538: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 13:30:43.684542: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.684546: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.684548: | line 1: match=002 Aug 26 13:30:43.684551: | match 002 beats previous best_match 000 match=0x563350c02c48 (line=1) Aug 26 13:30:43.684554: | concluding with best_match=002 best=0x563350c02c48 (lineno=1) Aug 26 13:30:43.684620: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:30:43.684625: | PSK auth 4a 97 de 4c db 8e 3d 10 a0 a3 f9 b5 e8 b3 56 63 Aug 26 13:30:43.684628: | PSK auth 89 32 70 b3 5b 5a 3a af bc 45 0a fc d3 d0 0a 08 Aug 26 13:30:43.684631: | PSK auth af 9e 1a af 29 ef 32 b3 4e 3f dd f9 ec 53 2f e8 Aug 26 13:30:43.684633: | PSK auth 14 04 2d c9 88 39 33 b4 81 80 86 dc 78 f1 5a a8 Aug 26 13:30:43.684637: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:30:43.684640: | getting first pending from state #1 Aug 26 13:30:43.685070: | netlink_get_spi: allocated 0xf798fcd6 for esp.0@192.1.3.33 Aug 26 13:30:43.685078: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:30:43.685088: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:30:43.685095: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.685100: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.685113: | Emitting ikev2_proposals ... Aug 26 13:30:43.685118: | ****emit IKEv2 Security Association Payload: Aug 26 13:30:43.685121: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.685126: | flags: none (0x0) Aug 26 13:30:43.685130: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.685134: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.685137: | discarding DH=NONE Aug 26 13:30:43.685139: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.685143: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.685145: | prop #: 1 (0x1) Aug 26 13:30:43.685148: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.685151: | spi size: 4 (0x4) Aug 26 13:30:43.685153: | # transforms: 3 (0x3) Aug 26 13:30:43.685156: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.685160: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:30:43.685162: | our spi f7 98 fc d6 Aug 26 13:30:43.685165: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.685168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.685171: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.685174: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.685176: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.685180: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.685183: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.685186: | length/value: 256 (0x100) Aug 26 13:30:43.685189: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.685192: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.685195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.685197: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.685200: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.685203: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.685207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.685210: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.685212: | discarding DH=NONE Aug 26 13:30:43.685215: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.685217: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.685220: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.685222: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.685225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.685228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.685231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.685234: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:30:43.685237: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.685239: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:30:43.685242: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.685246: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.685249: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.685252: | flags: none (0x0) Aug 26 13:30:43.685254: | number of TS: 1 (0x1) Aug 26 13:30:43.685258: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.685263: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.685266: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.685269: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.685271: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.685274: | start port: 0 (0x0) Aug 26 13:30:43.685277: | end port: 65535 (0xffff) Aug 26 13:30:43.685280: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.685282: | ipv4 start c0 00 03 00 Aug 26 13:30:43.685285: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.685292: | ipv4 end c0 00 03 ff Aug 26 13:30:43.685299: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.685301: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:30:43.685304: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.685306: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.685309: | flags: none (0x0) Aug 26 13:30:43.685312: | number of TS: 1 (0x1) Aug 26 13:30:43.685315: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.685318: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.685321: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.685324: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.685326: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.685329: | start port: 0 (0x0) Aug 26 13:30:43.685331: | end port: 65535 (0xffff) Aug 26 13:30:43.685334: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.685337: | ipv4 start c0 00 02 00 Aug 26 13:30:43.685340: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.685342: | ipv4 end c0 00 02 ff Aug 26 13:30:43.685345: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.685347: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:30:43.685350: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:30:43.685353: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:43.685356: | Adding a v2N Payload Aug 26 13:30:43.685359: | ****emit IKEv2 Notify Payload: Aug 26 13:30:43.685361: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.685364: | flags: none (0x0) Aug 26 13:30:43.685366: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.685369: | SPI size: 0 (0x0) Aug 26 13:30:43.685372: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.685375: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.685379: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.685382: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.685385: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:43.685389: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:43.685392: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:43.685395: | emitting length of IKEv2 Encryption Payload: 213 Aug 26 13:30:43.685398: | emitting length of ISAKMP Message: 241 Aug 26 13:30:43.685415: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.685420: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.685425: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:30:43.685431: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:30:43.685435: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:30:43.685438: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:30:43.685443: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.685448: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:30:43.685453: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:30:43.685464: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:30:43.685470: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.685473: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.685476: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Aug 26 13:30:43.685478: | 15 6f 27 05 0c 1b 6b 83 87 ed ef ea 5f f5 fc 54 Aug 26 13:30:43.685480: | 7c 3a c9 f0 ce d9 53 fb c5 e5 43 9f 56 d6 a0 73 Aug 26 13:30:43.685483: | 64 be 9a 3c 6d 93 27 46 ff 78 36 2b 9a 30 9a 39 Aug 26 13:30:43.685485: | 69 ca 3d 2e 76 53 02 ac 31 0b ee f4 b1 d0 e4 67 Aug 26 13:30:43.685488: | cb e5 bc 10 dc 3f 3b c5 1b c6 5a 43 37 21 12 a2 Aug 26 13:30:43.685490: | 99 aa 79 01 9b 36 7a 35 f9 a1 b3 d3 b0 c9 e0 2c Aug 26 13:30:43.685493: | 83 b9 bd f9 5a 47 49 1f 1a 65 5f ed 40 a5 2f 97 Aug 26 13:30:43.685495: | 90 44 69 9a f1 67 c8 bf 35 d6 fa 12 1c a3 56 ed Aug 26 13:30:43.685497: | cc d8 88 a6 3e 49 4a 45 42 04 98 22 4f a7 9d 36 Aug 26 13:30:43.685500: | 2b aa a0 9c ac 43 98 cd c9 f8 00 af ce 5a be c4 Aug 26 13:30:43.685502: | 00 02 b0 71 dd 89 9c 67 c7 0d 71 e5 03 13 66 75 Aug 26 13:30:43.685505: | 35 1e 85 a0 d1 bf 5e 83 fb 78 eb 79 35 ee 01 e0 Aug 26 13:30:43.685507: | 17 60 6a 91 c5 93 c5 e7 35 54 7e 7d 82 1b ea 09 Aug 26 13:30:43.685509: | 28 Aug 26 13:30:43.685558: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.685563: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:30:43.685572: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6638002b78 Aug 26 13:30:43.685576: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:30:43.685580: | libevent_malloc: new ptr-libevent@0x563350caf638 size 128 Aug 26 13:30:43.685585: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.428038 Aug 26 13:30:43.685590: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:43.685596: | #1 spent 1.25 milliseconds in resume sending helper answer Aug 26 13:30:43.685601: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.685605: | libevent_free: release ptr-libevent@0x7f6630000f48 Aug 26 13:30:43.727658: | spent 0.00389 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.727700: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:30:43.727706: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.727710: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Aug 26 13:30:43.727712: | 4b 76 ee 00 34 5d 3a 52 0f ae 0a 4a 04 ed 6e 29 Aug 26 13:30:43.727715: | e3 92 6d 59 30 61 51 d6 9f 00 ee 40 78 e1 08 c7 Aug 26 13:30:43.727718: | 6e 2a 21 6e b5 90 e7 5f 48 f4 9f 9f 01 d7 8f a4 Aug 26 13:30:43.727721: | 99 f7 5f 07 01 dd 3c 8e e4 44 6e d3 1d 47 7c af Aug 26 13:30:43.727723: | a4 51 b1 b9 83 df 26 57 f5 cf dd df 8a fc ca a7 Aug 26 13:30:43.727729: | a4 9c 1d 53 da 99 35 60 4e 56 c5 7f 81 67 0b ed Aug 26 13:30:43.727731: | 0f 49 f0 86 69 8c 74 28 93 2c a6 bf 6f b9 2b fb Aug 26 13:30:43.727734: | 5a ec 22 9c eb 79 d7 88 b7 b7 86 6f b1 ba 63 43 Aug 26 13:30:43.727737: | e4 7b 64 c2 8f 04 8b 3e 8f e2 46 11 66 0d 04 45 Aug 26 13:30:43.727740: | f3 13 af e7 18 35 e6 51 f4 f9 1e a8 79 bc 4a a4 Aug 26 13:30:43.727742: | 16 f1 43 54 bc fd 9d 30 fb f8 de 0e 6d ea a4 a1 Aug 26 13:30:43.727745: | b8 65 9d e3 1d e9 69 a9 31 15 55 fd 95 4e 66 ad Aug 26 13:30:43.727748: | 90 8e ec 7f 5e 30 23 52 76 ce f7 1e 79 62 4c f8 Aug 26 13:30:43.727750: | d3 Aug 26 13:30:43.727756: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.727760: | **parse ISAKMP Message: Aug 26 13:30:43.727764: | initiator cookie: Aug 26 13:30:43.727766: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:43.727769: | responder cookie: Aug 26 13:30:43.727772: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:43.727775: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:43.727778: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.727782: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.727785: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.727788: | Message ID: 1 (0x1) Aug 26 13:30:43.727791: | length: 241 (0xf1) Aug 26 13:30:43.727794: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:30:43.727798: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:30:43.727802: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:30:43.727809: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.727813: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:30:43.727818: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.727824: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.727827: | #2 is idle Aug 26 13:30:43.727830: | #2 idle Aug 26 13:30:43.727833: | unpacking clear payload Aug 26 13:30:43.727835: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:43.727839: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:43.727842: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.727844: | flags: none (0x0) Aug 26 13:30:43.727847: | length: 213 (0xd5) Aug 26 13:30:43.727850: | processing payload: ISAKMP_NEXT_v2SK (len=209) Aug 26 13:30:43.727854: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:30:43.727872: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:30:43.727876: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.727879: | **parse IKEv2 Notify Payload: Aug 26 13:30:43.727882: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:30:43.727885: | flags: none (0x0) Aug 26 13:30:43.727888: | length: 8 (0x8) Aug 26 13:30:43.727891: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.727894: | SPI size: 0 (0x0) Aug 26 13:30:43.727897: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.727900: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.727902: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:30:43.727906: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:30:43.727909: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:30:43.727911: | flags: none (0x0) Aug 26 13:30:43.727914: | length: 12 (0xc) Aug 26 13:30:43.727917: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.727920: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:30:43.727923: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.727926: | **parse IKEv2 Authentication Payload: Aug 26 13:30:43.727929: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.727934: | flags: none (0x0) Aug 26 13:30:43.727938: | length: 72 (0x48) Aug 26 13:30:43.727941: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.727944: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:30:43.727946: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.727949: | **parse IKEv2 Security Association Payload: Aug 26 13:30:43.727952: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:30:43.727955: | flags: none (0x0) Aug 26 13:30:43.727957: | length: 44 (0x2c) Aug 26 13:30:43.727960: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:30:43.727963: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.727966: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.727969: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:30:43.727971: | flags: none (0x0) Aug 26 13:30:43.727974: | length: 24 (0x18) Aug 26 13:30:43.727977: | number of TS: 1 (0x1) Aug 26 13:30:43.727980: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:30:43.727982: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.727985: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.727988: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.727991: | flags: none (0x0) Aug 26 13:30:43.727993: | length: 24 (0x18) Aug 26 13:30:43.727996: | number of TS: 1 (0x1) Aug 26 13:30:43.727999: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:30:43.728002: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:30:43.728005: | Now let's proceed with state specific processing Aug 26 13:30:43.728007: | calling processor Initiator: process IKE_AUTH response Aug 26 13:30:43.728012: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 13:30:43.728016: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 13:30:43.728019: | peer ID c0 01 02 17 Aug 26 13:30:43.728023: | offered CA: '%none' Aug 26 13:30:43.728029: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 13:30:43.728074: | verifying AUTH payload Aug 26 13:30:43.728081: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:30:43.728087: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.728092: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.728097: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 13:30:43.728101: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.728105: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 13:30:43.728108: | line 1: match=002 Aug 26 13:30:43.728112: | match 002 beats previous best_match 000 match=0x563350c02c48 (line=1) Aug 26 13:30:43.728115: | concluding with best_match=002 best=0x563350c02c48 (lineno=1) Aug 26 13:30:43.728185: "northnet-eastnet" #2: Authenticated using authby=secret Aug 26 13:30:43.728198: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:30:43.728204: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:30:43.728207: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:30:43.728212: | libevent_free: release ptr-libevent@0x563350caba88 Aug 26 13:30:43.728215: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563350cabce8 Aug 26 13:30:43.728218: | event_schedule: new EVENT_SA_REKEY-pe@0x563350cabce8 Aug 26 13:30:43.728222: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:30:43.728226: | libevent_malloc: new ptr-libevent@0x7f6630000f48 size 128 Aug 26 13:30:43.728478: | pstats #1 ikev2.ike established Aug 26 13:30:43.728490: | TSi: parsing 1 traffic selectors Aug 26 13:30:43.728495: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.728499: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.728502: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.728505: | length: 16 (0x10) Aug 26 13:30:43.728510: | start port: 0 (0x0) Aug 26 13:30:43.728513: | end port: 65535 (0xffff) Aug 26 13:30:43.728516: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.728519: | TS low c0 00 03 00 Aug 26 13:30:43.728522: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.728525: | TS high c0 00 03 ff Aug 26 13:30:43.728528: | TSi: parsed 1 traffic selectors Aug 26 13:30:43.728531: | TSr: parsing 1 traffic selectors Aug 26 13:30:43.728534: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.728537: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.728539: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.728542: | length: 16 (0x10) Aug 26 13:30:43.728544: | start port: 0 (0x0) Aug 26 13:30:43.728547: | end port: 65535 (0xffff) Aug 26 13:30:43.728550: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.728553: | TS low c0 00 02 00 Aug 26 13:30:43.728555: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.728558: | TS high c0 00 02 ff Aug 26 13:30:43.728561: | TSr: parsed 1 traffic selectors Aug 26 13:30:43.728568: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:30:43.728574: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.728581: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:30:43.728585: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:30:43.728587: | TSi[0] port match: YES fitness 65536 Aug 26 13:30:43.728590: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:30:43.728594: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.728598: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.728604: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:30:43.728607: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:30:43.728610: | TSr[0] port match: YES fitness 65536 Aug 26 13:30:43.728612: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:30:43.728615: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.728618: | best fit so far: TSi[0] TSr[0] Aug 26 13:30:43.728620: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:30:43.728623: | printing contents struct traffic_selector Aug 26 13:30:43.728625: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.728628: | ipprotoid: 0 Aug 26 13:30:43.728630: | port range: 0-65535 Aug 26 13:30:43.728634: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:30:43.728636: | printing contents struct traffic_selector Aug 26 13:30:43.728639: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.728641: | ipprotoid: 0 Aug 26 13:30:43.728643: | port range: 0-65535 Aug 26 13:30:43.728647: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:30:43.728655: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.728659: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:30:43.728663: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.728666: | local proposal 1 type PRF has 0 transforms Aug 26 13:30:43.728669: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.728671: | local proposal 1 type DH has 1 transforms Aug 26 13:30:43.728674: | local proposal 1 type ESN has 1 transforms Aug 26 13:30:43.728678: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:30:43.728681: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.728684: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.728686: | length: 40 (0x28) Aug 26 13:30:43.728689: | prop #: 1 (0x1) Aug 26 13:30:43.728691: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.728697: | spi size: 4 (0x4) Aug 26 13:30:43.728700: | # transforms: 3 (0x3) Aug 26 13:30:43.728704: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:30:43.728706: | remote SPI 49 20 f8 18 Aug 26 13:30:43.728710: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:30:43.728713: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.728715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.728718: | length: 12 (0xc) Aug 26 13:30:43.728721: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.728723: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.728726: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.728729: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.728731: | length/value: 256 (0x100) Aug 26 13:30:43.728736: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.728739: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.728741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.728744: | length: 8 (0x8) Aug 26 13:30:43.728746: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.728749: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.728752: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:30:43.728755: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.728758: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.728760: | length: 8 (0x8) Aug 26 13:30:43.728763: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.728765: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.728769: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:30:43.728772: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:30:43.728777: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:30:43.728780: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.728783: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 13:30:43.728788: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=4920f818;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:30:43.728791: | converting proposal to internal trans attrs Aug 26 13:30:43.728796: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 13:30:43.728800: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 13:30:43.728970: | #1 spent 1.12 milliseconds Aug 26 13:30:43.728976: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:30:43.728979: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Aug 26 13:30:43.728982: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.728985: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.728988: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.728992: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.728996: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.728999: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.729002: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.729007: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.729011: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 13:30:43.729014: | netlink: enabling tunnel mode Aug 26 13:30:43.729017: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.729020: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.729100: | netlink response for Add SA esp.4920f818@192.1.2.23 included non-error error Aug 26 13:30:43.729105: | set up outgoing SA, ref=0/0 Aug 26 13:30:43.729108: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.729111: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.729114: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.729117: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.729120: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 13:30:43.729123: | netlink: enabling tunnel mode Aug 26 13:30:43.729126: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.729129: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.729169: | netlink response for Add SA esp.f798fcd6@192.1.3.33 included non-error error Aug 26 13:30:43.729175: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:30:43.729183: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:30:43.729186: | IPsec Sa SPD priority set to 1042407 Aug 26 13:30:43.729209: | raw_eroute result=success Aug 26 13:30:43.729213: | set up incoming SA, ref=0/0 Aug 26 13:30:43.729215: | sr for #2: unrouted Aug 26 13:30:43.729218: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:30:43.729221: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.729225: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.729228: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.729232: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.729236: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:30:43.729239: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:30:43.729247: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:30:43.729251: | IPsec Sa SPD priority set to 1042407 Aug 26 13:30:43.729265: | raw_eroute result=success Aug 26 13:30:43.729270: | running updown command "ipsec _updown" for verb up Aug 26 13:30:43.729273: | command executing up-client Aug 26 13:30:43.729306: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 13:30:43.729315: | popen cmd is 1052 chars long Aug 26 13:30:43.729319: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 13:30:43.729322: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:30:43.729325: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 13:30:43.729328: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 13:30:43.729331: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Aug 26 13:30:43.729334: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 13:30:43.729339: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:30:43.729342: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 13:30:43.729345: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Aug 26 13:30:43.729348: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:30:43.729351: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:30:43.729354: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:30:43.729357: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf798fcd6 ipsec : Aug 26 13:30:43.729360: | cmd(1040):_updown 2>&1: Aug 26 13:30:43.740226: | route_and_eroute: firewall_notified: true Aug 26 13:30:43.740245: | running updown command "ipsec _updown" for verb prepare Aug 26 13:30:43.740248: | command executing prepare-client Aug 26 13:30:43.740271: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:30:43.740274: | popen cmd is 1057 chars long Aug 26 13:30:43.740277: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:30:43.740279: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 13:30:43.740280: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:43.740282: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:43.740284: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:43.740285: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:43.740287: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:43.740301: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 13:30:43.740303: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Aug 26 13:30:43.740305: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 13:30:43.740306: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 13:30:43.740308: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 13:30:43.740310: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf798fcd6 i: Aug 26 13:30:43.740311: | cmd(1040):psec _updown 2>&1: Aug 26 13:30:43.750350: | running updown command "ipsec _updown" for verb route Aug 26 13:30:43.750371: | command executing route-client Aug 26 13:30:43.750396: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Aug 26 13:30:43.750402: | popen cmd is 1055 chars long Aug 26 13:30:43.750405: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:30:43.750407: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:30:43.750408: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:30:43.750410: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:30:43.750412: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:30:43.750414: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:30:43.750415: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:30:43.750417: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Aug 26 13:30:43.750419: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Aug 26 13:30:43.750420: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:30:43.750422: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:30:43.750424: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:30:43.750425: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf798fcd6 ips: Aug 26 13:30:43.750427: | cmd(1040):ec _updown 2>&1: Aug 26 13:30:43.763596: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x563350ca7d78,sr=0x563350ca7d78} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:30:43.763683: | #1 spent 1.7 milliseconds in install_ipsec_sa() Aug 26 13:30:43.763693: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:30:43.763697: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.763703: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:30:43.763714: | libevent_free: release ptr-libevent@0x563350caf638 Aug 26 13:30:43.763722: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6638002b78 Aug 26 13:30:43.763729: | #2 spent 2.55 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:30:43.763738: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.763744: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:30:43.763748: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:30:43.763753: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:30:43.763757: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:30:43.763764: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:30:43.763774: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:43.763778: | pstats #2 ikev2.child established Aug 26 13:30:43.763788: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:30:43.764005: | NAT-T: encaps is 'auto' Aug 26 13:30:43.764013: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x4920f818 <0xf798fcd6 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 13:30:43.764039: | releasing whack for #2 (sock=fd@25) Aug 26 13:30:43.764045: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:30:43.764048: | releasing whack and unpending for parent #1 Aug 26 13:30:43.764051: | unpending state #1 connection "northnet-eastnet" Aug 26 13:30:43.764058: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Aug 26 13:30:43.764062: | removing pending policy for no connection {0x563350c9a8d8} Aug 26 13:30:43.764074: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:30:43.764080: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:30:43.764084: | event_schedule: new EVENT_SA_REKEY-pe@0x7f6638002b78 Aug 26 13:30:43.764089: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:30:43.764093: | libevent_malloc: new ptr-libevent@0x563350cae5c8 size 128 Aug 26 13:30:43.764101: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.764108: | #1 spent 3.03 milliseconds in ikev2_process_packet() Aug 26 13:30:43.764116: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.764122: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.764125: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.764130: | spent 3.06 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.764150: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.764159: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.764164: | spent 0.00825 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.764167: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.764171: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.764175: | spent 0.00392 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.764178: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.764181: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.764185: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.932374: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.932395: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:30:44.932414: | FOR_EACH_STATE_... in sort_states Aug 26 13:30:44.932423: | get_sa_info esp.f798fcd6@192.1.3.33 Aug 26 13:30:44.932453: | get_sa_info esp.4920f818@192.1.2.23 Aug 26 13:30:44.932474: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.932482: | spent 0.116 milliseconds in whack Aug 26 13:30:50.245456: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.245472: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:30:50.245474: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 13:30:50.245478: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Aug 26 13:30:50.245480: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:30:50.245485: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.245488: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.245492: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.245497: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:50.245500: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:50.245502: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:50.245504: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 13:30:50.245507: | running updown command "ipsec _updown" for verb down Aug 26 13:30:50.245508: | command executing down-client Aug 26 13:30:50.245529: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 13:30:50.245532: | popen cmd is 1063 chars long Aug 26 13:30:50.245534: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 13:30:50.245536: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 13:30:50.245538: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 13:30:50.245540: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 13:30:50.245541: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 13:30:50.245543: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 13:30:50.245544: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:30:50.245546: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_P: Aug 26 13:30:50.245548: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 13:30:50.245549: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 13:30:50.245551: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 13:30:50.245553: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 13:30:50.245554: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf798: Aug 26 13:30:50.245556: | cmd(1040):fcd6 ipsec _updown 2>&1: Aug 26 13:30:50.253144: | running updown command "ipsec _updown" for verb unroute Aug 26 13:30:50.253162: | command executing unroute-client Aug 26 13:30:50.253185: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Aug 26 13:30:50.253192: | popen cmd is 1066 chars long Aug 26 13:30:50.253194: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:30:50.253196: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 13:30:50.253198: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:50.253199: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:50.253201: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:50.253203: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:50.253204: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:50.253206: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CON: Aug 26 13:30:50.253207: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 13:30:50.253209: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 13:30:50.253211: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 13:30:50.253212: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 13:30:50.253214: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf: Aug 26 13:30:50.253216: | cmd(1040):798fcd6 ipsec _updown 2>&1: Aug 26 13:30:50.261331: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261360: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261366: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261369: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261373: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261377: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261404: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261419: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261433: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261446: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261460: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261477: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261489: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261502: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261514: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261527: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261541: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261554: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261566: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261579: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261592: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261607: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261620: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261632: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.261645: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.263908: "northnet-eastnet" #1: unroute-client output: RTNETLINK answers: Network is unreachable Aug 26 13:30:50.266995: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x563350cabe58 Aug 26 13:30:50.267013: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 13:30:50.267017: | libevent_malloc: new ptr-libevent@0x563350cab9d8 size 128 Aug 26 13:30:50.267031: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.267037: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:30:50.267040: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:30:50.267043: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:30:50.267050: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.267054: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.267056: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.267059: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.267064: | spent 1.2 milliseconds in kernel message Aug 26 13:30:50.267076: | timer_event_cb: processing event@0x563350cabe58 Aug 26 13:30:50.267080: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:30:50.267085: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:30:50.267088: | #1 IKEv2 local address change Aug 26 13:30:50.267338: "northnet-eastnet" #1: unexpected TRY AGAIN from second resolve_defaultroute_one Aug 26 13:30:50.267348: "northnet-eastnet" #1: no local source address to reach remote 192.1.2.23, local gateway Aug 26 13:30:50.267352: | libevent_free: release ptr-libevent@0x563350cab9d8 Aug 26 13:30:50.267355: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x563350cabe58 Aug 26 13:30:50.267361: | #1 spent 0.281 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:30:50.267366: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:30:50.267369: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.267375: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.267379: | spent 0.00543 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.267382: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.267386: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.267390: | spent 0.004 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.402916: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.402953: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:30:50.402958: | xfrm netlink address change RTM_NEWADDR msg len 80 Aug 26 13:30:50.402964: | XFRM RTM_NEWADDR 192.1.8.22 IFA_LOCAL Aug 26 13:30:50.402968: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:30:50.402975: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.402981: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.402986: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.402990: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x563350cabe58 Aug 26 13:30:50.402995: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 3 seconds for #1 Aug 26 13:30:50.402999: | libevent_malloc: new ptr-libevent@0x563350cab9d8 size 128 Aug 26 13:30:50.403008: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.403012: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:30:50.403014: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:30:50.403017: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:30:50.403021: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.403025: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.403028: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.403032: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.403040: | spent 0.1 milliseconds in kernel message Aug 26 13:30:50.456745: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.456764: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.456771: | spent 0.00754 milliseconds in kernel message Aug 26 13:30:53.406378: | timer_event_cb: processing event@0x563350cabe58 Aug 26 13:30:53.406423: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:30:53.406447: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:30:53.406460: | #1 IKEv2 local address change Aug 26 13:30:53.407998: | #1 no interface for 192.1.8.22:500 try to initialize Aug 26 13:30:53.408505: | Inspecting interface lo Aug 26 13:30:53.408527: | found lo with address 127.0.0.1 Aug 26 13:30:53.408541: | Inspecting interface eth0 Aug 26 13:30:53.408551: | found eth0 with address 192.0.3.254 Aug 26 13:30:53.408559: | Inspecting interface eth1 Aug 26 13:30:53.408567: | found eth1 with address 192.1.8.22 Aug 26 13:30:53.408654: "northnet-eastnet" #1: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Aug 26 13:30:53.408703: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:53.408713: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:53.408723: "northnet-eastnet" #1: adding interface eth1/eth1 192.1.8.22:4500 Aug 26 13:30:53.408910: | no interfaces to sort Aug 26 13:30:53.408924: | add_fd_read_event_handler: new ethX-pe@0x563350cb43b8 Aug 26 13:30:53.408940: | libevent_malloc: new ptr-libevent@0x7f6638002888 size 128 Aug 26 13:30:53.408949: | libevent_malloc: new ptr-libevent@0x563350caf798 size 16 Aug 26 13:30:53.408966: | setup callback for interface eth1 192.1.8.22:4500 fd 23 Aug 26 13:30:53.408973: | add_fd_read_event_handler: new ethX-pe@0x563350cb4428 Aug 26 13:30:53.408982: | libevent_malloc: new ptr-libevent@0x563350cac1f8 size 128 Aug 26 13:30:53.408988: | libevent_malloc: new ptr-libevent@0x563350caf6a8 size 16 Aug 26 13:30:53.408998: | setup callback for interface eth1 192.1.8.22:500 fd 16 Aug 26 13:30:53.409012: | libevent_free: release ptr-libevent@0x563350c9b448 Aug 26 13:30:53.409019: | free_event_entry: release EVENT_NULL-pe@0x563350ca7128 Aug 26 13:30:53.409025: | add_fd_read_event_handler: new ethX-pe@0x563350ca7128 Aug 26 13:30:53.409031: | libevent_malloc: new ptr-libevent@0x563350c9b448 size 128 Aug 26 13:30:53.409041: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:53.409052: | libevent_free: release ptr-libevent@0x563350c37298 Aug 26 13:30:53.409058: | free_event_entry: release EVENT_NULL-pe@0x563350ca71d8 Aug 26 13:30:53.409064: | add_fd_read_event_handler: new ethX-pe@0x563350ca71d8 Aug 26 13:30:53.409069: | libevent_malloc: new ptr-libevent@0x563350c37298 size 128 Aug 26 13:30:53.409079: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:53.409087: | libevent_free: release ptr-libevent@0x563350c39138 Aug 26 13:30:53.409093: | free_event_entry: release EVENT_NULL-pe@0x563350ca7288 Aug 26 13:30:53.409098: | add_fd_read_event_handler: new ethX-pe@0x563350ca7288 Aug 26 13:30:53.409104: | libevent_malloc: new ptr-libevent@0x563350c39138 size 128 Aug 26 13:30:53.409114: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:30:53.409121: | libevent_free: release ptr-libevent@0x563350c36288 Aug 26 13:30:53.409127: | free_event_entry: release EVENT_NULL-pe@0x563350ca7338 Aug 26 13:30:53.409132: | add_fd_read_event_handler: new ethX-pe@0x563350ca7338 Aug 26 13:30:53.409145: | libevent_malloc: new ptr-libevent@0x563350c36288 size 128 Aug 26 13:30:53.409156: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:30:53.409167: | libevent_free: release ptr-libevent@0x563350c074e8 Aug 26 13:30:53.409173: | free_event_entry: release EVENT_NULL-pe@0x563350ca73e8 Aug 26 13:30:53.409178: | add_fd_read_event_handler: new ethX-pe@0x563350ca73e8 Aug 26 13:30:53.409184: | libevent_malloc: new ptr-libevent@0x563350c074e8 size 128 Aug 26 13:30:53.409193: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:30:53.409201: | libevent_free: release ptr-libevent@0x563350c071d8 Aug 26 13:30:53.409209: | free_event_entry: release EVENT_NULL-pe@0x563350ca7498 Aug 26 13:30:53.409215: | add_fd_read_event_handler: new ethX-pe@0x563350ca7498 Aug 26 13:30:53.409220: | libevent_malloc: new ptr-libevent@0x563350c071d8 size 128 Aug 26 13:30:53.409230: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:30:53.409241: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23 and gateway 192.1.8.254 Aug 26 13:30:53.409247: | Opening output PBS mobike informational request Aug 26 13:30:53.409254: | **emit ISAKMP Message: Aug 26 13:30:53.409266: | initiator cookie: Aug 26 13:30:53.409271: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:53.409277: | responder cookie: Aug 26 13:30:53.409282: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.409298: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:53.409316: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.409327: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.409341: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:53.409347: | Message ID: 2 (0x2) Aug 26 13:30:53.409354: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:53.409361: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:53.409368: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.409373: | flags: none (0x0) Aug 26 13:30:53.409380: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:53.409386: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.409394: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:53.409427: | Adding a v2N Payload Aug 26 13:30:53.409433: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.409439: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.409444: | flags: none (0x0) Aug 26 13:30:53.409449: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.409454: | SPI size: 0 (0x0) Aug 26 13:30:53.409460: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:53.409467: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.409474: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.409480: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:53.409486: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:53.409527: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:53.409534: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:53.409539: | natd_hash: rcookie= 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.409544: | natd_hash: ip= c0 01 08 16 Aug 26 13:30:53.409549: | natd_hash: port=500 Aug 26 13:30:53.409555: | natd_hash: hash= c6 96 80 75 e5 78 a0 78 34 8f b0 06 7a 52 e4 07 Aug 26 13:30:53.409560: | natd_hash: hash= cb 25 e5 63 Aug 26 13:30:53.409565: | Adding a v2N Payload Aug 26 13:30:53.409571: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.409576: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.409581: | flags: none (0x0) Aug 26 13:30:53.409586: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.409597: | SPI size: 0 (0x0) Aug 26 13:30:53.409603: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.409610: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.409616: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.409623: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.409629: | Notify data c6 96 80 75 e5 78 a0 78 34 8f b0 06 7a 52 e4 07 Aug 26 13:30:53.409634: | Notify data cb 25 e5 63 Aug 26 13:30:53.409640: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.409653: | natd_hash: hasher=0x563350222800(20) Aug 26 13:30:53.409659: | natd_hash: icookie= 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:53.409664: | natd_hash: rcookie= 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.409669: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:53.409674: | natd_hash: port=500 Aug 26 13:30:53.409679: | natd_hash: hash= f3 d5 eb 5d 4e b6 fb f3 c3 09 a2 2a 1f 18 87 bd Aug 26 13:30:53.409684: | natd_hash: hash= 6d 16 15 14 Aug 26 13:30:53.409689: | Adding a v2N Payload Aug 26 13:30:53.409694: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.409699: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.409705: | flags: none (0x0) Aug 26 13:30:53.409710: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.409715: | SPI size: 0 (0x0) Aug 26 13:30:53.409720: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.409727: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.409733: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.409740: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.409745: | Notify data f3 d5 eb 5d 4e b6 fb f3 c3 09 a2 2a 1f 18 87 bd Aug 26 13:30:53.409750: | Notify data 6d 16 15 14 Aug 26 13:30:53.409755: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.409761: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:53.409769: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:53.409775: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:53.409781: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 13:30:53.409787: | emitting length of ISAKMP Message: 121 Aug 26 13:30:53.409832: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:53.409839: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.409844: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 13:30:53.409849: | 66 df 54 6c 8c 07 9a ca 39 aa e0 fa c7 d5 70 54 Aug 26 13:30:53.409854: | 78 36 58 b1 a4 c2 4d de b9 ec d7 68 6d ee 7c b0 Aug 26 13:30:53.409859: | b9 9a 13 18 bd 1d 19 8b 05 46 72 59 13 7b f4 10 Aug 26 13:30:53.409864: | 38 77 81 af fb 71 63 45 09 c7 3f f2 04 3d b9 ff Aug 26 13:30:53.409869: | dd 7f d5 76 06 89 6e b0 ba a9 0c 9a 7e eb 47 48 Aug 26 13:30:53.409874: | ee 00 89 91 68 51 a5 88 d3 Aug 26 13:30:53.410020: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:53.410040: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 13:30:53.410049: | libevent_free: release ptr-libevent@0x563350cab9d8 Aug 26 13:30:53.410056: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x563350cabe58 Aug 26 13:30:53.410071: | #1 spent 3.57 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:30:53.410088: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:30:53.412565: | spent 0.00763 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:53.412645: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:30:53.412661: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.412670: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 13:30:53.412679: | d0 31 0d 3b d8 c9 6d 4e e4 de 56 f6 79 50 bc e9 Aug 26 13:30:53.412688: | fd ed 3c 3b 5f 46 ca 78 b2 f0 a0 9a 9f 40 a3 3e Aug 26 13:30:53.412696: | d6 0d 32 a5 83 44 2a 7b fa 4d 40 2a 74 45 db 36 Aug 26 13:30:53.412705: | d8 fe 5e d1 3d cc 7d 2b 3c b8 4d 8d 88 70 cd 58 Aug 26 13:30:53.412713: | e3 21 7f 55 ba 53 32 5c a0 74 05 5b e2 e7 97 4f Aug 26 13:30:53.412721: | 08 Aug 26 13:30:53.412738: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:53.412752: | **parse ISAKMP Message: Aug 26 13:30:53.412762: | initiator cookie: Aug 26 13:30:53.412771: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:30:53.412780: | responder cookie: Aug 26 13:30:53.412788: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:30:53.412798: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:53.412808: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.412817: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.412828: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:53.412837: | Message ID: 2 (0x2) Aug 26 13:30:53.412847: | length: 113 (0x71) Aug 26 13:30:53.412858: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:53.412870: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:30:53.412884: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:30:53.412906: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:53.412922: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:53.412933: | #1 is idle Aug 26 13:30:53.412942: | #1 idle Aug 26 13:30:53.412950: | unpacking clear payload Aug 26 13:30:53.412961: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:53.412972: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:53.412982: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.412992: | flags: none (0x0) Aug 26 13:30:53.413001: | length: 85 (0x55) Aug 26 13:30:53.413011: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 13:30:53.413021: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:30:53.413070: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:53.413084: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.413095: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.413105: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.413115: | flags: none (0x0) Aug 26 13:30:53.413124: | length: 28 (0x1c) Aug 26 13:30:53.413133: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.413142: | SPI size: 0 (0x0) Aug 26 13:30:53.413152: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.413162: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.413171: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.413181: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.413191: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.413200: | flags: none (0x0) Aug 26 13:30:53.413209: | length: 28 (0x1c) Aug 26 13:30:53.413219: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.413227: | SPI size: 0 (0x0) Aug 26 13:30:53.413236: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.413246: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.413254: | selected state microcode I3: Informational Request Aug 26 13:30:53.413275: | Now let's proceed with state specific processing Aug 26 13:30:53.413281: | calling processor I3: Informational Request Aug 26 13:30:53.413301: | an informational response Aug 26 13:30:53.413317: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 13:30:53.413329: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 13:30:53.413343: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 13:30:53.413357: | initiator migrate kernel SA esp.4920f818@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Aug 26 13:30:53.413481: | initiator migrate kernel SA esp.f798fcd6@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Aug 26 13:30:53.413547: | initiator migrate kernel SA esp.f798fcd6@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Aug 26 13:30:53.413575: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 13:30:53.413590: | free hp@0x563350ca9498 Aug 26 13:30:53.413602: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:53.413608: | new hp@0x563350ca9498 Aug 26 13:30:53.413616: | running updown command "ipsec _updown" for verb up Aug 26 13:30:53.413622: | command executing up-client Aug 26 13:30:53.413677: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:30:53.413685: | popen cmd is 1062 chars long Aug 26 13:30:53.413691: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 13:30:53.413697: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Aug 26 13:30:53.413703: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 13:30:53.413709: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:30:53.413714: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 13:30:53.413720: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 13:30:53.413725: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 13:30:53.413730: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_PO: Aug 26 13:30:53.413736: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Aug 26 13:30:53.413741: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Aug 26 13:30:53.413747: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Aug 26 13:30:53.413752: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Aug 26 13:30:53.413758: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf798f: Aug 26 13:30:53.413763: | cmd(1040):cd6 ipsec _updown 2>&1: Aug 26 13:30:53.434036: | running updown command "ipsec _updown" for verb route Aug 26 13:30:53.434064: | command executing route-client Aug 26 13:30:53.434110: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 13:30:53.434117: | popen cmd is 1065 chars long Aug 26 13:30:53.434121: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:30:53.434125: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Aug 26 13:30:53.434128: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 13:30:53.434131: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 13:30:53.434135: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 13:30:53.434138: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:30:53.434141: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:30:53.434144: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN: Aug 26 13:30:53.434148: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Aug 26 13:30:53.434151: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 13:30:53.434154: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 13:30:53.434158: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 13:30:53.434161: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf7: Aug 26 13:30:53.434164: | cmd(1040):98fcd6 ipsec _updown 2>&1: Aug 26 13:30:53.448631: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:53.448651: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Aug 26 13:30:53.448655: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 13:30:53.448665: | #1 spent 1.86 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 13:30:53.448671: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:53.448674: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:30:53.448677: | Message ID: updating counters for #1 to 2 after switching state Aug 26 13:30:53.448682: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 13:30:53.448685: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:53.448688: | STATE_PARENT_I3: PARENT SA established Aug 26 13:30:53.448692: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:53.448700: | #1 spent 2.59 milliseconds in ikev2_process_packet() Aug 26 13:30:53.448705: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:53.448713: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:53.448716: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:53.448719: | spent 2.61 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:53.448738: | processing signal PLUTO_SIGCHLD Aug 26 13:30:53.448743: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:53.448747: | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:53.448749: | processing signal PLUTO_SIGCHLD Aug 26 13:30:53.448752: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:53.448754: | spent 0.00293 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:00.976135: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:00.976154: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:31:00.976159: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:00.976165: | get_sa_info esp.f798fcd6@192.1.8.22 Aug 26 13:31:00.976179: | get_sa_info esp.4920f818@192.1.2.23 Aug 26 13:31:00.976194: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:00.976199: | spent 0.0715 milliseconds in whack Aug 26 13:31:01.269827: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:01.269997: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:01.270003: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:01.270072: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:31:01.270076: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:01.270089: | get_sa_info esp.f798fcd6@192.1.8.22 Aug 26 13:31:01.270106: | get_sa_info esp.4920f818@192.1.2.23 Aug 26 13:31:01.270127: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:01.270135: | spent 0.316 milliseconds in whack Aug 26 13:31:01.549120: | spent 0.00254 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:01.549160: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:31:01.549166: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.549171: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:01.549174: | 1d 4d bd 31 f5 99 48 11 f3 9a ab d4 8f 32 94 fe Aug 26 13:31:01.549177: | 8d f9 38 d9 fd 80 f8 85 ca db e7 0b 7f ee 0c 62 Aug 26 13:31:01.549180: | e2 19 d1 34 02 Aug 26 13:31:01.549187: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:31:01.549192: | **parse ISAKMP Message: Aug 26 13:31:01.549195: | initiator cookie: Aug 26 13:31:01.549198: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:31:01.549201: | responder cookie: Aug 26 13:31:01.549203: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.549207: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:01.549210: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:01.549214: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:01.549218: | flags: none (0x0) Aug 26 13:31:01.549221: | Message ID: 0 (0x0) Aug 26 13:31:01.549224: | length: 69 (0x45) Aug 26 13:31:01.549228: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:01.549232: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:01.549235: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:01.549240: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:01.549242: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:01.549245: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:01.549250: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:31:01.549253: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 13:31:01.549255: | unpacking clear payload Aug 26 13:31:01.549257: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:01.549259: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:01.549261: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:01.549262: | flags: none (0x0) Aug 26 13:31:01.549264: | length: 41 (0x29) Aug 26 13:31:01.549266: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:31:01.549269: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:31:01.549271: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:01.549295: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:01.549301: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:01.549304: | **parse IKEv2 Delete Payload: Aug 26 13:31:01.549306: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.549307: | flags: none (0x0) Aug 26 13:31:01.549309: | length: 12 (0xc) Aug 26 13:31:01.549311: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:01.549312: | SPI size: 4 (0x4) Aug 26 13:31:01.549314: | number of SPIs: 1 (0x1) Aug 26 13:31:01.549316: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:31:01.549317: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:01.549319: | Now let's proceed with state specific processing Aug 26 13:31:01.549321: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:01.549323: | an informational request should send a response Aug 26 13:31:01.549370: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:01.549372: | **emit ISAKMP Message: Aug 26 13:31:01.549374: | initiator cookie: Aug 26 13:31:01.549376: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:31:01.549377: | responder cookie: Aug 26 13:31:01.549379: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.549381: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:01.549382: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:01.549384: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:01.549386: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:01.549388: | Message ID: 0 (0x0) Aug 26 13:31:01.549390: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:01.549392: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:01.549406: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.549408: | flags: none (0x0) Aug 26 13:31:01.549410: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:01.549412: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:01.549414: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:01.549424: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:31:01.549425: | SPI 49 20 f8 18 Aug 26 13:31:01.549427: | delete PROTO_v2_ESP SA(0x4920f818) Aug 26 13:31:01.549429: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:31:01.549431: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:31:01.549433: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x4920f818) Aug 26 13:31:01.549435: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:31:01.549438: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:01.549441: | libevent_free: release ptr-libevent@0x563350cae5c8 Aug 26 13:31:01.549445: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f6638002b78 Aug 26 13:31:01.549447: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f6638002b78 Aug 26 13:31:01.549451: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:31:01.549454: | libevent_malloc: new ptr-libevent@0x563350cb47c8 size 128 Aug 26 13:31:01.549456: | ****emit IKEv2 Delete Payload: Aug 26 13:31:01.549458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.549459: | flags: none (0x0) Aug 26 13:31:01.549461: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:01.549462: | SPI size: 4 (0x4) Aug 26 13:31:01.549464: | number of SPIs: 1 (0x1) Aug 26 13:31:01.549466: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:01.549468: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:01.549470: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:31:01.549472: | local SPIs f7 98 fc d6 Aug 26 13:31:01.549473: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:31:01.549475: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:01.549477: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:01.549479: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:01.549481: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:31:01.549483: | emitting length of ISAKMP Message: 69 Aug 26 13:31:01.549512: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:31:01.549514: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.549516: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:01.549517: | 09 a5 5c c6 b1 3e 52 e1 a6 7c 2b 80 3b 3f b2 c2 Aug 26 13:31:01.549519: | 2d 10 32 78 06 05 61 a7 64 1a bb 56 71 ad 21 ae Aug 26 13:31:01.549520: | 3a 32 f4 de 16 Aug 26 13:31:01.549545: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:01.549563: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:01.549568: | #1 spent 0.231 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:31:01.549586: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:01.549589: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:31:01.549591: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:31:01.549594: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:31:01.549597: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:31:01.549599: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:31:01.549602: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:01.549605: | #1 spent 0.442 milliseconds in ikev2_process_packet() Aug 26 13:31:01.549607: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:31:01.549610: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:01.549612: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:01.549614: | spent 0.452 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:01.549620: | timer_event_cb: processing event@0x7f6638002b78 Aug 26 13:31:01.549622: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:31:01.549629: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:01.549637: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:01.549640: | replacing stale CHILD SA Aug 26 13:31:01.549645: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:31:01.549648: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:31:01.549651: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:31:01.549656: | creating state object #3 at 0x563350cb4878 Aug 26 13:31:01.549659: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:31:01.549669: | pstats #3 ikev2.child started Aug 26 13:31:01.549685: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Aug 26 13:31:01.549690: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:31:01.549700: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:31:01.549706: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:01.549711: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:01.549715: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:31:01.549719: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:31:01.549724: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Aug 26 13:31:01.549729: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:31:01.549735: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:01.549740: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:01.549746: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:31:01.549749: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x563350cabe58 Aug 26 13:31:01.549753: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:31:01.549757: | libevent_malloc: new ptr-libevent@0x563350cae5c8 size 128 Aug 26 13:31:01.549763: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:31:01.549767: | event_schedule: new EVENT_SA_EXPIRE-pe@0x563350cb4498 Aug 26 13:31:01.549771: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:31:01.549775: | libevent_malloc: new ptr-libevent@0x563350cb4668 size 128 Aug 26 13:31:01.549778: | libevent_free: release ptr-libevent@0x563350cb47c8 Aug 26 13:31:01.549782: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f6638002b78 Aug 26 13:31:01.549787: | #2 spent 0.165 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:31:01.549790: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:01.549795: | timer_event_cb: processing event@0x563350cabe58 Aug 26 13:31:01.549813: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:31:01.549818: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:31:01.549823: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:31:01.549825: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6638002b78 Aug 26 13:31:01.549827: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:31:01.549829: | libevent_malloc: new ptr-libevent@0x563350cb47c8 size 128 Aug 26 13:31:01.549835: | libevent_free: release ptr-libevent@0x563350cae5c8 Aug 26 13:31:01.549839: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x563350cabe58 Aug 26 13:31:01.549843: | #3 spent 0.0466 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:31:01.549845: | crypto helper 2 resuming Aug 26 13:31:01.549845: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:31:01.549862: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:31:01.549872: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:31:01.549863: | timer_event_cb: processing event@0x563350cb4498 Aug 26 13:31:01.549885: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:31:01.549888: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:01.549891: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:01.549892: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:31:01.549894: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:31:01.549896: | pstats #2 ikev2.child deleted completed Aug 26 13:31:01.549898: | #2 spent 2.71 milliseconds in total Aug 26 13:31:01.549901: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:01.549904: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 17.865s and NOT sending notification Aug 26 13:31:01.549906: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:31:01.549909: | get_sa_info esp.4920f818@192.1.2.23 Aug 26 13:31:01.549920: | get_sa_info esp.f798fcd6@192.1.8.22 Aug 26 13:31:01.549926: "northnet-eastnet" #2: ESP traffic information: in=168B out=168B Aug 26 13:31:01.549929: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:31:01.549978: | running updown command "ipsec _updown" for verb down Aug 26 13:31:01.549985: | command executing down-client Aug 26 13:31:01.550020: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 13:31:01.550025: | popen cmd is 1064 chars long Aug 26 13:31:01.550028: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 13:31:01.550032: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Aug 26 13:31:01.550036: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:31:01.550040: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:31:01.550043: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:31:01.550047: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:31:01.550050: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:31:01.550053: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_: Aug 26 13:31:01.550059: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Aug 26 13:31:01.550062: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 13:31:01.550066: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 13:31:01.550069: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 13:31:01.550073: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4920f818 SPI_OUT=0xf79: Aug 26 13:31:01.550076: | cmd(1040):8fcd6 ipsec _updown 2>&1: Aug 26 13:31:01.550812: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.00094 seconds Aug 26 13:31:01.550831: | (#3) spent 0.95 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:31:01.550835: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:31:01.550839: | scheduling resume sending helper answer for #3 Aug 26 13:31:01.550843: | libevent_malloc: new ptr-libevent@0x7f6634002888 size 128 Aug 26 13:31:01.550857: | crypto helper 2 waiting (nothing to do) Aug 26 13:31:01.559480: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:31:01.559494: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:01.559500: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:01.559507: | IPsec Sa SPD priority set to 1042407 Aug 26 13:31:01.559546: | delete esp.4920f818@192.1.2.23 Aug 26 13:31:01.559563: | netlink response for Del SA esp.4920f818@192.1.2.23 included non-error error Aug 26 13:31:01.559569: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:01.559578: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 13:31:01.559606: | raw_eroute result=success Aug 26 13:31:01.559611: | delete esp.f798fcd6@192.1.8.22 Aug 26 13:31:01.559624: | netlink response for Del SA esp.f798fcd6@192.1.8.22 included non-error error Aug 26 13:31:01.559636: | in connection_discard for connection northnet-eastnet Aug 26 13:31:01.559640: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:31:01.559645: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:01.559653: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:01.559669: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:31:01.559673: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:31:01.559679: | libevent_free: release ptr-libevent@0x563350cb4668 Aug 26 13:31:01.559683: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x563350cb4498 Aug 26 13:31:01.559687: | in statetime_stop() and could not find #2 Aug 26 13:31:01.559690: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:01.559710: | spent 0.00302 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:01.559729: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 13:31:01.559734: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.559737: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:31:01.559739: | 2f af 37 1c 3c bc 64 a8 7e fc 64 d8 62 0a e5 0f Aug 26 13:31:01.559742: | f6 f5 c9 d2 bf 66 bf f4 a7 cd 0b 41 c8 95 c7 67 Aug 26 13:31:01.559744: | da Aug 26 13:31:01.559750: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:31:01.559754: | **parse ISAKMP Message: Aug 26 13:31:01.559758: | initiator cookie: Aug 26 13:31:01.559760: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:31:01.559763: | responder cookie: Aug 26 13:31:01.559765: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.559769: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:01.559772: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:01.559777: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:01.559782: | flags: none (0x0) Aug 26 13:31:01.559784: | Message ID: 1 (0x1) Aug 26 13:31:01.559787: | length: 65 (0x41) Aug 26 13:31:01.559790: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:01.559794: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:01.559797: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:01.559804: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:01.559807: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:01.559811: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:01.559814: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:31:01.559819: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 13:31:01.559822: | unpacking clear payload Aug 26 13:31:01.559824: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:01.559827: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:01.559830: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:01.559833: | flags: none (0x0) Aug 26 13:31:01.559835: | length: 37 (0x25) Aug 26 13:31:01.559838: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:31:01.559843: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:31:01.559846: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:01.559869: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:01.559873: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:01.559876: | **parse IKEv2 Delete Payload: Aug 26 13:31:01.559879: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.559882: | flags: none (0x0) Aug 26 13:31:01.559884: | length: 8 (0x8) Aug 26 13:31:01.559887: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:31:01.559889: | SPI size: 0 (0x0) Aug 26 13:31:01.559892: | number of SPIs: 0 (0x0) Aug 26 13:31:01.559894: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:31:01.559897: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:01.559900: | Now let's proceed with state specific processing Aug 26 13:31:01.559902: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:01.559906: | an informational request should send a response Aug 26 13:31:01.559933: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:01.559938: | **emit ISAKMP Message: Aug 26 13:31:01.559942: | initiator cookie: Aug 26 13:31:01.559945: | 4d 32 ac ac c7 3d 7a d4 Aug 26 13:31:01.559948: | responder cookie: Aug 26 13:31:01.559951: | 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.559954: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:01.559958: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:01.559961: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:01.559965: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:01.559967: | Message ID: 1 (0x1) Aug 26 13:31:01.559971: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:01.559974: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:01.559977: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.559979: | flags: none (0x0) Aug 26 13:31:01.559983: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:01.559986: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:01.559991: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:01.560007: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:01.560012: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:01.560016: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:01.560019: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:31:01.560022: | emitting length of ISAKMP Message: 57 Aug 26 13:31:01.560045: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 13:31:01.560049: | 4d 32 ac ac c7 3d 7a d4 15 7e 08 72 b6 ba 33 73 Aug 26 13:31:01.560051: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:31:01.560054: | 22 69 96 0d 7b 06 56 94 36 42 01 85 a1 aa 4a ea Aug 26 13:31:01.560056: | 79 f0 8e bb 8c f5 6e 75 52 Aug 26 13:31:01.560110: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:01.560120: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:01.560125: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:31:01.560129: | pstats #3 ikev2.child deleted other Aug 26 13:31:01.560133: | #3 spent 0.0466 milliseconds in total Aug 26 13:31:01.560138: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:01.560143: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:01.560148: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.010s and NOT sending notification Aug 26 13:31:01.560151: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:31:01.560155: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:31:01.560158: | libevent_free: release ptr-libevent@0x563350cb47c8 Aug 26 13:31:01.560163: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6638002b78 Aug 26 13:31:01.560167: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:01.560175: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 13:31:01.560189: | raw_eroute result=success Aug 26 13:31:01.560193: | in connection_discard for connection northnet-eastnet Aug 26 13:31:01.560197: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:31:01.560204: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:01.560210: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:01.560215: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:01.560219: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:31:01.560223: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:31:01.560226: | pstats #1 ikev2.ike deleted completed Aug 26 13:31:01.560231: | #1 spent 15.2 milliseconds in total Aug 26 13:31:01.560236: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:01.560240: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 17.883s and NOT sending notification Aug 26 13:31:01.560243: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:31:01.560314: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:01.560326: | libevent_free: release ptr-libevent@0x7f6630000f48 Aug 26 13:31:01.560332: | free_event_entry: release EVENT_SA_REKEY-pe@0x563350cabce8 Aug 26 13:31:01.560335: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:01.560341: | picked newest_isakmp_sa #0 for #1 Aug 26 13:31:01.560344: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:01.560347: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Aug 26 13:31:01.560351: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:31:01.560355: | in connection_discard for connection northnet-eastnet Aug 26 13:31:01.560359: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:31:01.560362: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:31:01.560395: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:01.560423: | in statetime_stop() and could not find #1 Aug 26 13:31:01.560427: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:01.560432: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:31:01.560435: | STF_OK but no state object remains Aug 26 13:31:01.560438: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:01.560441: | in statetime_stop() and could not find #1 Aug 26 13:31:01.560446: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:31:01.560449: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:01.560452: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:01.560457: | spent 0.689 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:01.560465: | processing resume sending helper answer for #3 Aug 26 13:31:01.560470: | crypto helper 2 replies to request ID 3 Aug 26 13:31:01.560473: | calling continuation function 0x56335014db50 Aug 26 13:31:01.560476: | work-order 3 state #3 crypto result suppressed Aug 26 13:31:01.560488: | (#3) spent 0.017 milliseconds in resume sending helper answer Aug 26 13:31:01.560493: | libevent_free: release ptr-libevent@0x7f6634002888 Aug 26 13:31:01.560497: | processing signal PLUTO_SIGCHLD Aug 26 13:31:01.560504: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:01.560509: | spent 0.00699 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:01.560515: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:31:01.560520: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Aug 26 13:31:01.560524: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:31:01.560529: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:31:01.560533: | connection 'northnet-eastnet' +POLICY_UP Aug 26 13:31:01.560537: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:31:01.560540: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:31:01.560546: | creating state object #4 at 0x563350cae968 Aug 26 13:31:01.560549: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:31:01.560555: | pstats #4 ikev2.ike started Aug 26 13:31:01.560559: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:31:01.560562: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:31:01.560568: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:31:01.560574: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:31:01.560579: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:31:01.560583: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:31:01.560588: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Aug 26 13:31:01.560594: "northnet-eastnet" #4: initiating v2 parent SA Aug 26 13:31:01.560611: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:31:01.560617: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:31:01.560621: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f6630002fc8 Aug 26 13:31:01.560625: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:31:01.560628: | libevent_malloc: new ptr-libevent@0x563350cb4668 size 128 Aug 26 13:31:01.560639: | #4 spent 0.109 milliseconds in ikev2_parent_outI1() Aug 26 13:31:01.560644: | crypto helper 4 resuming Aug 26 13:31:01.560644: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:31:01.560657: | crypto helper 4 starting work-order 4 for state #4 Aug 26 13:31:01.560660: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:31:01.560662: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:31:01.560664: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:31:01.560670: | spent 0.146 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:31:01.561647: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000984 seconds Aug 26 13:31:01.561661: | (#4) spent 0.987 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:31:01.561665: | crypto helper 4 sending results from work-order 4 for state #4 to event queue Aug 26 13:31:01.561669: | scheduling resume sending helper answer for #4 Aug 26 13:31:01.561672: | libevent_malloc: new ptr-libevent@0x7f6628002888 size 128 Aug 26 13:31:01.561681: | crypto helper 4 waiting (nothing to do) Aug 26 13:31:01.561717: | processing resume sending helper answer for #4 Aug 26 13:31:01.561727: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:31:01.561731: | crypto helper 4 replies to request ID 4 Aug 26 13:31:01.561733: | calling continuation function 0x56335014db50 Aug 26 13:31:01.561735: | ikev2_parent_outI1_continue for #4 Aug 26 13:31:01.561740: | **emit ISAKMP Message: Aug 26 13:31:01.561742: | initiator cookie: Aug 26 13:31:01.561743: | 02 a3 11 5c d1 f8 a2 06 Aug 26 13:31:01.561745: | responder cookie: Aug 26 13:31:01.561747: | 00 00 00 00 00 00 00 00 Aug 26 13:31:01.561749: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:01.561751: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:01.561752: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:31:01.561755: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:31:01.561756: | Message ID: 0 (0x0) Aug 26 13:31:01.561758: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:01.561769: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:31:01.561773: | Emitting ikev2_proposals ... Aug 26 13:31:01.561775: | ***emit IKEv2 Security Association Payload: Aug 26 13:31:01.561777: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.561779: | flags: none (0x0) Aug 26 13:31:01.561781: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:31:01.561783: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.561785: | discarding INTEG=NONE Aug 26 13:31:01.561787: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:01.561789: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.561790: | prop #: 1 (0x1) Aug 26 13:31:01.561792: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:01.561794: | spi size: 0 (0x0) Aug 26 13:31:01.561795: | # transforms: 11 (0xb) Aug 26 13:31:01.561797: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:01.561799: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561803: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:01.561804: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:31:01.561806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561808: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:01.561810: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:01.561812: | length/value: 256 (0x100) Aug 26 13:31:01.561814: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:01.561816: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561817: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561819: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.561821: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:01.561823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561827: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561828: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561830: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561831: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.561833: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:01.561835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561839: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561840: | discarding INTEG=NONE Aug 26 13:31:01.561842: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561847: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:01.561849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561850: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561853: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561855: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561858: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561860: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:01.561862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561864: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561865: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561867: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561870: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561872: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:01.561874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561878: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561889: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:01.561891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561895: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561904: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:01.561907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561913: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561915: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561923: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:01.561926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561932: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561935: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561943: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:01.561946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561953: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561956: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.561959: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:01.561961: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.561964: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:01.561967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.561970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.561973: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.561975: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:31:01.561978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:01.561981: | discarding INTEG=NONE Aug 26 13:31:01.561983: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:01.561986: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.561988: | prop #: 2 (0x2) Aug 26 13:31:01.561991: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:01.561993: | spi size: 0 (0x0) Aug 26 13:31:01.561996: | # transforms: 11 (0xb) Aug 26 13:31:01.561999: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.562002: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:01.562005: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562010: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:01.562012: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:31:01.562015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562018: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:01.562021: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:01.562023: | length/value: 128 (0x80) Aug 26 13:31:01.562026: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:01.562029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562034: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562037: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:01.562040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562045: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562048: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562049: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562051: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562052: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:01.562054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562059: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562061: | discarding INTEG=NONE Aug 26 13:31:01.562062: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562066: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562067: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:01.562069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562073: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562074: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562076: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562079: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:01.562081: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562085: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562086: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562091: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:01.562093: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562095: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562097: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562098: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562103: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:01.562105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562109: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562110: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562113: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562115: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:01.562117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562121: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562122: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562125: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562127: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:01.562129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562135: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562136: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562138: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562140: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562141: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:01.562143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562147: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562148: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562150: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:01.562152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562153: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:01.562155: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562159: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562161: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:31:01.562163: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:01.562164: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:01.562166: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.562168: | prop #: 3 (0x3) Aug 26 13:31:01.562169: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:01.562171: | spi size: 0 (0x0) Aug 26 13:31:01.562173: | # transforms: 13 (0xd) Aug 26 13:31:01.562175: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.562176: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:01.562178: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562181: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:01.562183: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:31:01.562185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562187: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:01.562189: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:01.562190: | length/value: 256 (0x100) Aug 26 13:31:01.562192: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:01.562193: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562197: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562198: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:01.562200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562204: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562206: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562210: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562211: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:01.562213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562217: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562219: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562222: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:01.562224: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:31:01.562226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562229: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562231: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562234: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:01.562236: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:31:01.562238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562239: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562241: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562243: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562248: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:01.562250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562253: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562255: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562260: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:01.562262: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562265: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562267: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562272: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:01.562274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562278: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562280: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562282: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562285: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562287: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:01.562295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562299: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562301: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562304: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562306: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:01.562308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562311: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562313: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562314: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562318: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:01.562320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562323: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562325: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562330: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:01.562332: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562333: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562335: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562337: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562338: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:01.562340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562342: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:01.562344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562347: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562349: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:31:01.562351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:01.562352: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:31:01.562355: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:31:01.562357: | prop #: 4 (0x4) Aug 26 13:31:01.562358: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:31:01.562360: | spi size: 0 (0x0) Aug 26 13:31:01.562362: | # transforms: 13 (0xd) Aug 26 13:31:01.562364: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:31:01.562366: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:31:01.562367: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562371: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:31:01.562372: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:31:01.562374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562376: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:31:01.562377: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:31:01.562379: | length/value: 128 (0x80) Aug 26 13:31:01.562381: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:31:01.562382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562386: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562387: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:31:01.562389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562391: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562393: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562394: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562398: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:31:01.562399: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:31:01.562401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562405: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562406: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562410: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:01.562411: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:31:01.562413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562419: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562422: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:31:01.562424: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:31:01.562425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562430: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562432: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562433: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562437: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:01.562439: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562440: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562442: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562444: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562449: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:31:01.562451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562456: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562461: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:31:01.562463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562465: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562466: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562468: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562471: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562473: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:31:01.562475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562478: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562480: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562483: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562485: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:31:01.562487: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562490: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562492: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562497: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:31:01.562499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562503: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562505: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562510: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:31:01.562512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562515: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:31:01.562518: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:31:01.562520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:31:01.562522: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:31:01.562524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:31:01.562526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:31:01.562527: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:31:01.562529: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:31:01.562531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:31:01.562533: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:31:01.562534: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:31:01.562536: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:31:01.562538: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.562540: | flags: none (0x0) Aug 26 13:31:01.562541: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:31:01.562544: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:31:01.562546: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.562548: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:31:01.562550: | ikev2 g^x 51 4c 87 e8 a5 1a 73 92 f0 3d ee c0 b1 71 d2 0f Aug 26 13:31:01.562552: | ikev2 g^x 73 c2 d2 a7 38 67 47 3d 7b 2f 54 c5 9b 9d 75 50 Aug 26 13:31:01.562553: | ikev2 g^x 9b f6 e9 bc 2d 0f 2c 9c dc 91 26 cb 8b e1 0d 50 Aug 26 13:31:01.562555: | ikev2 g^x 21 14 0f 80 31 c3 76 2e 2a f7 f2 16 c9 54 f6 ae Aug 26 13:31:01.562557: | ikev2 g^x 11 fd ab f3 7c e0 97 1c 55 18 fb da 22 51 e5 da Aug 26 13:31:01.562558: | ikev2 g^x 4b 1e 0b f0 6e 24 ff 81 db d9 95 e9 5b bd 4d cf Aug 26 13:31:01.562560: | ikev2 g^x 14 6c 63 5e aa 69 30 52 c8 d3 2c 6c dc 6a f2 33 Aug 26 13:31:01.562561: | ikev2 g^x f5 8d 3e cf 7e 86 1d ef 25 12 45 48 72 81 97 d0 Aug 26 13:31:01.562563: | ikev2 g^x 1d f1 ad 6f 4f c1 e8 9b a6 67 f7 c7 8b 47 da c7 Aug 26 13:31:01.562564: | ikev2 g^x c5 47 50 0b e7 ff 3a 48 da aa f1 6f b2 24 ed 74 Aug 26 13:31:01.562566: | ikev2 g^x 5c e2 bd 84 95 ac 3d 45 5c 3f 83 04 a1 04 db 22 Aug 26 13:31:01.562568: | ikev2 g^x 0e 54 8c b0 4f aa 2b 2c 02 d1 a9 48 4a 20 e0 73 Aug 26 13:31:01.562569: | ikev2 g^x c4 0b 99 21 7c 68 1d 59 70 30 74 b4 4c 3c b3 15 Aug 26 13:31:01.562571: | ikev2 g^x 39 5c ae 18 43 a5 87 56 aa 27 36 99 02 01 48 4b Aug 26 13:31:01.562572: | ikev2 g^x 61 5c c8 e2 1f 81 d6 a7 9b cf 3c 32 9c 21 f2 91 Aug 26 13:31:01.562575: | ikev2 g^x 6d 02 ff c6 4d 66 12 c7 71 76 0c 1c 4f 65 f6 9f Aug 26 13:31:01.562576: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:31:01.562578: | ***emit IKEv2 Nonce Payload: Aug 26 13:31:01.562580: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:31:01.562581: | flags: none (0x0) Aug 26 13:31:01.562584: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:31:01.562586: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:31:01.562587: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.562589: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:31:01.562591: | IKEv2 nonce 2f 18 a6 12 18 cb bd cd aa a7 d1 cf af bd 84 c6 Aug 26 13:31:01.562593: | IKEv2 nonce 4a ba 89 27 8e 89 92 73 d7 91 7c 0b 2c eb db d0 Aug 26 13:31:01.562594: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:31:01.562596: | Adding a v2N Payload Aug 26 13:31:01.562598: | ***emit IKEv2 Notify Payload: Aug 26 13:31:01.562600: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.562601: | flags: none (0x0) Aug 26 13:31:01.562603: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:01.562605: | SPI size: 0 (0x0) Aug 26 13:31:01.562606: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:31:01.562609: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:01.562610: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.562612: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:31:01.562615: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:31:01.562616: | natd_hash: rcookie is zero Aug 26 13:31:01.562627: | natd_hash: hasher=0x563350222800(20) Aug 26 13:31:01.562629: | natd_hash: icookie= 02 a3 11 5c d1 f8 a2 06 Aug 26 13:31:01.562630: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:31:01.562632: | natd_hash: ip= c0 01 08 16 Aug 26 13:31:01.562634: | natd_hash: port=500 Aug 26 13:31:01.562635: | natd_hash: hash= 46 d4 f6 b7 bb 67 f5 57 7d 6e 05 ff 70 6c 3c 04 Aug 26 13:31:01.562637: | natd_hash: hash= 73 12 56 32 Aug 26 13:31:01.562638: | Adding a v2N Payload Aug 26 13:31:01.562640: | ***emit IKEv2 Notify Payload: Aug 26 13:31:01.562642: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.562643: | flags: none (0x0) Aug 26 13:31:01.562645: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:01.562647: | SPI size: 0 (0x0) Aug 26 13:31:01.562648: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:31:01.562650: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:01.562652: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.562654: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:31:01.562656: | Notify data 46 d4 f6 b7 bb 67 f5 57 7d 6e 05 ff 70 6c 3c 04 Aug 26 13:31:01.562658: | Notify data 73 12 56 32 Aug 26 13:31:01.562659: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:31:01.562661: | natd_hash: rcookie is zero Aug 26 13:31:01.562665: | natd_hash: hasher=0x563350222800(20) Aug 26 13:31:01.562666: | natd_hash: icookie= 02 a3 11 5c d1 f8 a2 06 Aug 26 13:31:01.562668: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:31:01.562670: | natd_hash: ip= c0 01 02 17 Aug 26 13:31:01.562671: | natd_hash: port=500 Aug 26 13:31:01.562673: | natd_hash: hash= bf 1c ce f8 95 22 f8 df cb a4 ce 58 85 95 5f 70 Aug 26 13:31:01.562674: | natd_hash: hash= c9 ed 09 87 Aug 26 13:31:01.562676: | Adding a v2N Payload Aug 26 13:31:01.562678: | ***emit IKEv2 Notify Payload: Aug 26 13:31:01.562680: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:01.562682: | flags: none (0x0) Aug 26 13:31:01.562683: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:31:01.562685: | SPI size: 0 (0x0) Aug 26 13:31:01.562687: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:31:01.562689: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:31:01.562691: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:31:01.562692: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:31:01.562694: | Notify data bf 1c ce f8 95 22 f8 df cb a4 ce 58 85 95 5f 70 Aug 26 13:31:01.562696: | Notify data c9 ed 09 87 Aug 26 13:31:01.562697: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:31:01.562699: | emitting length of ISAKMP Message: 828 Aug 26 13:31:01.562704: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:31:01.562709: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:01.562712: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:31:01.562714: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:31:01.562716: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:31:01.562718: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:31:01.562721: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:31:01.562726: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:31:01.562729: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:31:01.562734: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Aug 26 13:31:01.562740: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Aug 26 13:31:01.562742: | 02 a3 11 5c d1 f8 a2 06 00 00 00 00 00 00 00 00 Aug 26 13:31:01.562743: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:31:01.562745: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:31:01.562747: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:31:01.562748: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:31:01.562750: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:31:01.562751: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:31:01.562753: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:31:01.562754: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:31:01.562756: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:31:01.562757: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:31:01.562759: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:31:01.562760: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:31:01.562762: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:31:01.562764: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:31:01.562765: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:31:01.562767: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:31:01.562768: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:31:01.562770: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:31:01.562771: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:31:01.562773: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:31:01.562775: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:31:01.562777: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:31:01.562781: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:31:01.562784: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:31:01.562786: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:31:01.562788: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:31:01.562790: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:31:01.562791: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:31:01.562793: | 28 00 01 08 00 0e 00 00 51 4c 87 e8 a5 1a 73 92 Aug 26 13:31:01.562795: | f0 3d ee c0 b1 71 d2 0f 73 c2 d2 a7 38 67 47 3d Aug 26 13:31:01.562796: | 7b 2f 54 c5 9b 9d 75 50 9b f6 e9 bc 2d 0f 2c 9c Aug 26 13:31:01.562798: | dc 91 26 cb 8b e1 0d 50 21 14 0f 80 31 c3 76 2e Aug 26 13:31:01.562799: | 2a f7 f2 16 c9 54 f6 ae 11 fd ab f3 7c e0 97 1c Aug 26 13:31:01.562801: | 55 18 fb da 22 51 e5 da 4b 1e 0b f0 6e 24 ff 81 Aug 26 13:31:01.562802: | db d9 95 e9 5b bd 4d cf 14 6c 63 5e aa 69 30 52 Aug 26 13:31:01.562804: | c8 d3 2c 6c dc 6a f2 33 f5 8d 3e cf 7e 86 1d ef Aug 26 13:31:01.562805: | 25 12 45 48 72 81 97 d0 1d f1 ad 6f 4f c1 e8 9b Aug 26 13:31:01.562807: | a6 67 f7 c7 8b 47 da c7 c5 47 50 0b e7 ff 3a 48 Aug 26 13:31:01.562809: | da aa f1 6f b2 24 ed 74 5c e2 bd 84 95 ac 3d 45 Aug 26 13:31:01.562810: | 5c 3f 83 04 a1 04 db 22 0e 54 8c b0 4f aa 2b 2c Aug 26 13:31:01.562812: | 02 d1 a9 48 4a 20 e0 73 c4 0b 99 21 7c 68 1d 59 Aug 26 13:31:01.562813: | 70 30 74 b4 4c 3c b3 15 39 5c ae 18 43 a5 87 56 Aug 26 13:31:01.562815: | aa 27 36 99 02 01 48 4b 61 5c c8 e2 1f 81 d6 a7 Aug 26 13:31:01.562816: | 9b cf 3c 32 9c 21 f2 91 6d 02 ff c6 4d 66 12 c7 Aug 26 13:31:01.562818: | 71 76 0c 1c 4f 65 f6 9f 29 00 00 24 2f 18 a6 12 Aug 26 13:31:01.562819: | 18 cb bd cd aa a7 d1 cf af bd 84 c6 4a ba 89 27 Aug 26 13:31:01.562821: | 8e 89 92 73 d7 91 7c 0b 2c eb db d0 29 00 00 08 Aug 26 13:31:01.562822: | 00 00 40 2e 29 00 00 1c 00 00 40 04 46 d4 f6 b7 Aug 26 13:31:01.562824: | bb 67 f5 57 7d 6e 05 ff 70 6c 3c 04 73 12 56 32 Aug 26 13:31:01.562825: | 00 00 00 1c 00 00 40 05 bf 1c ce f8 95 22 f8 df Aug 26 13:31:01.562827: | cb a4 ce 58 85 95 5f 70 c9 ed 09 87 Aug 26 13:31:01.562869: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:31:01.562873: | libevent_free: release ptr-libevent@0x563350cb4668 Aug 26 13:31:01.562876: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f6630002fc8 Aug 26 13:31:01.562878: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:31:01.562880: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:31:01.562883: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6630002fc8 Aug 26 13:31:01.562886: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 13:31:01.562889: | libevent_malloc: new ptr-libevent@0x563350ca9578 size 128 Aug 26 13:31:01.562894: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11547.305349 Aug 26 13:31:01.562898: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:31:01.562903: | #4 spent 1.15 milliseconds in resume sending helper answer Aug 26 13:31:01.562906: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:31:01.562908: | libevent_free: release ptr-libevent@0x7f6628002888 Aug 26 13:31:02.008515: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:02.008548: shutting down Aug 26 13:31:02.008556: | processing: RESET whack log_fd (was fd@24) (in exit_pluto() at plutomain.c:1825) Aug 26 13:31:02.008558: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:31:02.008560: forgetting secrets Aug 26 13:31:02.008564: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:31:02.008581: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 13:31:02.008586: | removing pending policy for no connection {0x563350c9a8d8} Aug 26 13:31:02.008604: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:02.008606: | pass 0 Aug 26 13:31:02.008608: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:02.008609: | state #4 Aug 26 13:31:02.008612: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:02.008616: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:02.008618: | pstats #4 ikev2.ike deleted other Aug 26 13:31:02.008622: | #4 spent 2.24 milliseconds in total Aug 26 13:31:02.008626: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:02.008629: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.448s and NOT sending notification Aug 26 13:31:02.008631: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:31:02.008634: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:31:02.008636: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:31:02.008639: | libevent_free: release ptr-libevent@0x563350ca9578 Aug 26 13:31:02.008642: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6630002fc8 Aug 26 13:31:02.008644: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:02.008646: | picked newest_isakmp_sa #0 for #4 Aug 26 13:31:02.008649: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:02.008651: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Aug 26 13:31:02.008653: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:31:02.008657: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:31:02.008659: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:31:02.008661: | in connection_discard for connection northnet-eastnet Aug 26 13:31:02.008663: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:31:02.008666: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:31:02.008695: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:02.008699: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:02.008701: | pass 1 Aug 26 13:31:02.008703: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:02.008706: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:31:02.008708: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:02.008710: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:02.008741: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 13:31:02.008763: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:31:02.008765: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:02.008767: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:02.008770: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 13:31:02.008772: | running updown command "ipsec _updown" for verb unroute Aug 26 13:31:02.008774: | command executing unroute-client Aug 26 13:31:02.008793: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 13:31:02.008797: | popen cmd is 1045 chars long Aug 26 13:31:02.008800: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:31:02.008802: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Aug 26 13:31:02.008803: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 13:31:02.008805: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 13:31:02.008807: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 13:31:02.008809: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:31:02.008810: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:31:02.008812: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:31:02.008814: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Aug 26 13:31:02.008815: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 13:31:02.008817: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 13:31:02.008819: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 13:31:02.008821: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 13:31:02.008822: | cmd(1040): 2>&1: Aug 26 13:31:02.021697: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021726: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021731: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021734: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021737: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021741: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021745: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021754: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021764: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021771: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021780: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021791: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021801: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021829: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021838: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021848: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021859: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021869: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021878: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021901: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021909: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021919: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021927: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.021937: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:02.026996: | free hp@0x563350ca9498 Aug 26 13:31:02.027011: | flush revival: connection 'northnet-eastnet' revival flushed Aug 26 13:31:02.027017: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:31:02.027030: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:31:02.027032: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:31:02.027039: shutting down interface eth1/eth1 192.1.8.22:4500 Aug 26 13:31:02.027041: shutting down interface eth1/eth1 192.1.8.22:500 Aug 26 13:31:02.027044: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:31:02.027046: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:31:02.027048: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:31:02.027049: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:31:02.027051: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:31:02.027053: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:31:02.027056: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:31:02.027067: | libevent_free: release ptr-libevent@0x7f6638002888 Aug 26 13:31:02.027069: | free_event_entry: release EVENT_NULL-pe@0x563350cb43b8 Aug 26 13:31:02.027077: | libevent_free: release ptr-libevent@0x563350cac1f8 Aug 26 13:31:02.027079: | free_event_entry: release EVENT_NULL-pe@0x563350cb4428 Aug 26 13:31:02.027085: | libevent_free: release ptr-libevent@0x563350c9b448 Aug 26 13:31:02.027087: | free_event_entry: release EVENT_NULL-pe@0x563350ca7128 Aug 26 13:31:02.027093: | libevent_free: release ptr-libevent@0x563350c37298 Aug 26 13:31:02.027095: | free_event_entry: release EVENT_NULL-pe@0x563350ca71d8 Aug 26 13:31:02.027101: | libevent_free: release ptr-libevent@0x563350c39138 Aug 26 13:31:02.027103: | free_event_entry: release EVENT_NULL-pe@0x563350ca7288 Aug 26 13:31:02.027108: | libevent_free: release ptr-libevent@0x563350c36288 Aug 26 13:31:02.027110: | free_event_entry: release EVENT_NULL-pe@0x563350ca7338 Aug 26 13:31:02.027115: | libevent_free: release ptr-libevent@0x563350c074e8 Aug 26 13:31:02.027117: | free_event_entry: release EVENT_NULL-pe@0x563350ca73e8 Aug 26 13:31:02.027121: | libevent_free: release ptr-libevent@0x563350c071d8 Aug 26 13:31:02.027123: | free_event_entry: release EVENT_NULL-pe@0x563350ca7498 Aug 26 13:31:02.027127: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:31:02.027475: | libevent_free: release ptr-libevent@0x563350c9b4f8 Aug 26 13:31:02.027482: | free_event_entry: release EVENT_NULL-pe@0x563350c8f238 Aug 26 13:31:02.027486: | libevent_free: release ptr-libevent@0x563350c39038 Aug 26 13:31:02.027489: | free_event_entry: release EVENT_NULL-pe@0x563350c8e6f8 Aug 26 13:31:02.027492: | libevent_free: release ptr-libevent@0x563350c72af8 Aug 26 13:31:02.027494: | free_event_entry: release EVENT_NULL-pe@0x563350c8f2a8 Aug 26 13:31:02.027497: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:31:02.027499: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:31:02.027501: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:31:02.027502: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:31:02.027504: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:31:02.027506: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:31:02.027507: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:31:02.027509: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:31:02.027511: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:31:02.027515: | libevent_free: release ptr-libevent@0x563350c367e8 Aug 26 13:31:02.027517: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:31:02.027519: | libevent_free: release ptr-libevent@0x563350ca6908 Aug 26 13:31:02.027521: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:31:02.027525: | libevent_free: release ptr-libevent@0x563350ca6a18 Aug 26 13:31:02.027527: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:31:02.027529: | libevent_free: release ptr-libevent@0x563350ca6c58 Aug 26 13:31:02.027531: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:31:02.027532: | releasing event base Aug 26 13:31:02.027542: | libevent_free: release ptr-libevent@0x563350ca6b28 Aug 26 13:31:02.027544: | libevent_free: release ptr-libevent@0x563350c89ae8 Aug 26 13:31:02.027546: | libevent_free: release ptr-libevent@0x563350c89a98 Aug 26 13:31:02.027548: | libevent_free: release ptr-libevent@0x563350c89a28 Aug 26 13:31:02.027550: | libevent_free: release ptr-libevent@0x563350c899e8 Aug 26 13:31:02.027552: | libevent_free: release ptr-libevent@0x563350ca6808 Aug 26 13:31:02.027554: | libevent_free: release ptr-libevent@0x563350ca6888 Aug 26 13:31:02.027555: | libevent_free: release ptr-libevent@0x563350c89c98 Aug 26 13:31:02.027557: | libevent_free: release ptr-libevent@0x563350c8e808 Aug 26 13:31:02.027558: | libevent_free: release ptr-libevent@0x563350c8f1f8 Aug 26 13:31:02.027560: | libevent_free: release ptr-libevent@0x563350caf6a8 Aug 26 13:31:02.027562: | libevent_free: release ptr-libevent@0x563350ca7508 Aug 26 13:31:02.027563: | libevent_free: release ptr-libevent@0x563350ca7458 Aug 26 13:31:02.027565: | libevent_free: release ptr-libevent@0x563350ca73a8 Aug 26 13:31:02.027566: | libevent_free: release ptr-libevent@0x563350ca72f8 Aug 26 13:31:02.027568: | libevent_free: release ptr-libevent@0x563350ca7248 Aug 26 13:31:02.027570: | libevent_free: release ptr-libevent@0x563350ca7198 Aug 26 13:31:02.027571: | libevent_free: release ptr-libevent@0x563350caf798 Aug 26 13:31:02.027573: | libevent_free: release ptr-libevent@0x563350c36948 Aug 26 13:31:02.027575: | libevent_free: release ptr-libevent@0x563350ca69d8 Aug 26 13:31:02.027576: | libevent_free: release ptr-libevent@0x563350ca68c8 Aug 26 13:31:02.027578: | libevent_free: release ptr-libevent@0x563350ca6848 Aug 26 13:31:02.027579: | libevent_free: release ptr-libevent@0x563350ca6ae8 Aug 26 13:31:02.027581: | libevent_free: release ptr-libevent@0x563350c35ad8 Aug 26 13:31:02.027583: | libevent_free: release ptr-libevent@0x563350c06908 Aug 26 13:31:02.027585: | libevent_free: release ptr-libevent@0x563350c06d38 Aug 26 13:31:02.027587: | libevent_free: release ptr-libevent@0x563350c35e48 Aug 26 13:31:02.027588: | releasing global libevent data Aug 26 13:31:02.027590: | libevent_free: release ptr-libevent@0x563350c02178 Aug 26 13:31:02.027592: | libevent_free: release ptr-libevent@0x563350c06cd8 Aug 26 13:31:02.027594: | libevent_free: release ptr-libevent@0x563350c06dd8 Aug 26 13:31:02.027622: leak detective found no leaks