Aug 26 13:30:41.308704: FIPS Product: YES Aug 26 13:30:41.308794: FIPS Kernel: NO Aug 26 13:30:41.308796: FIPS Mode: NO Aug 26 13:30:41.308798: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:30:41.308925: Initializing NSS Aug 26 13:30:41.308930: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:30:41.338838: NSS initialized Aug 26 13:30:41.338852: NSS crypto library initialized Aug 26 13:30:41.338856: FIPS HMAC integrity support [enabled] Aug 26 13:30:41.338858: FIPS mode disabled for pluto daemon Aug 26 13:30:41.369970: FIPS HMAC integrity verification self-test FAILED Aug 26 13:30:41.370055: libcap-ng support [enabled] Aug 26 13:30:41.370061: Linux audit support [enabled] Aug 26 13:30:41.370079: Linux audit activated Aug 26 13:30:41.370084: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8029 Aug 26 13:30:41.370086: core dump dir: /tmp Aug 26 13:30:41.370088: secrets file: /etc/ipsec.secrets Aug 26 13:30:41.370090: leak-detective enabled Aug 26 13:30:41.370091: NSS crypto [enabled] Aug 26 13:30:41.370092: XAUTH PAM support [enabled] Aug 26 13:30:41.370147: | libevent is using pluto's memory allocator Aug 26 13:30:41.370153: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:30:41.370164: | libevent_malloc: new ptr-libevent@0x561bd55158b8 size 40 Aug 26 13:30:41.370170: | libevent_malloc: new ptr-libevent@0x561bd5514cd8 size 40 Aug 26 13:30:41.370172: | libevent_malloc: new ptr-libevent@0x561bd5514dd8 size 40 Aug 26 13:30:41.370174: | creating event base Aug 26 13:30:41.370176: | libevent_malloc: new ptr-libevent@0x561bd5597328 size 56 Aug 26 13:30:41.370179: | libevent_malloc: new ptr-libevent@0x561bd5543e68 size 664 Aug 26 13:30:41.370187: | libevent_malloc: new ptr-libevent@0x561bd5597398 size 24 Aug 26 13:30:41.370189: | libevent_malloc: new ptr-libevent@0x561bd55973e8 size 384 Aug 26 13:30:41.370197: | libevent_malloc: new ptr-libevent@0x561bd55972e8 size 16 Aug 26 13:30:41.370198: | libevent_malloc: new ptr-libevent@0x561bd5514908 size 40 Aug 26 13:30:41.370200: | libevent_malloc: new ptr-libevent@0x561bd5514d38 size 48 Aug 26 13:30:41.370203: | libevent_realloc: new ptr-libevent@0x561bd5543af8 size 256 Aug 26 13:30:41.370207: | libevent_malloc: new ptr-libevent@0x561bd5597598 size 16 Aug 26 13:30:41.370211: | libevent_free: release ptr-libevent@0x561bd5597328 Aug 26 13:30:41.370214: | libevent initialized Aug 26 13:30:41.370216: | libevent_realloc: new ptr-libevent@0x561bd5597328 size 64 Aug 26 13:30:41.370220: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:30:41.370231: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:30:41.370233: NAT-Traversal support [enabled] Aug 26 13:30:41.370234: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:30:41.370239: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:30:41.370241: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:30:41.370265: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:30:41.370268: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:30:41.370270: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:30:41.370314: Encryption algorithms: Aug 26 13:30:41.370321: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:30:41.370324: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:30:41.370327: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:30:41.370329: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:30:41.370331: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:30:41.370338: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:30:41.370341: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:30:41.370343: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:30:41.370345: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:30:41.370347: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:30:41.370350: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:30:41.370352: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:30:41.370354: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:30:41.370356: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:30:41.370359: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:30:41.370361: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:30:41.370363: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:30:41.370367: Hash algorithms: Aug 26 13:30:41.370369: MD5 IKEv1: IKE IKEv2: Aug 26 13:30:41.370371: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:30:41.370373: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:30:41.370375: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:30:41.370377: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:30:41.370387: PRF algorithms: Aug 26 13:30:41.370389: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:30:41.370391: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:30:41.370394: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:30:41.370396: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:30:41.370398: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:30:41.370399: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:30:41.370416: Integrity algorithms: Aug 26 13:30:41.370418: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:30:41.370420: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:30:41.370423: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:30:41.370425: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:30:41.370428: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:30:41.370429: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:30:41.370432: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:30:41.370433: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:30:41.370435: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:30:41.370443: DH algorithms: Aug 26 13:30:41.370445: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:30:41.370447: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:30:41.370449: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:30:41.370452: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:30:41.370454: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:30:41.370456: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:30:41.370458: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:30:41.370460: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:30:41.370462: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:30:41.370463: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:30:41.370465: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:30:41.370467: testing CAMELLIA_CBC: Aug 26 13:30:41.370469: Camellia: 16 bytes with 128-bit key Aug 26 13:30:41.370554: Camellia: 16 bytes with 128-bit key Aug 26 13:30:41.370573: Camellia: 16 bytes with 256-bit key Aug 26 13:30:41.370591: Camellia: 16 bytes with 256-bit key Aug 26 13:30:41.370608: testing AES_GCM_16: Aug 26 13:30:41.370610: empty string Aug 26 13:30:41.370628: one block Aug 26 13:30:41.370646: two blocks Aug 26 13:30:41.370662: two blocks with associated data Aug 26 13:30:41.370678: testing AES_CTR: Aug 26 13:30:41.370680: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:30:41.370696: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:30:41.370713: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:30:41.370731: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:30:41.370747: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:30:41.370763: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:30:41.370780: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:30:41.370796: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:30:41.370813: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:30:41.370830: testing AES_CBC: Aug 26 13:30:41.370831: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:30:41.370850: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:30:41.370868: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:30:41.370885: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:30:41.370905: testing AES_XCBC: Aug 26 13:30:41.370907: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:30:41.370981: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:30:41.371061: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:30:41.371136: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:30:41.371212: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:30:41.371287: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:30:41.371375: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:30:41.371544: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:30:41.371623: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:30:41.371704: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:30:41.371845: testing HMAC_MD5: Aug 26 13:30:41.371848: RFC 2104: MD5_HMAC test 1 Aug 26 13:30:41.371953: RFC 2104: MD5_HMAC test 2 Aug 26 13:30:41.372046: RFC 2104: MD5_HMAC test 3 Aug 26 13:30:41.372195: 8 CPU cores online Aug 26 13:30:41.372199: starting up 7 crypto helpers Aug 26 13:30:41.372230: started thread for crypto helper 0 Aug 26 13:30:41.372263: | starting up helper thread 0 Aug 26 13:30:41.372281: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:30:41.372284: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:41.372299: started thread for crypto helper 1 Aug 26 13:30:41.372305: | starting up helper thread 1 Aug 26 13:30:41.372320: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:30:41.372323: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:41.372337: started thread for crypto helper 2 Aug 26 13:30:41.372360: started thread for crypto helper 3 Aug 26 13:30:41.372381: started thread for crypto helper 4 Aug 26 13:30:41.372385: | starting up helper thread 4 Aug 26 13:30:41.372402: | starting up helper thread 3 Aug 26 13:30:41.372420: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:30:41.372436: | crypto helper 4 waiting (nothing to do) Aug 26 13:30:41.372429: started thread for crypto helper 5 Aug 26 13:30:41.372410: | starting up helper thread 2 Aug 26 13:30:41.372439: | starting up helper thread 5 Aug 26 13:30:41.372442: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:30:41.372460: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:30:41.372449: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:30:41.372468: | crypto helper 3 waiting (nothing to do) Aug 26 13:30:41.372480: | starting up helper thread 6 Aug 26 13:30:41.372473: started thread for crypto helper 6 Aug 26 13:30:41.372486: | crypto helper 5 waiting (nothing to do) Aug 26 13:30:41.372492: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:30:41.372511: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:41.372501: | checking IKEv1 state table Aug 26 13:30:41.372520: | crypto helper 6 waiting (nothing to do) Aug 26 13:30:41.372524: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372528: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:30:41.372531: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372534: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:30:41.372537: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:30:41.372540: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:30:41.372543: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:41.372546: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:41.372549: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:30:41.372552: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:30:41.372554: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:41.372557: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:41.372560: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:30:41.372563: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:41.372566: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:41.372569: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:41.372572: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:30:41.372575: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:41.372577: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:41.372580: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:41.372583: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:30:41.372586: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372589: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:30:41.372592: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372595: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372598: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:30:41.372601: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372604: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:41.372607: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:41.372610: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:30:41.372613: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:41.372615: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:41.372618: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:30:41.372621: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372624: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:30:41.372627: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372630: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:30:41.372633: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:30:41.372640: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:30:41.372643: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:30:41.372646: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:30:41.372649: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:30:41.372652: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:30:41.372655: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372658: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:30:41.372660: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372664: | INFO: category: informational flags: 0: Aug 26 13:30:41.372666: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372670: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:30:41.372672: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372675: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:30:41.372678: | -> XAUTH_R1 EVENT_NULL Aug 26 13:30:41.372681: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:30:41.372684: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:41.372687: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:30:41.372690: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:30:41.372693: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:30:41.372696: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:30:41.372699: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:30:41.372702: | -> UNDEFINED EVENT_NULL Aug 26 13:30:41.372705: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:30:41.372708: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:41.372711: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:30:41.372714: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:30:41.372717: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:30:41.372720: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:30:41.372726: | checking IKEv2 state table Aug 26 13:30:41.372733: | PARENT_I0: category: ignore flags: 0: Aug 26 13:30:41.372736: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:30:41.372740: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372743: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:30:41.372746: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:30:41.372750: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:30:41.372753: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:30:41.372756: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:30:41.372759: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:30:41.372762: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:30:41.372765: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:30:41.372769: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:30:41.372772: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:30:41.372775: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:30:41.372778: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:30:41.372780: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:30:41.372784: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372787: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:30:41.372790: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:30:41.372793: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:30:41.372797: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:30:41.372800: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:30:41.372803: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:30:41.372808: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:30:41.372811: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:30:41.372814: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:30:41.372817: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:30:41.372820: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:30:41.372824: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:30:41.372827: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:30:41.372830: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:30:41.372833: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:41.372837: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:30:41.372840: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:30:41.372843: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:30:41.372846: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:30:41.372850: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:30:41.372853: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:30:41.372856: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:30:41.372860: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:30:41.372863: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:41.372866: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:30:41.372870: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:30:41.372873: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:30:41.372876: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:30:41.372879: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:30:41.372883: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:30:41.372897: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:30:41.373340: | Hard-wiring algorithms Aug 26 13:30:41.373348: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:30:41.373353: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:30:41.373356: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:30:41.373359: | adding 3DES_CBC to kernel algorithm db Aug 26 13:30:41.373377: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:30:41.373380: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:30:41.373383: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:30:41.373386: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:30:41.373388: | adding AES_CTR to kernel algorithm db Aug 26 13:30:41.373391: | adding AES_CBC to kernel algorithm db Aug 26 13:30:41.373394: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:30:41.373397: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:30:41.373400: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:30:41.373403: | adding NULL to kernel algorithm db Aug 26 13:30:41.373406: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:30:41.373409: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:30:41.373412: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:30:41.373415: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:30:41.373418: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:30:41.373421: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:30:41.373424: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:30:41.373427: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:30:41.373430: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:30:41.373432: | adding NONE to kernel algorithm db Aug 26 13:30:41.373470: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:30:41.373477: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:30:41.373479: | setup kernel fd callback Aug 26 13:30:41.373484: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561bd559cba8 Aug 26 13:30:41.373489: | libevent_malloc: new ptr-libevent@0x561bd5580418 size 128 Aug 26 13:30:41.373493: | libevent_malloc: new ptr-libevent@0x561bd559c108 size 16 Aug 26 13:30:41.373499: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561bd559bff8 Aug 26 13:30:41.373503: | libevent_malloc: new ptr-libevent@0x561bd5546d68 size 128 Aug 26 13:30:41.373506: | libevent_malloc: new ptr-libevent@0x561bd559caf8 size 16 Aug 26 13:30:41.373757: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:30:41.373765: selinux support is enabled. Aug 26 13:30:41.374453: | unbound context created - setting debug level to 5 Aug 26 13:30:41.374482: | /etc/hosts lookups activated Aug 26 13:30:41.374496: | /etc/resolv.conf usage activated Aug 26 13:30:41.374559: | outgoing-port-avoid set 0-65535 Aug 26 13:30:41.374588: | outgoing-port-permit set 32768-60999 Aug 26 13:30:41.374591: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:30:41.374594: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:30:41.374597: | Setting up events, loop start Aug 26 13:30:41.374600: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561bd559cb38 Aug 26 13:30:41.374603: | libevent_malloc: new ptr-libevent@0x561bd55a8df8 size 128 Aug 26 13:30:41.374607: | libevent_malloc: new ptr-libevent@0x561bd55b4108 size 16 Aug 26 13:30:41.374612: | libevent_realloc: new ptr-libevent@0x561bd55b4148 size 256 Aug 26 13:30:41.374615: | libevent_malloc: new ptr-libevent@0x561bd55b4278 size 8 Aug 26 13:30:41.374618: | libevent_realloc: new ptr-libevent@0x561bd5546798 size 144 Aug 26 13:30:41.374621: | libevent_malloc: new ptr-libevent@0x561bd5548048 size 152 Aug 26 13:30:41.374625: | libevent_malloc: new ptr-libevent@0x561bd55b42b8 size 16 Aug 26 13:30:41.374629: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:30:41.374632: | libevent_malloc: new ptr-libevent@0x561bd55b42f8 size 8 Aug 26 13:30:41.374635: | libevent_malloc: new ptr-libevent@0x561bd55b4338 size 152 Aug 26 13:30:41.374638: | signal event handler PLUTO_SIGTERM installed Aug 26 13:30:41.374641: | libevent_malloc: new ptr-libevent@0x561bd55b4408 size 8 Aug 26 13:30:41.374643: | libevent_malloc: new ptr-libevent@0x561bd55b4448 size 152 Aug 26 13:30:41.374646: | signal event handler PLUTO_SIGHUP installed Aug 26 13:30:41.374649: | libevent_malloc: new ptr-libevent@0x561bd55b4518 size 8 Aug 26 13:30:41.374652: | libevent_realloc: release ptr-libevent@0x561bd5546798 Aug 26 13:30:41.374655: | libevent_realloc: new ptr-libevent@0x561bd55b4558 size 256 Aug 26 13:30:41.374658: | libevent_malloc: new ptr-libevent@0x561bd55b4688 size 152 Aug 26 13:30:41.374660: | signal event handler PLUTO_SIGSYS installed Aug 26 13:30:41.374978: | created addconn helper (pid:8093) using fork+execve Aug 26 13:30:41.374992: | forked child 8093 Aug 26 13:30:41.375036: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:41.375383: listening for IKE messages Aug 26 13:30:41.375767: | Inspecting interface lo Aug 26 13:30:41.375778: | found lo with address 127.0.0.1 Aug 26 13:30:41.375781: | Inspecting interface eth0 Aug 26 13:30:41.375786: | found eth0 with address 192.0.2.254 Aug 26 13:30:41.375790: | Inspecting interface eth1 Aug 26 13:30:41.375794: | found eth1 with address 192.1.2.23 Aug 26 13:30:41.375851: Kernel supports NIC esp-hw-offload Aug 26 13:30:41.375864: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:30:41.375915: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:41.375921: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:41.375925: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:30:41.375954: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:30:41.375973: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:41.375978: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:41.375982: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:30:41.376006: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:30:41.376025: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:41.376030: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:41.376034: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:30:41.376114: | no interfaces to sort Aug 26 13:30:41.376119: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:30:41.376128: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4bd8 Aug 26 13:30:41.376131: | libevent_malloc: new ptr-libevent@0x561bd55a8d48 size 128 Aug 26 13:30:41.376135: | libevent_malloc: new ptr-libevent@0x561bd55b4c48 size 16 Aug 26 13:30:41.376142: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:41.376146: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4c88 Aug 26 13:30:41.376150: | libevent_malloc: new ptr-libevent@0x561bd5546f68 size 128 Aug 26 13:30:41.376153: | libevent_malloc: new ptr-libevent@0x561bd55b4cf8 size 16 Aug 26 13:30:41.376158: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:41.376162: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4d38 Aug 26 13:30:41.376165: | libevent_malloc: new ptr-libevent@0x561bd5546e68 size 128 Aug 26 13:30:41.376168: | libevent_malloc: new ptr-libevent@0x561bd55b4da8 size 16 Aug 26 13:30:41.376173: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:30:41.376176: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4de8 Aug 26 13:30:41.376179: | libevent_malloc: new ptr-libevent@0x561bd5546698 size 128 Aug 26 13:30:41.376182: | libevent_malloc: new ptr-libevent@0x561bd55b4e58 size 16 Aug 26 13:30:41.376187: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:30:41.376190: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4e98 Aug 26 13:30:41.376194: | libevent_malloc: new ptr-libevent@0x561bd55154e8 size 128 Aug 26 13:30:41.376197: | libevent_malloc: new ptr-libevent@0x561bd55b4f08 size 16 Aug 26 13:30:41.376202: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:30:41.376205: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4f48 Aug 26 13:30:41.376209: | libevent_malloc: new ptr-libevent@0x561bd55151d8 size 128 Aug 26 13:30:41.376212: | libevent_malloc: new ptr-libevent@0x561bd55b4fb8 size 16 Aug 26 13:30:41.376216: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:30:41.376221: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:41.376224: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:41.376243: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:41.376256: | Processing PSK at line 1: passed Aug 26 13:30:41.376260: | certs and keys locked by 'process_secret' Aug 26 13:30:41.376264: | certs and keys unlocked by 'process_secret' Aug 26 13:30:41.376274: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:41.376281: | spent 1.25 milliseconds in whack Aug 26 13:30:41.392721: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:41.392746: listening for IKE messages Aug 26 13:30:41.392782: | Inspecting interface lo Aug 26 13:30:41.392789: | found lo with address 127.0.0.1 Aug 26 13:30:41.392793: | Inspecting interface eth0 Aug 26 13:30:41.392797: | found eth0 with address 192.0.2.254 Aug 26 13:30:41.392800: | Inspecting interface eth1 Aug 26 13:30:41.392804: | found eth1 with address 192.1.2.23 Aug 26 13:30:41.392861: | no interfaces to sort Aug 26 13:30:41.392869: | libevent_free: release ptr-libevent@0x561bd55a8d48 Aug 26 13:30:41.392871: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4bd8 Aug 26 13:30:41.392877: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4bd8 Aug 26 13:30:41.392880: | libevent_malloc: new ptr-libevent@0x561bd55a8d48 size 128 Aug 26 13:30:41.392885: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:41.392888: | libevent_free: release ptr-libevent@0x561bd5546f68 Aug 26 13:30:41.392890: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4c88 Aug 26 13:30:41.392892: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4c88 Aug 26 13:30:41.392893: | libevent_malloc: new ptr-libevent@0x561bd5546f68 size 128 Aug 26 13:30:41.392896: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:41.392899: | libevent_free: release ptr-libevent@0x561bd5546e68 Aug 26 13:30:41.392900: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4d38 Aug 26 13:30:41.392902: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4d38 Aug 26 13:30:41.392904: | libevent_malloc: new ptr-libevent@0x561bd5546e68 size 128 Aug 26 13:30:41.392907: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:30:41.392909: | libevent_free: release ptr-libevent@0x561bd5546698 Aug 26 13:30:41.392911: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4de8 Aug 26 13:30:41.392912: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4de8 Aug 26 13:30:41.392914: | libevent_malloc: new ptr-libevent@0x561bd5546698 size 128 Aug 26 13:30:41.392917: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:30:41.392920: | libevent_free: release ptr-libevent@0x561bd55154e8 Aug 26 13:30:41.392921: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4e98 Aug 26 13:30:41.392923: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4e98 Aug 26 13:30:41.392925: | libevent_malloc: new ptr-libevent@0x561bd55154e8 size 128 Aug 26 13:30:41.392928: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:30:41.392930: | libevent_free: release ptr-libevent@0x561bd55151d8 Aug 26 13:30:41.392932: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4f48 Aug 26 13:30:41.392934: | add_fd_read_event_handler: new ethX-pe@0x561bd55b4f48 Aug 26 13:30:41.392935: | libevent_malloc: new ptr-libevent@0x561bd55151d8 size 128 Aug 26 13:30:41.392938: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:30:41.392941: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:41.392942: forgetting secrets Aug 26 13:30:41.392948: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:41.392974: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:41.392981: | Processing PSK at line 1: passed Aug 26 13:30:41.392983: | certs and keys locked by 'process_secret' Aug 26 13:30:41.392985: | certs and keys unlocked by 'process_secret' Aug 26 13:30:41.392992: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:41.393009: | spent 0.296 milliseconds in whack Aug 26 13:30:41.393501: | processing signal PLUTO_SIGCHLD Aug 26 13:30:41.393515: | waitpid returned pid 8093 (exited with status 0) Aug 26 13:30:41.393518: | reaped addconn helper child (status 0) Aug 26 13:30:41.393522: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:41.393525: | spent 0.014 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:41.455438: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:41.455457: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:41.455460: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:41.455462: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:41.455463: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:41.455466: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:41.455497: | Added new connection eastnet-any with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:41.455536: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:30:41.455543: | from whack: got --esp=aes256-sha2 Aug 26 13:30:41.455553: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 13:30:41.455557: | counting wild cards for (none) is 15 Aug 26 13:30:41.455560: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:30:41.455564: | add new addresspool to global pools 192.0.3.10-192.0.3.19 size 10 ptr 0x561bd55a3c38 Aug 26 13:30:41.455568: | based upon policy, the connection is a template. Aug 26 13:30:41.455570: | reference addresspool of conn eastnet-any[0] kind CK_TEMPLATE refcnt 0 Aug 26 13:30:41.455575: | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none Aug 26 13:30:41.455577: | new hp@0x561bd55b6db8 Aug 26 13:30:41.455580: added connection description "eastnet-any" Aug 26 13:30:41.455588: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:41.455594: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[MS+S=C]...%any[+MC+S=C] Aug 26 13:30:41.455599: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:41.455604: | spent 0.174 milliseconds in whack Aug 26 13:30:43.170846: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.170876: | *received 828 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:30:43.170882: | 90 cc e3 db 95 f3 db f8 00 00 00 00 00 00 00 00 Aug 26 13:30:43.170885: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:30:43.170888: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.170890: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:30:43.170892: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:30:43.170895: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:30:43.170897: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:30:43.170900: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:30:43.170902: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:30:43.170909: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:30:43.170911: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:30:43.170914: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:30:43.170916: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:30:43.170919: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:30:43.170922: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:30:43.170924: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:30:43.170927: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:30:43.170929: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:30:43.170932: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:30:43.170934: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:30:43.170937: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:30:43.170939: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:30:43.170942: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:30:43.170944: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:30:43.170947: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:30:43.170949: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:30:43.170952: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:30:43.170954: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:30:43.170957: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:30:43.170960: | 28 00 01 08 00 0e 00 00 49 b0 8a 13 b9 69 8f 12 Aug 26 13:30:43.170962: | e8 12 53 1f f4 60 9c a1 c5 e6 b8 db 05 37 e5 03 Aug 26 13:30:43.170964: | 76 ac 6c f8 8b fc ad b8 76 c1 ba e8 f5 ee 71 4d Aug 26 13:30:43.170973: | c8 21 b0 51 95 b6 3b af 5f b8 c9 2e 76 e0 e3 84 Aug 26 13:30:43.170975: | c6 6a f6 b3 b0 01 77 5a 1c 23 a1 67 bf ba 92 ac Aug 26 13:30:43.170978: | e6 c8 18 e0 2a 3f 21 7b d2 a5 d0 6b dc 63 9a 79 Aug 26 13:30:43.170980: | 75 f7 40 6d 99 e9 f6 68 a1 9c 73 b7 b5 6b f5 3d Aug 26 13:30:43.170983: | 32 4a 2a 9d 69 9b 67 26 b5 f0 f5 bc 7f ce 4f 94 Aug 26 13:30:43.170986: | 79 18 67 68 59 ce 06 d7 4d fa e4 60 c9 9f e6 85 Aug 26 13:30:43.170988: | f7 a9 b9 55 d2 5f 7d 66 f6 d4 51 ad 21 fb 2b 2d Aug 26 13:30:43.170990: | 51 75 3b c7 78 1c 6f 1f 1e c0 c1 ac df ed 14 e6 Aug 26 13:30:43.170993: | ac 98 3c e2 fb 4c 08 39 4a 5d 01 53 2a 1f b3 8b Aug 26 13:30:43.170996: | 9d 0a a1 22 cb 26 e2 65 93 c5 46 6f f7 3c 85 b9 Aug 26 13:30:43.170998: | b5 21 79 4d ef 1e b2 34 8b 9c c8 40 13 51 0c 67 Aug 26 13:30:43.171001: | 77 6d 7f df 44 7a c5 27 7a 74 32 f7 60 36 2f 34 Aug 26 13:30:43.171004: | 2c ad aa b7 9e e6 f3 15 f7 1a c2 e6 ab a8 fe 12 Aug 26 13:30:43.171006: | 75 5a 00 f8 83 bb 1f 3c 29 00 00 24 20 88 af d8 Aug 26 13:30:43.171010: | 40 d2 bd 23 2b 49 fa bd 79 2c 2f 91 dc 0e a8 45 Aug 26 13:30:43.171012: | 58 ca 0f 27 5a 2d 0e 33 83 c4 88 57 29 00 00 08 Aug 26 13:30:43.171015: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e1 fd 64 63 Aug 26 13:30:43.171019: | 03 74 af c5 37 e3 ff cf b0 4f e1 2a 1a 1d cc 27 Aug 26 13:30:43.171021: | 00 00 00 1c 00 00 40 05 c3 54 1f 88 3b 3c 4e 6f Aug 26 13:30:43.171024: | 74 d1 c9 70 65 1b 27 ba 4e e8 cd 58 Aug 26 13:30:43.171031: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:30:43.171035: | **parse ISAKMP Message: Aug 26 13:30:43.171038: | initiator cookie: Aug 26 13:30:43.171041: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.171043: | responder cookie: Aug 26 13:30:43.171045: | 00 00 00 00 00 00 00 00 Aug 26 13:30:43.171047: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.171049: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.171050: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.171052: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.171054: | Message ID: 0 (0x0) Aug 26 13:30:43.171056: | length: 828 (0x33c) Aug 26 13:30:43.171058: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:30:43.171060: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:30:43.171063: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:30:43.171065: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.171067: | ***parse IKEv2 Security Association Payload: Aug 26 13:30:43.171069: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:30:43.171070: | flags: none (0x0) Aug 26 13:30:43.171072: | length: 436 (0x1b4) Aug 26 13:30:43.171074: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:30:43.171075: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:30:43.171077: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:30:43.171079: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:30:43.171081: | flags: none (0x0) Aug 26 13:30:43.171082: | length: 264 (0x108) Aug 26 13:30:43.171084: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.171085: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:30:43.171087: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.171089: | ***parse IKEv2 Nonce Payload: Aug 26 13:30:43.171090: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.171092: | flags: none (0x0) Aug 26 13:30:43.171093: | length: 36 (0x24) Aug 26 13:30:43.171095: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:30:43.171096: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.171098: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.171100: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.171101: | flags: none (0x0) Aug 26 13:30:43.171105: | length: 8 (0x8) Aug 26 13:30:43.171107: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.171108: | SPI size: 0 (0x0) Aug 26 13:30:43.171110: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.171112: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.171113: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.171115: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.171117: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.171119: | flags: none (0x0) Aug 26 13:30:43.171121: | length: 28 (0x1c) Aug 26 13:30:43.171124: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.171126: | SPI size: 0 (0x0) Aug 26 13:30:43.171129: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.171132: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.171135: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.171137: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.171140: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.171142: | flags: none (0x0) Aug 26 13:30:43.171145: | length: 28 (0x1c) Aug 26 13:30:43.171147: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.171150: | SPI size: 0 (0x0) Aug 26 13:30:43.171153: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.171156: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.171158: | DDOS disabled and no cookie sent, continuing Aug 26 13:30:43.171165: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171169: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:30:43.171172: | find_next_host_connection returns empty Aug 26 13:30:43.171177: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171182: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:30:43.171185: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:30:43.171189: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 13:30:43.171192: | find_next_host_connection returns empty Aug 26 13:30:43.171196: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:30:43.171201: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171204: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:30:43.171207: | find_next_host_connection returns empty Aug 26 13:30:43.171211: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171215: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:30:43.171218: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:30:43.171222: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 13:30:43.171224: | find_next_host_connection returns empty Aug 26 13:30:43.171228: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 13:30:43.171233: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171235: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:30:43.171236: | find_next_host_connection returns empty Aug 26 13:30:43.171239: | find_host_connection local=192.1.2.23:500 remote= policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 13:30:43.171241: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:30:43.171243: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:30:43.171245: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 13:30:43.171249: | find_next_host_connection returns eastnet-any Aug 26 13:30:43.171250: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:30:43.171252: | find_next_host_connection returns empty Aug 26 13:30:43.171253: | rw_instantiate Aug 26 13:30:43.171257: | reference addresspool of conn eastnet-any[1] kind CK_TEMPLATE refcnt 1 Aug 26 13:30:43.171262: | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none Aug 26 13:30:43.171265: | new hp@0x561bd55b8d08 Aug 26 13:30:43.171268: | rw_instantiate() instantiated "eastnet-any"[1] 192.1.3.209 for 192.1.3.209 Aug 26 13:30:43.171270: | found connection: eastnet-any[1] 192.1.3.209 with policy PSK+IKEV2_ALLOW Aug 26 13:30:43.171273: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:30:43.171312: | creating state object #1 at 0x561bd55b9258 Aug 26 13:30:43.171317: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:30:43.171323: | pstats #1 ikev2.ike started Aug 26 13:30:43.171326: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:30:43.171328: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:30:43.171332: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.171339: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.171341: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:30:43.171344: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:30:43.171346: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:30:43.171349: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:30:43.171352: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:30:43.171354: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:30:43.171356: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:30:43.171358: | Now let's proceed with state specific processing Aug 26 13:30:43.171359: | calling processor Respond to IKE_SA_INIT Aug 26 13:30:43.171364: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:43.171366: | constructing local IKE proposals for eastnet-any (IKE SA responder matching remote proposals) Aug 26 13:30:43.171372: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.171378: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.171380: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.171384: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.171386: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.171390: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.171392: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.171396: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.171405: "eastnet-any"[1] 192.1.3.209: constructed local IKE proposals for eastnet-any (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.171407: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:30:43.171411: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.171413: | local proposal 1 type PRF has 2 transforms Aug 26 13:30:43.171414: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.171416: | local proposal 1 type DH has 8 transforms Aug 26 13:30:43.171418: | local proposal 1 type ESN has 0 transforms Aug 26 13:30:43.171420: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.171422: | local proposal 2 type ENCR has 1 transforms Aug 26 13:30:43.171423: | local proposal 2 type PRF has 2 transforms Aug 26 13:30:43.171425: | local proposal 2 type INTEG has 1 transforms Aug 26 13:30:43.171427: | local proposal 2 type DH has 8 transforms Aug 26 13:30:43.171428: | local proposal 2 type ESN has 0 transforms Aug 26 13:30:43.171430: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.171432: | local proposal 3 type ENCR has 1 transforms Aug 26 13:30:43.171433: | local proposal 3 type PRF has 2 transforms Aug 26 13:30:43.171435: | local proposal 3 type INTEG has 2 transforms Aug 26 13:30:43.171437: | local proposal 3 type DH has 8 transforms Aug 26 13:30:43.171438: | local proposal 3 type ESN has 0 transforms Aug 26 13:30:43.171440: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.171442: | local proposal 4 type ENCR has 1 transforms Aug 26 13:30:43.171443: | local proposal 4 type PRF has 2 transforms Aug 26 13:30:43.171445: | local proposal 4 type INTEG has 2 transforms Aug 26 13:30:43.171447: | local proposal 4 type DH has 8 transforms Aug 26 13:30:43.171448: | local proposal 4 type ESN has 0 transforms Aug 26 13:30:43.171450: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.171452: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.171454: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.171456: | length: 100 (0x64) Aug 26 13:30:43.171458: | prop #: 1 (0x1) Aug 26 13:30:43.171459: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.171461: | spi size: 0 (0x0) Aug 26 13:30:43.171462: | # transforms: 11 (0xb) Aug 26 13:30:43.171465: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:30:43.171467: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171470: | length: 12 (0xc) Aug 26 13:30:43.171472: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.171473: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.171475: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.171477: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.171479: | length/value: 256 (0x100) Aug 26 13:30:43.171481: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.171483: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171488: | length: 8 (0x8) Aug 26 13:30:43.171489: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171491: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.171493: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:30:43.171495: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:30:43.171497: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:30:43.171499: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:30:43.171501: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171504: | length: 8 (0x8) Aug 26 13:30:43.171506: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171507: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.171509: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171512: | length: 8 (0x8) Aug 26 13:30:43.171514: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171516: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.171518: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:30:43.171520: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:30:43.171522: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:30:43.171524: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:30:43.171526: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171529: | length: 8 (0x8) Aug 26 13:30:43.171531: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171532: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.171534: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171537: | length: 8 (0x8) Aug 26 13:30:43.171539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171540: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.171542: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171545: | length: 8 (0x8) Aug 26 13:30:43.171547: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171548: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.171550: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171553: | length: 8 (0x8) Aug 26 13:30:43.171555: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171557: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.171558: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171561: | length: 8 (0x8) Aug 26 13:30:43.171563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171565: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.171566: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171570: | length: 8 (0x8) Aug 26 13:30:43.171571: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171573: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.171575: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171576: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.171578: | length: 8 (0x8) Aug 26 13:30:43.171580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171582: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.171584: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:30:43.171587: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:30:43.171589: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.171591: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.171593: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.171594: | length: 100 (0x64) Aug 26 13:30:43.171596: | prop #: 2 (0x2) Aug 26 13:30:43.171597: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.171599: | spi size: 0 (0x0) Aug 26 13:30:43.171601: | # transforms: 11 (0xb) Aug 26 13:30:43.171603: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:30:43.171605: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171608: | length: 12 (0xc) Aug 26 13:30:43.171609: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.171611: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.171613: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.171614: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.171616: | length/value: 128 (0x80) Aug 26 13:30:43.171618: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171621: | length: 8 (0x8) Aug 26 13:30:43.171623: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171624: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.171626: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171629: | length: 8 (0x8) Aug 26 13:30:43.171631: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171632: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.171634: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171637: | length: 8 (0x8) Aug 26 13:30:43.171639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171640: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.171642: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171645: | length: 8 (0x8) Aug 26 13:30:43.171647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171648: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.171650: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171653: | length: 8 (0x8) Aug 26 13:30:43.171655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171656: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.171658: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171660: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171661: | length: 8 (0x8) Aug 26 13:30:43.171663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171664: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.171666: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171669: | length: 8 (0x8) Aug 26 13:30:43.171671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171672: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.171674: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171680: | length: 8 (0x8) Aug 26 13:30:43.171681: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171683: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.171685: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171688: | length: 8 (0x8) Aug 26 13:30:43.171690: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171691: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.171693: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171695: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.171696: | length: 8 (0x8) Aug 26 13:30:43.171698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171699: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.171702: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:30:43.171704: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:30:43.171705: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.171707: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.171709: | length: 116 (0x74) Aug 26 13:30:43.171710: | prop #: 3 (0x3) Aug 26 13:30:43.171712: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.171713: | spi size: 0 (0x0) Aug 26 13:30:43.171715: | # transforms: 13 (0xd) Aug 26 13:30:43.171717: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:30:43.171718: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171720: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171721: | length: 12 (0xc) Aug 26 13:30:43.171723: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.171725: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.171726: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.171728: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.171729: | length/value: 256 (0x100) Aug 26 13:30:43.171731: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171734: | length: 8 (0x8) Aug 26 13:30:43.171736: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171738: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.171739: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171742: | length: 8 (0x8) Aug 26 13:30:43.171744: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171746: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.171747: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171749: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171750: | length: 8 (0x8) Aug 26 13:30:43.171752: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.171754: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.171755: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171758: | length: 8 (0x8) Aug 26 13:30:43.171760: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.171762: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.171763: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171766: | length: 8 (0x8) Aug 26 13:30:43.171768: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171770: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.171771: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171774: | length: 8 (0x8) Aug 26 13:30:43.171776: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171779: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.171780: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171783: | length: 8 (0x8) Aug 26 13:30:43.171785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171787: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.171788: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171791: | length: 8 (0x8) Aug 26 13:30:43.171793: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171795: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.171796: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171798: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171799: | length: 8 (0x8) Aug 26 13:30:43.171801: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171803: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.171804: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171807: | length: 8 (0x8) Aug 26 13:30:43.171809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171811: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.171812: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171815: | length: 8 (0x8) Aug 26 13:30:43.171817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171818: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.171820: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171822: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.171823: | length: 8 (0x8) Aug 26 13:30:43.171825: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171827: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.171829: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:30:43.171831: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:30:43.171833: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.171834: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.171836: | length: 116 (0x74) Aug 26 13:30:43.171837: | prop #: 4 (0x4) Aug 26 13:30:43.171839: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.171840: | spi size: 0 (0x0) Aug 26 13:30:43.171842: | # transforms: 13 (0xd) Aug 26 13:30:43.171844: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:30:43.171846: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171849: | length: 12 (0xc) Aug 26 13:30:43.171850: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.171852: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.171853: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.171855: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.171857: | length/value: 128 (0x80) Aug 26 13:30:43.171858: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171862: | length: 8 (0x8) Aug 26 13:30:43.171863: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171865: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.171866: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171868: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171870: | length: 8 (0x8) Aug 26 13:30:43.171871: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.171873: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.171875: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171879: | length: 8 (0x8) Aug 26 13:30:43.171880: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.171882: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.171884: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171887: | length: 8 (0x8) Aug 26 13:30:43.171888: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.171890: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.171892: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171895: | length: 8 (0x8) Aug 26 13:30:43.171896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171898: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.171900: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171903: | length: 8 (0x8) Aug 26 13:30:43.171906: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171908: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.171911: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171916: | length: 8 (0x8) Aug 26 13:30:43.171919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171922: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.171938: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171943: | length: 8 (0x8) Aug 26 13:30:43.171945: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171948: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.171950: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171955: | length: 8 (0x8) Aug 26 13:30:43.171957: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171960: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.171962: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171967: | length: 8 (0x8) Aug 26 13:30:43.171970: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171972: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.171975: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.171979: | length: 8 (0x8) Aug 26 13:30:43.171982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171984: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.171987: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.171990: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.171992: | length: 8 (0x8) Aug 26 13:30:43.171994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.171997: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.172001: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:30:43.172004: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:30:43.172009: "eastnet-any"[1] 192.1.3.209 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:30:43.172016: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:30:43.172019: | converting proposal to internal trans attrs Aug 26 13:30:43.172023: | natd_hash: rcookie is zero Aug 26 13:30:43.172037: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:43.172040: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.172043: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.172045: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.172048: | natd_hash: port=500 Aug 26 13:30:43.172050: | natd_hash: hash= c3 54 1f 88 3b 3c 4e 6f 74 d1 c9 70 65 1b 27 ba Aug 26 13:30:43.172053: | natd_hash: hash= 4e e8 cd 58 Aug 26 13:30:43.172055: | natd_hash: rcookie is zero Aug 26 13:30:43.172061: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:43.172064: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.172067: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.172069: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:43.172072: | natd_hash: port=500 Aug 26 13:30:43.172074: | natd_hash: hash= e1 fd 64 63 03 74 af c5 37 e3 ff cf b0 4f e1 2a Aug 26 13:30:43.172077: | natd_hash: hash= 1a 1d cc 27 Aug 26 13:30:43.172080: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:30:43.172082: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:30:43.172085: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:30:43.172089: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 Aug 26 13:30:43.172094: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:30:43.172098: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561bd55b8e38 Aug 26 13:30:43.172103: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.172106: | libevent_malloc: new ptr-libevent@0x561bd55bb5b8 size 128 Aug 26 13:30:43.172117: | #1 spent 0.754 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:30:43.172138: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.172140: | crypto helper 0 resuming Aug 26 13:30:43.172142: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:30:43.172153: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:30:43.172155: | suspending state #1 and saving MD Aug 26 13:30:43.172158: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:30:43.172159: | #1 is busy; has a suspended MD Aug 26 13:30:43.172169: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:43.172175: | "eastnet-any"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:43.172180: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.172186: | #1 spent 1.3 milliseconds in ikev2_process_packet() Aug 26 13:30:43.172190: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:30:43.172193: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.172196: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.172201: | spent 1.32 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.172961: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000801 seconds Aug 26 13:30:43.172984: | (#1) spent 0.819 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:30:43.172989: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:30:43.172992: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.172996: | libevent_malloc: new ptr-libevent@0x7f3264002888 size 128 Aug 26 13:30:43.173005: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.173014: | processing resume sending helper answer for #1 Aug 26 13:30:43.173028: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 13:30:43.173033: | crypto helper 0 replies to request ID 1 Aug 26 13:30:43.173036: | calling continuation function 0x561bd39deb50 Aug 26 13:30:43.173040: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:30:43.173074: | **emit ISAKMP Message: Aug 26 13:30:43.173079: | initiator cookie: Aug 26 13:30:43.173082: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173084: | responder cookie: Aug 26 13:30:43.173087: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173090: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.173093: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.173097: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.173100: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.173103: | Message ID: 0 (0x0) Aug 26 13:30:43.173106: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.173109: | Emitting ikev2_proposal ... Aug 26 13:30:43.173112: | ***emit IKEv2 Security Association Payload: Aug 26 13:30:43.173116: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173118: | flags: none (0x0) Aug 26 13:30:43.173122: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.173126: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173130: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.173133: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.173135: | prop #: 1 (0x1) Aug 26 13:30:43.173139: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.173141: | spi size: 0 (0x0) Aug 26 13:30:43.173144: | # transforms: 3 (0x3) Aug 26 13:30:43.173148: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.173151: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173157: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.173160: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.173164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.173167: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.173170: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.173173: | length/value: 256 (0x100) Aug 26 13:30:43.173177: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.173180: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173185: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.173188: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.173192: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.173198: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.173203: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173206: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.173209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.173212: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.173215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.173220: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.173223: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:30:43.173226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.173229: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:30:43.173232: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.173235: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:30:43.173238: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173240: | flags: none (0x0) Aug 26 13:30:43.173243: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.173246: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:30:43.173249: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173252: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:30:43.173255: | ikev2 g^x 87 42 ce bc 5f ec 45 4d 9a 2d 01 1b 0a 47 a5 85 Aug 26 13:30:43.173258: | ikev2 g^x f1 7c 3b 69 8a cc b4 77 4e af a3 72 e2 00 34 e5 Aug 26 13:30:43.173260: | ikev2 g^x 01 23 f0 78 b1 07 d6 e4 8d 5a 5d 1e 43 e4 ad d9 Aug 26 13:30:43.173261: | ikev2 g^x 32 f6 6a 25 76 1b fc c7 98 59 69 70 8a 2e 6e 59 Aug 26 13:30:43.173263: | ikev2 g^x 2a ee 6a a3 49 07 7f 3b 93 3f 8f fd 05 34 0d 62 Aug 26 13:30:43.173264: | ikev2 g^x 4f f3 f1 11 f0 ab 94 8f b1 91 81 ad 6b c1 07 fd Aug 26 13:30:43.173266: | ikev2 g^x 71 b2 77 bf b0 cb 3b 01 b1 10 4f 8a 6c bd f9 85 Aug 26 13:30:43.173268: | ikev2 g^x 5f 4b 4e 30 59 4c 2a 1f 09 e8 a9 a8 1c 88 91 b9 Aug 26 13:30:43.173269: | ikev2 g^x 77 e6 1f e8 09 f4 f2 5e 95 8f 57 99 c1 0b 3a 0d Aug 26 13:30:43.173271: | ikev2 g^x 4b 25 a9 a2 e4 03 d7 3a 41 a7 62 dd 7a 6f 64 d6 Aug 26 13:30:43.173272: | ikev2 g^x 4c e7 db 59 06 89 79 10 ad 29 8e d3 43 fe f9 6e Aug 26 13:30:43.173274: | ikev2 g^x af 16 8d 6d b5 17 aa 59 9e bf 06 40 81 6e be 08 Aug 26 13:30:43.173275: | ikev2 g^x 2e c3 c0 2a 74 3a 13 d5 a5 93 03 71 af ee 97 7b Aug 26 13:30:43.173277: | ikev2 g^x c0 2f 4c e9 5e 76 5d ff 8d 92 fe 00 2a ff 6a 76 Aug 26 13:30:43.173278: | ikev2 g^x aa 3b a3 0f 90 46 1b 8a c8 61 61 81 ba a9 fb f9 Aug 26 13:30:43.173280: | ikev2 g^x cd 09 36 e1 8c 01 c1 1d e4 f1 25 45 58 d7 dc b5 Aug 26 13:30:43.173281: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:30:43.173283: | ***emit IKEv2 Nonce Payload: Aug 26 13:30:43.173285: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.173287: | flags: none (0x0) Aug 26 13:30:43.173293: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:30:43.173300: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.173303: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173305: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:30:43.173308: | IKEv2 nonce c0 fc 88 59 95 3d 6e 31 66 09 b2 c3 4e ae 93 6e Aug 26 13:30:43.173312: | IKEv2 nonce 26 b3 62 44 57 77 e2 2e c7 c3 c7 d8 ca 30 82 d5 Aug 26 13:30:43.173314: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:30:43.173316: | Adding a v2N Payload Aug 26 13:30:43.173318: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.173320: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173322: | flags: none (0x0) Aug 26 13:30:43.173323: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173325: | SPI size: 0 (0x0) Aug 26 13:30:43.173327: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.173329: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.173331: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173333: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.173335: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:43.173343: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:43.173345: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173347: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173348: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.173350: | natd_hash: port=500 Aug 26 13:30:43.173352: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:43.173353: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:43.173355: | Adding a v2N Payload Aug 26 13:30:43.173356: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.173358: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173359: | flags: none (0x0) Aug 26 13:30:43.173361: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173363: | SPI size: 0 (0x0) Aug 26 13:30:43.173364: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.173366: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.173368: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173370: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.173372: | Notify data 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:43.173373: | Notify data cf 5f ab 58 Aug 26 13:30:43.173375: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.173379: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:43.173381: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173382: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173384: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:43.173385: | natd_hash: port=500 Aug 26 13:30:43.173387: | natd_hash: hash= 08 a2 42 f5 dd 14 8c 64 62 3e 92 1c a8 12 74 ac Aug 26 13:30:43.173388: | natd_hash: hash= b0 4d 55 33 Aug 26 13:30:43.173390: | Adding a v2N Payload Aug 26 13:30:43.173391: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.173393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173394: | flags: none (0x0) Aug 26 13:30:43.173396: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173397: | SPI size: 0 (0x0) Aug 26 13:30:43.173399: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.173401: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.173403: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.173405: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.173406: | Notify data 08 a2 42 f5 dd 14 8c 64 62 3e 92 1c a8 12 74 ac Aug 26 13:30:43.173408: | Notify data b0 4d 55 33 Aug 26 13:30:43.173410: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.173411: | emitting length of ISAKMP Message: 432 Aug 26 13:30:43.173417: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.173421: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:30:43.173423: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:30:43.173425: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:30:43.173427: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:30:43.173431: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:30:43.173434: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:43.173438: "eastnet-any"[1] 192.1.3.209 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:30:43.173441: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 13:30:43.173445: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:30:43.173446: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173448: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:30:43.173450: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.173451: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:30:43.173453: | 04 00 00 0e 28 00 01 08 00 0e 00 00 87 42 ce bc Aug 26 13:30:43.173454: | 5f ec 45 4d 9a 2d 01 1b 0a 47 a5 85 f1 7c 3b 69 Aug 26 13:30:43.173456: | 8a cc b4 77 4e af a3 72 e2 00 34 e5 01 23 f0 78 Aug 26 13:30:43.173457: | b1 07 d6 e4 8d 5a 5d 1e 43 e4 ad d9 32 f6 6a 25 Aug 26 13:30:43.173459: | 76 1b fc c7 98 59 69 70 8a 2e 6e 59 2a ee 6a a3 Aug 26 13:30:43.173460: | 49 07 7f 3b 93 3f 8f fd 05 34 0d 62 4f f3 f1 11 Aug 26 13:30:43.173462: | f0 ab 94 8f b1 91 81 ad 6b c1 07 fd 71 b2 77 bf Aug 26 13:30:43.173463: | b0 cb 3b 01 b1 10 4f 8a 6c bd f9 85 5f 4b 4e 30 Aug 26 13:30:43.173465: | 59 4c 2a 1f 09 e8 a9 a8 1c 88 91 b9 77 e6 1f e8 Aug 26 13:30:43.173466: | 09 f4 f2 5e 95 8f 57 99 c1 0b 3a 0d 4b 25 a9 a2 Aug 26 13:30:43.173468: | e4 03 d7 3a 41 a7 62 dd 7a 6f 64 d6 4c e7 db 59 Aug 26 13:30:43.173469: | 06 89 79 10 ad 29 8e d3 43 fe f9 6e af 16 8d 6d Aug 26 13:30:43.173471: | b5 17 aa 59 9e bf 06 40 81 6e be 08 2e c3 c0 2a Aug 26 13:30:43.173472: | 74 3a 13 d5 a5 93 03 71 af ee 97 7b c0 2f 4c e9 Aug 26 13:30:43.173474: | 5e 76 5d ff 8d 92 fe 00 2a ff 6a 76 aa 3b a3 0f Aug 26 13:30:43.173475: | 90 46 1b 8a c8 61 61 81 ba a9 fb f9 cd 09 36 e1 Aug 26 13:30:43.173477: | 8c 01 c1 1d e4 f1 25 45 58 d7 dc b5 29 00 00 24 Aug 26 13:30:43.173478: | c0 fc 88 59 95 3d 6e 31 66 09 b2 c3 4e ae 93 6e Aug 26 13:30:43.173480: | 26 b3 62 44 57 77 e2 2e c7 c3 c7 d8 ca 30 82 d5 Aug 26 13:30:43.173481: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:30:43.173483: | 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:43.173484: | cf 5f ab 58 00 00 00 1c 00 00 40 05 08 a2 42 f5 Aug 26 13:30:43.173486: | dd 14 8c 64 62 3e 92 1c a8 12 74 ac b0 4d 55 33 Aug 26 13:30:43.173535: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.173553: | libevent_free: release ptr-libevent@0x561bd55bb5b8 Aug 26 13:30:43.173556: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561bd55b8e38 Aug 26 13:30:43.173559: | event_schedule: new EVENT_SO_DISCARD-pe@0x561bd55b8e38 Aug 26 13:30:43.173563: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:30:43.173566: | libevent_malloc: new ptr-libevent@0x561bd55bc708 size 128 Aug 26 13:30:43.173569: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:43.173575: | #1 spent 0.512 milliseconds in resume sending helper answer Aug 26 13:30:43.173581: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 13:30:43.173586: | libevent_free: release ptr-libevent@0x7f3264002888 Aug 26 13:30:43.175883: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.175904: | *received 269 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:30:43.175908: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.175911: | 2e 20 23 08 00 00 00 01 00 00 01 0d 23 00 00 f1 Aug 26 13:30:43.175913: | 5c 8d 5b 3b 6b e5 fa 87 54 ba 31 ee 9d 9c e6 14 Aug 26 13:30:43.175916: | 92 73 0d 18 c4 17 96 47 46 ff 56 c5 eb 75 f5 d2 Aug 26 13:30:43.175917: | c3 05 40 31 30 c5 98 b4 cc 25 0a 7f 42 f8 c8 d4 Aug 26 13:30:43.175919: | 37 53 f0 e5 91 c6 df 7f fe 59 1b b4 fe 5c 9c 15 Aug 26 13:30:43.175920: | 7a f0 18 72 1d 09 92 a5 e3 2a 1b f3 74 ee 4a dd Aug 26 13:30:43.175922: | b9 95 65 82 fa 0b 7d ba 4c e1 fb 91 4c 03 e0 3f Aug 26 13:30:43.175923: | 14 a2 bb 2f 28 e8 86 d1 30 7f 1d 03 13 ef ed fe Aug 26 13:30:43.175925: | f8 47 4e 96 4e 9d 1d 36 15 98 be 43 96 d1 82 12 Aug 26 13:30:43.175926: | 43 1b e6 07 0f 5a 00 47 11 cf b0 f8 45 46 23 8d Aug 26 13:30:43.175928: | f8 33 1c b2 28 9b 0a ed 0e cd 24 54 04 71 85 84 Aug 26 13:30:43.175929: | a9 2b 9a 5d ca 44 0c 13 ac 54 10 a6 f7 da 70 5d Aug 26 13:30:43.175931: | d6 0e b5 ca 78 b1 24 bc 30 cb 36 1a 1e bc 87 5e Aug 26 13:30:43.175932: | 65 75 8e 4f 25 ac e5 6a 6c 4d 50 0c 5c 15 64 83 Aug 26 13:30:43.175934: | 78 9a 23 e3 95 e4 70 0a 7b 25 ef 2a 12 4c 45 13 Aug 26 13:30:43.175935: | bf 05 b9 0f 68 cf b1 34 39 19 7c 1b 61 Aug 26 13:30:43.175938: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:30:43.175941: | **parse ISAKMP Message: Aug 26 13:30:43.175943: | initiator cookie: Aug 26 13:30:43.175944: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.175946: | responder cookie: Aug 26 13:30:43.175947: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.175949: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:43.175951: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.175953: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.175955: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.175957: | Message ID: 1 (0x1) Aug 26 13:30:43.175958: | length: 269 (0x10d) Aug 26 13:30:43.175960: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:30:43.175962: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:30:43.175965: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:30:43.175970: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.175972: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:30:43.175975: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:30:43.175977: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:30:43.175980: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:30:43.175982: | unpacking clear payload Aug 26 13:30:43.175983: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:43.175985: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:43.175987: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:30:43.175989: | flags: none (0x0) Aug 26 13:30:43.175990: | length: 241 (0xf1) Aug 26 13:30:43.175992: | processing payload: ISAKMP_NEXT_v2SK (len=237) Aug 26 13:30:43.175995: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:30:43.175997: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:30:43.175999: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:30:43.176003: | Now let's proceed with state specific processing Aug 26 13:30:43.176005: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:30:43.176007: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:30:43.176010: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:30:43.176013: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:30:43.176014: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:30:43.176017: | libevent_free: release ptr-libevent@0x561bd55bc708 Aug 26 13:30:43.176019: | free_event_entry: release EVENT_SO_DISCARD-pe@0x561bd55b8e38 Aug 26 13:30:43.176021: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561bd55b8e38 Aug 26 13:30:43.176024: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.176026: | libevent_malloc: new ptr-libevent@0x7f3264002888 size 128 Aug 26 13:30:43.176033: | #1 spent 0.0246 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:30:43.176037: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.176039: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:30:43.176039: | crypto helper 1 resuming Aug 26 13:30:43.176041: | suspending state #1 and saving MD Aug 26 13:30:43.176052: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:30:43.176054: | #1 is busy; has a suspended MD Aug 26 13:30:43.176057: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:30:43.176058: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:43.176062: | "eastnet-any"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:43.176065: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.176068: | #1 spent 0.169 milliseconds in ikev2_process_packet() Aug 26 13:30:43.176071: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:30:43.176073: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.176075: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.176077: | spent 0.178 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.176734: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:30:43.177133: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001076 seconds Aug 26 13:30:43.177142: | (#1) spent 1.08 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:30:43.177145: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:30:43.177147: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.177149: | libevent_malloc: new ptr-libevent@0x7f325c000f48 size 128 Aug 26 13:30:43.177156: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.177166: | processing resume sending helper answer for #1 Aug 26 13:30:43.177180: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 13:30:43.177185: | crypto helper 1 replies to request ID 2 Aug 26 13:30:43.177188: | calling continuation function 0x561bd39deb50 Aug 26 13:30:43.177192: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:30:43.177196: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:30:43.177211: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:30:43.177215: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:30:43.177223: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:30:43.177227: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:30:43.177230: | flags: none (0x0) Aug 26 13:30:43.177232: | length: 12 (0xc) Aug 26 13:30:43.177235: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.177238: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 13:30:43.177241: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.177243: | **parse IKEv2 Authentication Payload: Aug 26 13:30:43.177246: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:30:43.177249: | flags: none (0x0) Aug 26 13:30:43.177251: | length: 72 (0x48) Aug 26 13:30:43.177255: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.177257: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:30:43.177260: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 13:30:43.177263: | **parse IKEv2 Configuration Payload: Aug 26 13:30:43.177266: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.177268: | flags: none (0x0) Aug 26 13:30:43.177271: | length: 28 (0x1c) Aug 26 13:30:43.177274: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 13:30:43.177277: | processing payload: ISAKMP_NEXT_v2CP (len=20) Aug 26 13:30:43.177279: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.177283: | **parse IKEv2 Security Association Payload: Aug 26 13:30:43.177286: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:30:43.177309: | flags: none (0x0) Aug 26 13:30:43.177315: | length: 44 (0x2c) Aug 26 13:30:43.177318: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:30:43.177321: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.177324: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.177326: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:30:43.177329: | flags: none (0x0) Aug 26 13:30:43.177331: | length: 24 (0x18) Aug 26 13:30:43.177334: | number of TS: 1 (0x1) Aug 26 13:30:43.177337: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:30:43.177339: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.177342: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.177344: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.177347: | flags: none (0x0) Aug 26 13:30:43.177349: | length: 24 (0x18) Aug 26 13:30:43.177352: | number of TS: 1 (0x1) Aug 26 13:30:43.177354: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:30:43.177357: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.177360: | **parse IKEv2 Notify Payload: Aug 26 13:30:43.177362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.177365: | flags: none (0x0) Aug 26 13:30:43.177367: | length: 8 (0x8) Aug 26 13:30:43.177370: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.177372: | SPI size: 0 (0x0) Aug 26 13:30:43.177375: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.177378: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.177381: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:30:43.177383: | Now let's proceed with state specific processing Aug 26 13:30:43.177386: | calling processor Responder: process IKE_AUTH request Aug 26 13:30:43.177394: "eastnet-any"[1] 192.1.3.209 #1: processing decrypted IKE_AUTH request: SK{IDi,AUTH,CP,SA,TSi,TSr,N} Aug 26 13:30:43.177401: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:43.177406: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Aug 26 13:30:43.177408: | peer ID c0 01 03 d1 Aug 26 13:30:43.177413: | refine_host_connection for IKEv2: starting with "eastnet-any"[1] 192.1.3.209 Aug 26 13:30:43.177419: | match_id a=192.1.3.209 Aug 26 13:30:43.177422: | b=192.1.3.209 Aug 26 13:30:43.177425: | results matched Aug 26 13:30:43.177431: | refine_host_connection: checking "eastnet-any"[1] 192.1.3.209 against "eastnet-any"[1] 192.1.3.209, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:30:43.177436: | Warning: not switching back to template of current instance Aug 26 13:30:43.177439: | No IDr payload received from peer Aug 26 13:30:43.177444: | refine_host_connection: checked eastnet-any[1] 192.1.3.209 against eastnet-any[1] 192.1.3.209, now for see if best Aug 26 13:30:43.177450: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.177453: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.177459: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 13:30:43.177463: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.177466: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.177469: | line 1: match=002 Aug 26 13:30:43.177472: | match 002 beats previous best_match 000 match=0x561bd5510c48 (line=1) Aug 26 13:30:43.177475: | concluding with best_match=002 best=0x561bd5510c48 (lineno=1) Aug 26 13:30:43.177478: | returning because exact peer id match Aug 26 13:30:43.177481: | offered CA: '%none' Aug 26 13:30:43.177486: "eastnet-any"[1] 192.1.3.209 #1: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.3.209' Aug 26 13:30:43.177490: | received v2N_MOBIKE_SUPPORTED while it did not sent Aug 26 13:30:43.177516: | verifying AUTH payload Aug 26 13:30:43.177521: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 13:30:43.177527: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.177531: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.177536: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 13:30:43.177539: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.177543: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.177545: | line 1: match=002 Aug 26 13:30:43.177547: | match 002 beats previous best_match 000 match=0x561bd5510c48 (line=1) Aug 26 13:30:43.177550: | concluding with best_match=002 best=0x561bd5510c48 (lineno=1) Aug 26 13:30:43.177617: "eastnet-any"[1] 192.1.3.209 #1: Authenticated using authby=secret Aug 26 13:30:43.177623: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:30:43.177629: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:30:43.177633: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.177637: | libevent_free: release ptr-libevent@0x7f3264002888 Aug 26 13:30:43.177641: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561bd55b8e38 Aug 26 13:30:43.177644: | event_schedule: new EVENT_SA_REKEY-pe@0x561bd55b8e38 Aug 26 13:30:43.177648: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:30:43.177651: | libevent_malloc: new ptr-libevent@0x561bd55bc708 size 128 Aug 26 13:30:43.178215: | pstats #1 ikev2.ike established Aug 26 13:30:43.178228: | **emit ISAKMP Message: Aug 26 13:30:43.178232: | initiator cookie: Aug 26 13:30:43.178235: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.178237: | responder cookie: Aug 26 13:30:43.178240: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.178243: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.178246: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.178248: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.178251: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.178254: | Message ID: 1 (0x1) Aug 26 13:30:43.178257: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.178261: | IKEv2 CERT: send a certificate? Aug 26 13:30:43.178265: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:30:43.178268: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:43.178271: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.178273: | flags: none (0x0) Aug 26 13:30:43.178279: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:43.178283: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178286: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:43.178327: | Adding a v2N Payload Aug 26 13:30:43.178330: | ****emit IKEv2 Notify Payload: Aug 26 13:30:43.178334: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.178336: | flags: none (0x0) Aug 26 13:30:43.178339: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.178342: | SPI size: 0 (0x0) Aug 26 13:30:43.178344: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.178348: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.178351: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178354: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.178357: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:43.178377: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:30:43.178381: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.178384: | flags: none (0x0) Aug 26 13:30:43.178387: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.178390: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:30:43.178393: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178396: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:30:43.178399: | my identity c0 01 02 17 Aug 26 13:30:43.178402: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:30:43.178411: | assembled IDr payload Aug 26 13:30:43.178414: | CHILD SA proposals received Aug 26 13:30:43.178416: | going to assemble AUTH payload Aug 26 13:30:43.178419: | ****emit IKEv2 Authentication Payload: Aug 26 13:30:43.178421: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:30:43.178424: | flags: none (0x0) Aug 26 13:30:43.178426: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.178429: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 47:ISAKMP_NEXT_v2CP Aug 26 13:30:43.178433: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.178436: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178439: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 13:30:43.178446: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.178450: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 13:30:43.178454: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 13:30:43.178458: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.178461: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 13:30:43.178463: | line 1: match=002 Aug 26 13:30:43.178466: | match 002 beats previous best_match 000 match=0x561bd5510c48 (line=1) Aug 26 13:30:43.178469: | concluding with best_match=002 best=0x561bd5510c48 (lineno=1) Aug 26 13:30:43.178527: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:30:43.178533: | PSK auth 53 14 66 1d ec 02 5b c4 54 2b 64 65 a3 c5 8d e6 Aug 26 13:30:43.178535: | PSK auth 08 19 3c 61 7f 00 37 5c a1 7a a1 8d 75 b9 ac 31 Aug 26 13:30:43.178537: | PSK auth 11 2f 3d d5 79 4b c1 5d 9e 6d 81 21 60 59 8a e8 Aug 26 13:30:43.178539: | PSK auth fc a0 4d 58 35 41 a1 aa 60 d8 3a 87 49 59 11 73 Aug 26 13:30:43.178544: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:30:43.178550: | request lease from addresspool 192.0.3.10-192.0.3.19 reference count 2 thatid '' that.client.addr 192.1.3.209 Aug 26 13:30:43.178553: | cannot share a lease, find a new lease IP Aug 26 13:30:43.178555: | New lease from addresspool index 0 Aug 26 13:30:43.178562: | new lease 192.0.3.10 from addresspool 192.0.3.10-192.0.3.19 to that.client.addr 192.1.3.209 thatid '192.1.3.209' Aug 26 13:30:43.178568: | creating state object #2 at 0x561bd55bd458 Aug 26 13:30:43.178571: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:30:43.178575: | pstats #2 ikev2.child started Aug 26 13:30:43.178578: | duplicating state object #1 "eastnet-any"[1] 192.1.3.209 as #2 for IPSEC SA Aug 26 13:30:43.178583: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:30:43.178589: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.178594: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:30:43.178598: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:30:43.178602: | Send Configuration Payload reply Aug 26 13:30:43.178605: | ****emit IKEv2 Configuration Payload: Aug 26 13:30:43.178608: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.178610: | flags: none (0x0) Aug 26 13:30:43.178613: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 13:30:43.178617: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:30:43.178620: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 13:30:43.178623: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178627: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.178630: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:30:43.178634: | emitting 4 raw bytes of Internal IP Address into IKEv2 Configuration Payload Attribute Aug 26 13:30:43.178636: | Internal IP Address c0 00 03 0a Aug 26 13:30:43.178639: | emitting length of IKEv2 Configuration Payload Attribute: 4 Aug 26 13:30:43.178642: | emitting length of IKEv2 Configuration Payload: 16 Aug 26 13:30:43.178648: | constructing ESP/AH proposals with all DH removed for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:30:43.178655: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:30:43.178663: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.178669: "eastnet-any"[1] 192.1.3.209: constructed local ESP/AH proposals for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.178673: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Aug 26 13:30:43.178677: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.178680: | local proposal 1 type PRF has 0 transforms Aug 26 13:30:43.178684: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.178686: | local proposal 1 type DH has 1 transforms Aug 26 13:30:43.178689: | local proposal 1 type ESN has 1 transforms Aug 26 13:30:43.178693: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:30:43.178697: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.178700: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.178703: | length: 40 (0x28) Aug 26 13:30:43.178708: | prop #: 1 (0x1) Aug 26 13:30:43.178711: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.178714: | spi size: 4 (0x4) Aug 26 13:30:43.178717: | # transforms: 3 (0x3) Aug 26 13:30:43.178721: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:30:43.178723: | remote SPI 31 ab 12 70 Aug 26 13:30:43.178727: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:30:43.178730: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178736: | length: 12 (0xc) Aug 26 13:30:43.178739: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.178742: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.178745: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.178748: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.178751: | length/value: 256 (0x100) Aug 26 13:30:43.178756: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.178759: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178765: | length: 8 (0x8) Aug 26 13:30:43.178768: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.178771: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.178775: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:30:43.178778: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178780: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.178783: | length: 8 (0x8) Aug 26 13:30:43.178786: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.178789: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.178793: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:30:43.178797: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:30:43.178802: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:30:43.178805: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.178812: "eastnet-any"[1] 192.1.3.209 #1: proposal 1:ESP:SPI=31ab1270;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 13:30:43.178817: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=31ab1270;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:30:43.178821: | converting proposal to internal trans attrs Aug 26 13:30:43.178841: | netlink_get_spi: allocated 0x2bb6d074 for esp.0@192.1.2.23 Aug 26 13:30:43.178845: | Emitting ikev2_proposal ... Aug 26 13:30:43.178848: | ****emit IKEv2 Security Association Payload: Aug 26 13:30:43.178851: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.178854: | flags: none (0x0) Aug 26 13:30:43.178858: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.178862: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178865: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.178868: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.178871: | prop #: 1 (0x1) Aug 26 13:30:43.178874: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.178876: | spi size: 4 (0x4) Aug 26 13:30:43.178879: | # transforms: 3 (0x3) Aug 26 13:30:43.178882: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.178886: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:30:43.178891: | our spi 2b b6 d0 74 Aug 26 13:30:43.178894: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178899: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.178902: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.178906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.178909: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.178912: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.178915: | length/value: 256 (0x100) Aug 26 13:30:43.178918: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.178921: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178927: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.178929: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.178933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.178940: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.178942: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.178945: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.178948: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.178951: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.178954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.178957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.178960: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.178964: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:30:43.178967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.178970: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:30:43.178973: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.178976: | received v2N_MOBIKE_SUPPORTED Aug 26 13:30:43.178979: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.178982: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.178985: | flags: none (0x0) Aug 26 13:30:43.178988: | number of TS: 1 (0x1) Aug 26 13:30:43.178991: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.178995: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.178998: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.179001: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.179004: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.179007: | start port: 0 (0x0) Aug 26 13:30:43.179010: | end port: 65535 (0xffff) Aug 26 13:30:43.179013: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.179016: | ipv4 start c0 00 03 0a Aug 26 13:30:43.179019: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.179022: | ipv4 end c0 00 03 0a Aug 26 13:30:43.179025: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.179027: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:30:43.179033: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.179036: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.179039: | flags: none (0x0) Aug 26 13:30:43.179042: | number of TS: 1 (0x1) Aug 26 13:30:43.179045: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.179049: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.179052: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.179055: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.179058: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.179060: | start port: 0 (0x0) Aug 26 13:30:43.179063: | end port: 65535 (0xffff) Aug 26 13:30:43.179066: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.179069: | ipv4 start c0 00 02 00 Aug 26 13:30:43.179072: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.179074: | ipv4 end c0 00 02 ff Aug 26 13:30:43.179077: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.179079: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:30:43.179082: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:43.179086: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 13:30:43.179250: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:30:43.179262: | #1 spent 1.84 milliseconds Aug 26 13:30:43.179266: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:30:43.179269: | could_route called for eastnet-any (kind=CK_INSTANCE) Aug 26 13:30:43.179272: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.179276: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.179279: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:30:43.179282: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.179285: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:30:43.179295: | route owner of "eastnet-any"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.179303: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.179307: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.179311: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.179315: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.179332: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Aug 26 13:30:43.179335: | netlink: enabling tunnel mode Aug 26 13:30:43.179338: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.179356: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.179477: | netlink response for Add SA esp.31ab1270@192.1.3.209 included non-error error Aug 26 13:30:43.179483: | set up outgoing SA, ref=0/0 Aug 26 13:30:43.179501: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.179504: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.179507: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.179511: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.179515: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Aug 26 13:30:43.179518: | netlink: enabling tunnel mode Aug 26 13:30:43.179521: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.179524: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.179564: | netlink response for Add SA esp.2bb6d074@192.1.2.23 included non-error error Aug 26 13:30:43.179570: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:30:43.179578: | add inbound eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:30:43.179584: | IPsec Sa SPD priority set to 1042399 Aug 26 13:30:43.179621: | raw_eroute result=success Aug 26 13:30:43.179638: | set up incoming SA, ref=0/0 Aug 26 13:30:43.179641: | sr for #2: unrouted Aug 26 13:30:43.179644: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:30:43.179647: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.179650: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.179653: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:30:43.179656: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.179659: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:30:43.179664: | route owner of "eastnet-any"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.179667: | route_and_eroute with c: eastnet-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:30:43.179671: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:30:43.179678: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.10/32:0 => tun.0@192.1.3.209 (raw_eroute) Aug 26 13:30:43.179681: | IPsec Sa SPD priority set to 1042399 Aug 26 13:30:43.179693: | raw_eroute result=success Aug 26 13:30:43.179697: | running updown command "ipsec _updown" for verb up Aug 26 13:30:43.179700: | command executing up-client Aug 26 13:30:43.179728: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Aug 26 13:30:43.179732: | popen cmd is 1050 chars long Aug 26 13:30:43.179735: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_: Aug 26 13:30:43.179738: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Aug 26 13:30:43.179741: | cmd( 160):'192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUT: Aug 26 13:30:43.179744: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Aug 26 13:30:43.179747: | cmd( 320):A_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.: Aug 26 13:30:43.179749: | cmd( 400):1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PL: Aug 26 13:30:43.179752: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:30:43.179755: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS: Aug 26 13:30:43.179757: | cmd( 640):K+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO: Aug 26 13:30:43.179760: | cmd( 720):_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Aug 26 13:30:43.179763: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Aug 26 13:30:43.179766: | cmd( 880):'' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Aug 26 13:30:43.179768: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x31ab1270 SPI_OUT=0x2bb6d074 ipsec _u: Aug 26 13:30:43.179771: | cmd(1040):pdown 2>&1: Aug 26 13:30:43.189397: | route_and_eroute: firewall_notified: true Aug 26 13:30:43.189413: | running updown command "ipsec _updown" for verb prepare Aug 26 13:30:43.189416: | command executing prepare-client Aug 26 13:30:43.189438: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 13:30:43.189441: | popen cmd is 1055 chars long Aug 26 13:30:43.189444: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Aug 26 13:30:43.189446: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_M: Aug 26 13:30:43.189447: | cmd( 160):Y_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0': Aug 26 13:30:43.189449: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:30:43.189451: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID=: Aug 26 13:30:43.189452: | cmd( 400):'192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.1: Aug 26 13:30:43.189454: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:30:43.189456: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:30:43.189457: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' : Aug 26 13:30:43.189459: | cmd( 720):PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:30:43.189461: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:30:43.189462: | cmd( 880):NNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:30:43.189464: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x31ab1270 SPI_OUT=0x2bb6d074 ips: Aug 26 13:30:43.189465: | cmd(1040):ec _updown 2>&1: Aug 26 13:30:43.199237: | running updown command "ipsec _updown" for verb route Aug 26 13:30:43.199254: | command executing route-client Aug 26 13:30:43.199287: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 13:30:43.199312: | popen cmd is 1053 chars long Aug 26 13:30:43.199318: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLU: Aug 26 13:30:43.199322: | cmd( 80):TO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_: Aug 26 13:30:43.199324: | cmd( 160):ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' P: Aug 26 13:30:43.199327: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 13:30:43.199329: | cmd( 320):O_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='1: Aug 26 13:30:43.199332: | cmd( 400):92.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10': Aug 26 13:30:43.199334: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:43.199337: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 13:30:43.199340: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PL: Aug 26 13:30:43.199342: | cmd( 720):UTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Aug 26 13:30:43.199345: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Aug 26 13:30:43.199348: | cmd( 880):ER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Aug 26 13:30:43.199350: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x31ab1270 SPI_OUT=0x2bb6d074 ipsec: Aug 26 13:30:43.199353: | cmd(1040): _updown 2>&1: Aug 26 13:30:43.223341: | route_and_eroute: instance "eastnet-any"[1] 192.1.3.209, setting eroute_owner {spd=0x561bd55b8768,sr=0x561bd55b8768} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:30:43.223441: | #1 spent 1.84 milliseconds in install_ipsec_sa() Aug 26 13:30:43.223451: | ISAKMP_v2_IKE_AUTH: instance eastnet-any[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:30:43.223454: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:43.223459: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:43.223463: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:43.223466: | emitting length of IKEv2 Encryption Payload: 229 Aug 26 13:30:43.223469: | emitting length of ISAKMP Message: 257 Aug 26 13:30:43.223504: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:30:43.223511: | #1 spent 3.75 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:30:43.223520: | suspend processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.223528: | start processing: state #2 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.223532: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:30:43.223536: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:30:43.223540: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:30:43.223544: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:30:43.223550: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:30:43.223555: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:30:43.223558: | pstats #2 ikev2.child established Aug 26 13:30:43.223569: "eastnet-any"[1] 192.1.3.209 #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.10-192.0.3.10:0-65535 0] Aug 26 13:30:43.223574: | NAT-T: encaps is 'auto' Aug 26 13:30:43.223579: "eastnet-any"[1] 192.1.3.209 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x31ab1270 <0x2bb6d074 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 13:30:43.223587: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 13:30:43.223596: | sending 257 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:30:43.223600: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.223603: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Aug 26 13:30:43.223605: | 31 af f0 a9 7b 7d 92 72 f7 97 25 21 03 68 c2 eb Aug 26 13:30:43.223608: | 1d 0b 6a 63 93 44 1f 6e c6 8e 90 28 d8 5a 35 22 Aug 26 13:30:43.223610: | 15 d1 4a 80 39 8b 0c 24 20 95 be b3 8a 87 af d2 Aug 26 13:30:43.223613: | 79 9b 72 b7 2b 14 25 99 56 b3 55 33 b2 89 c6 ce Aug 26 13:30:43.223616: | 16 13 4f 1d cf 76 5f 0b a3 0b 0e 8a 53 c8 a8 35 Aug 26 13:30:43.223618: | d1 af fc 54 c2 f1 97 44 cc 6b 07 80 82 88 82 aa Aug 26 13:30:43.223621: | 26 f4 61 f4 96 06 9b bc 8d a6 87 9a 19 45 d8 54 Aug 26 13:30:43.223623: | 7c 53 10 d3 bf b7 37 4f b1 8c f2 ae cc f1 1b 50 Aug 26 13:30:43.223626: | ed 4e 00 60 fd c7 d6 47 31 79 4a 5e 81 e1 f5 e4 Aug 26 13:30:43.223628: | 64 04 fa 83 6d 2b 95 d9 e8 7e 8a b9 df 5a 03 3c Aug 26 13:30:43.223631: | a5 3e 85 d9 03 d0 37 0f 37 69 2a a6 da 0c 59 7b Aug 26 13:30:43.223633: | 26 3d b0 40 91 c6 fc 33 57 ce 1b fc 7a 0f 0b 25 Aug 26 13:30:43.223635: | c9 c1 79 49 aa c6 12 9f 97 b7 fb 5c 5b fb df 51 Aug 26 13:30:43.223637: | 69 99 81 fe 2e 52 f5 b0 31 30 63 48 d4 1c 38 9d Aug 26 13:30:43.223639: | 1c Aug 26 13:30:43.223696: | releasing whack for #2 (sock=fd@-1) Aug 26 13:30:43.223701: | releasing whack and unpending for parent #1 Aug 26 13:30:43.223706: | unpending state #1 connection "eastnet-any"[1] 192.1.3.209 Aug 26 13:30:43.223711: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:30:43.223715: | event_schedule: new EVENT_SA_REKEY-pe@0x7f3264002b78 Aug 26 13:30:43.223719: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:30:43.223723: | libevent_malloc: new ptr-libevent@0x561bd55bd318 size 128 Aug 26 13:30:43.223737: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:43.223745: | #1 spent 4.14 milliseconds in resume sending helper answer Aug 26 13:30:43.223752: | stop processing: state #2 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 13:30:43.223757: | libevent_free: release ptr-libevent@0x7f325c000f48 Aug 26 13:30:43.223772: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.223778: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.223782: | spent 0.00531 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.223785: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.223789: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.223792: | spent 0.00362 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.223795: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.223799: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.223802: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:49.966031: | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:49.966053: | *received 121 bytes from 192.1.33.222:500 on eth1 (192.1.2.23:500) Aug 26 13:30:49.966055: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966057: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 13:30:49.966059: | ab 94 a8 4f 0f 44 2c 64 60 28 df 70 aa c5 7f 09 Aug 26 13:30:49.966060: | fa 42 d8 0e 1b 62 80 e3 83 88 81 44 d7 1d ae ac Aug 26 13:30:49.966062: | c4 d4 18 6e f3 e3 6c dd a0 31 d6 96 6c 27 9d ea Aug 26 13:30:49.966063: | 49 03 cc 92 eb 9e 31 5e d3 c7 bb b6 e1 97 e1 b2 Aug 26 13:30:49.966065: | 82 c5 20 20 39 6e 87 7f 13 95 83 95 50 f7 24 f9 Aug 26 13:30:49.966068: | 27 99 d4 90 0f 0e b8 8e 8f Aug 26 13:30:49.966072: | start processing: from 192.1.33.222:500 (in process_md() at demux.c:378) Aug 26 13:30:49.966074: | **parse ISAKMP Message: Aug 26 13:30:49.966076: | initiator cookie: Aug 26 13:30:49.966078: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.966080: | responder cookie: Aug 26 13:30:49.966081: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966083: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:49.966085: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:49.966086: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:49.966090: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:49.966092: | Message ID: 2 (0x2) Aug 26 13:30:49.966093: | length: 121 (0x79) Aug 26 13:30:49.966095: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:49.966097: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Aug 26 13:30:49.966100: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:30:49.966106: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:49.966108: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:30:49.966111: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:30:49.966113: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:30:49.966116: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 13:30:49.966118: | unpacking clear payload Aug 26 13:30:49.966119: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:49.966122: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:49.966123: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:49.966125: | flags: none (0x0) Aug 26 13:30:49.966126: | length: 93 (0x5d) Aug 26 13:30:49.966128: | processing payload: ISAKMP_NEXT_v2SK (len=89) Aug 26 13:30:49.966131: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:30:49.966133: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:30:49.966148: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:49.966150: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:49.966152: | **parse IKEv2 Notify Payload: Aug 26 13:30:49.966153: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:49.966155: | flags: none (0x0) Aug 26 13:30:49.966156: | length: 8 (0x8) Aug 26 13:30:49.966158: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966159: | SPI size: 0 (0x0) Aug 26 13:30:49.966161: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:49.966163: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:49.966165: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:49.966166: | **parse IKEv2 Notify Payload: Aug 26 13:30:49.966168: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:49.966169: | flags: none (0x0) Aug 26 13:30:49.966171: | length: 28 (0x1c) Aug 26 13:30:49.966172: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966174: | SPI size: 0 (0x0) Aug 26 13:30:49.966175: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:49.966177: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:49.966178: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:49.966180: | **parse IKEv2 Notify Payload: Aug 26 13:30:49.966181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.966183: | flags: none (0x0) Aug 26 13:30:49.966184: | length: 28 (0x1c) Aug 26 13:30:49.966186: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966187: | SPI size: 0 (0x0) Aug 26 13:30:49.966189: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:49.966192: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:49.966194: | selected state microcode R2: process Informational Request Aug 26 13:30:49.966195: | Now let's proceed with state specific processing Aug 26 13:30:49.966197: | calling processor R2: process Informational Request Aug 26 13:30:49.966199: | an informational request should send a response Aug 26 13:30:49.966201: | Need to process v2N_UPDATE_SA_ADDRESSES Aug 26 13:30:49.966203: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 13:30:49.966204: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 13:30:49.966208: | #2 pst=#1 MOBIKE update remote address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 13:30:49.966214: | responder migrate kernel SA esp.31ab1270@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Aug 26 13:30:49.966279: | responder migrate kernel SA esp.2bb6d074@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Aug 26 13:30:49.966323: | responder migrate kernel SA esp.2bb6d074@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Aug 26 13:30:49.966335: "eastnet-any"[1] 192.1.3.209 #1: success MOBIKE update remote address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 13:30:49.966340: | free hp@0x561bd55b8d08 Aug 26 13:30:49.966344: | connect_to_host_pair: 192.1.2.23:500 192.1.33.222:500 -> hp@(nil): none Aug 26 13:30:49.966358: | new hp@0x561bd55b8d08 Aug 26 13:30:49.966363: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:49.966365: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE request: updating IPsec SA by request Aug 26 13:30:49.966399: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:30:49.966401: | **emit ISAKMP Message: Aug 26 13:30:49.966403: | initiator cookie: Aug 26 13:30:49.966405: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.966406: | responder cookie: Aug 26 13:30:49.966408: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966409: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:49.966411: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:49.966413: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:49.966415: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:49.966416: | Message ID: 2 (0x2) Aug 26 13:30:49.966418: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:49.966420: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:49.966422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.966424: | flags: none (0x0) Aug 26 13:30:49.966426: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:49.966428: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:49.966430: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:49.966439: | adding NATD payloads to MOBIKE response Aug 26 13:30:49.966454: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:49.966464: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:49.966466: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.966467: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966469: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:49.966470: | natd_hash: port=500 Aug 26 13:30:49.966472: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:49.966474: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:49.966475: | Adding a v2N Payload Aug 26 13:30:49.966477: | ****emit IKEv2 Notify Payload: Aug 26 13:30:49.966478: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.966480: | flags: none (0x0) Aug 26 13:30:49.966482: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966483: | SPI size: 0 (0x0) Aug 26 13:30:49.966485: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:49.966488: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:49.966490: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:49.966492: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:49.966494: | Notify data 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:49.966496: | Notify data cf 5f ab 58 Aug 26 13:30:49.966497: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:49.966501: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:49.966503: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.966504: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966506: | natd_hash: ip= c0 01 21 de Aug 26 13:30:49.966507: | natd_hash: port=500 Aug 26 13:30:49.966509: | natd_hash: hash= 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:49.966510: | natd_hash: hash= 93 49 13 a4 Aug 26 13:30:49.966512: | Adding a v2N Payload Aug 26 13:30:49.966513: | ****emit IKEv2 Notify Payload: Aug 26 13:30:49.966515: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.966516: | flags: none (0x0) Aug 26 13:30:49.966518: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966519: | SPI size: 0 (0x0) Aug 26 13:30:49.966521: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:49.966523: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:49.966525: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:49.966527: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:49.966528: | Notify data 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:49.966530: | Notify data 93 49 13 a4 Aug 26 13:30:49.966531: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:49.966533: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:49.966535: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:49.966537: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:49.966539: | emitting length of IKEv2 Encryption Payload: 85 Aug 26 13:30:49.966540: | emitting length of ISAKMP Message: 113 Aug 26 13:30:49.966549: | sending 113 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 13:30:49.966551: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966553: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 13:30:49.966554: | f1 c4 3a 98 0f 61 e5 3a da ab d7 e1 c7 00 1e 16 Aug 26 13:30:49.966556: | 73 21 6c 1e 3c b9 f5 a7 74 9f c5 6f 47 82 75 8d Aug 26 13:30:49.966557: | ed 2c 26 05 7b 55 36 e8 06 06 d5 fd 69 a7 2e 87 Aug 26 13:30:49.966559: | 9c 16 b0 45 2e 32 88 e1 37 b8 e8 8c 85 a0 be ad Aug 26 13:30:49.966560: | c6 bb 8c 03 67 ab 39 b3 1e 86 ad 3b 16 fb 07 c0 Aug 26 13:30:49.966561: | 8f Aug 26 13:30:49.966606: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:30:49.966614: | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:30:49.966620: | #1 spent 0.381 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet() Aug 26 13:30:49.966639: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:49.966645: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 13:30:49.966663: | Message ID: updating counters for #1 to 2 after switching state Aug 26 13:30:49.966667: | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 Aug 26 13:30:49.966671: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:49.966674: | STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 13:30:49.966680: | stop processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:49.966684: | #1 spent 0.604 milliseconds in ikev2_process_packet() Aug 26 13:30:49.966688: | stop processing: from 192.1.33.222:500 (in process_md() at demux.c:380) Aug 26 13:30:49.966692: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:49.966695: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:49.966699: | spent 0.618 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:53.015813: | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:53.015832: | *received 121 bytes from 192.1.33.222:500 on eth1 (192.1.2.23:500) Aug 26 13:30:53.015835: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015850: | 2e 20 25 08 00 00 00 03 00 00 00 79 29 00 00 5d Aug 26 13:30:53.015851: | 3c 4b eb 5a 11 7a 1a f0 95 35 0a b7 5a 92 08 2b Aug 26 13:30:53.015853: | 8d c2 55 01 1a 96 1a fd 2a 5a 12 2b 1b 57 31 be Aug 26 13:30:53.015855: | 3f cb 10 e0 77 3b 21 39 78 29 c3 4c 8e 0a 1b 6b Aug 26 13:30:53.015856: | e8 f9 3a 50 fe 47 48 46 98 69 ae f3 14 44 b7 0e Aug 26 13:30:53.015858: | 18 6d 95 23 ad a2 74 12 1f bc 37 fe a5 76 27 3c Aug 26 13:30:53.015859: | 12 34 6f df 9c a2 df d7 be Aug 26 13:30:53.015862: | start processing: from 192.1.33.222:500 (in process_md() at demux.c:378) Aug 26 13:30:53.015865: | **parse ISAKMP Message: Aug 26 13:30:53.015867: | initiator cookie: Aug 26 13:30:53.015869: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.015870: | responder cookie: Aug 26 13:30:53.015872: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015873: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:53.015875: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.015877: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.015879: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:53.015881: | Message ID: 3 (0x3) Aug 26 13:30:53.015882: | length: 121 (0x79) Aug 26 13:30:53.015884: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:53.015887: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Aug 26 13:30:53.015890: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:30:53.015895: | start processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:53.015897: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:30:53.015900: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:30:53.015902: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 Aug 26 13:30:53.015905: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 Aug 26 13:30:53.015907: | unpacking clear payload Aug 26 13:30:53.015908: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:53.015910: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:53.015912: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.015914: | flags: none (0x0) Aug 26 13:30:53.015915: | length: 93 (0x5d) Aug 26 13:30:53.015919: | processing payload: ISAKMP_NEXT_v2SK (len=89) Aug 26 13:30:53.015922: | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 Aug 26 13:30:53.015924: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:30:53.015936: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:53.015938: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.015940: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.015941: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.015943: | flags: none (0x0) Aug 26 13:30:53.015944: | length: 8 (0x8) Aug 26 13:30:53.015946: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015948: | SPI size: 0 (0x0) Aug 26 13:30:53.015950: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:53.015951: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:53.015953: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.015954: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.015956: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.015957: | flags: none (0x0) Aug 26 13:30:53.015959: | length: 28 (0x1c) Aug 26 13:30:53.015961: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015962: | SPI size: 0 (0x0) Aug 26 13:30:53.015964: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.015965: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.015967: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.015968: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.015970: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.015971: | flags: none (0x0) Aug 26 13:30:53.015973: | length: 28 (0x1c) Aug 26 13:30:53.015974: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015976: | SPI size: 0 (0x0) Aug 26 13:30:53.015978: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.015979: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.015981: | selected state microcode R2: process Informational Request Aug 26 13:30:53.015983: | Now let's proceed with state specific processing Aug 26 13:30:53.015984: | calling processor R2: process Informational Request Aug 26 13:30:53.015987: | an informational request should send a response Aug 26 13:30:53.015989: | Need to process v2N_UPDATE_SA_ADDRESSES Aug 26 13:30:53.015990: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 13:30:53.015992: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 13:30:53.015995: | #2 pst=#1 MOBIKE update remote address 192.1.33.222:500 -> 192.1.33.222:500 Aug 26 13:30:53.015999: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE success no change to kernel SA same IP address ad port 192.1.33.222:500 Aug 26 13:30:53.016002: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:53.016005: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE request: updating IPsec SA by request Aug 26 13:30:53.016008: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:30:53.016011: | **emit ISAKMP Message: Aug 26 13:30:53.016012: | initiator cookie: Aug 26 13:30:53.016014: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.016015: | responder cookie: Aug 26 13:30:53.016017: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016018: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:53.016020: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.016022: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.016023: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:53.016025: | Message ID: 3 (0x3) Aug 26 13:30:53.016027: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:53.016029: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:53.016030: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.016033: | flags: none (0x0) Aug 26 13:30:53.016035: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:53.016037: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:53.016040: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:53.016044: | adding NATD payloads to MOBIKE response Aug 26 13:30:53.016046: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:53.016052: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:53.016054: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.016055: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016057: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:53.016059: | natd_hash: port=500 Aug 26 13:30:53.016060: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:53.016062: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:53.016063: | Adding a v2N Payload Aug 26 13:30:53.016065: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.016066: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.016068: | flags: none (0x0) Aug 26 13:30:53.016070: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.016071: | SPI size: 0 (0x0) Aug 26 13:30:53.016073: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.016075: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.016077: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:53.016079: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.016081: | Notify data 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:53.016082: | Notify data cf 5f ab 58 Aug 26 13:30:53.016084: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.016087: | natd_hash: hasher=0x561bd3ab3800(20) Aug 26 13:30:53.016089: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.016091: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016092: | natd_hash: ip= c0 01 21 de Aug 26 13:30:53.016094: | natd_hash: port=500 Aug 26 13:30:53.016095: | natd_hash: hash= 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:53.016097: | natd_hash: hash= 93 49 13 a4 Aug 26 13:30:53.016098: | Adding a v2N Payload Aug 26 13:30:53.016100: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.016101: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.016103: | flags: none (0x0) Aug 26 13:30:53.016104: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.016106: | SPI size: 0 (0x0) Aug 26 13:30:53.016107: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.016109: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.016111: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:30:53.016113: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.016115: | Notify data 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:53.016116: | Notify data 93 49 13 a4 Aug 26 13:30:53.016118: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.016119: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:53.016122: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:53.016123: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:53.016125: | emitting length of IKEv2 Encryption Payload: 85 Aug 26 13:30:53.016127: | emitting length of ISAKMP Message: 113 Aug 26 13:30:53.016134: | sending 113 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 13:30:53.016138: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016139: | 2e 20 25 20 00 00 00 03 00 00 00 71 29 00 00 55 Aug 26 13:30:53.016141: | 91 5b 97 c3 33 86 c9 2c 03 a2 38 a3 fe 82 8a e0 Aug 26 13:30:53.016142: | 4f f6 c8 bf af e1 0d 3d 30 ac 43 67 99 5e 2e a0 Aug 26 13:30:53.016144: | 48 ce 61 64 5b 5a 53 4c ee 91 b1 db c0 0f 68 55 Aug 26 13:30:53.016145: | 1d 99 8b 78 cd 31 bd e0 58 e6 b0 f3 3c ed 2e 52 Aug 26 13:30:53.016147: | 48 6b d9 98 78 91 27 a2 6e fe 24 fc 2f a6 29 cb Aug 26 13:30:53.016148: | ec Aug 26 13:30:53.016175: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 Aug 26 13:30:53.016194: | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 Aug 26 13:30:53.016198: | #1 spent 0.196 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet() Aug 26 13:30:53.016202: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:53.016205: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 13:30:53.016207: | Message ID: updating counters for #1 to 3 after switching state Aug 26 13:30:53.016210: | Message ID: recv #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=2->3 wip.initiator=-1 wip.responder=3->-1 Aug 26 13:30:53.016213: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:53.016215: | STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 13:30:53.016218: | stop processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:53.016221: | #1 spent 0.383 milliseconds in ikev2_process_packet() Aug 26 13:30:53.016224: | stop processing: from 192.1.33.222:500 (in process_md() at demux.c:380) Aug 26 13:30:53.016226: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:53.016228: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:53.016231: | spent 0.393 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:01.382345: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:31:01.382373: | expiring aged bare shunts from shunt table Aug 26 13:31:01.382378: | spent 0.00414 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:31:03.354193: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:03.354214: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:31:03.354217: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:03.354224: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:03.354238: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:03.354254: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:03.354260: | spent 0.0752 milliseconds in whack Aug 26 13:31:03.692344: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:03.692605: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:03.692610: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:03.692692: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:31:03.692694: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:03.692704: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:03.692719: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:03.692735: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:03.692744: | spent 0.411 milliseconds in whack Aug 26 13:31:05.614521: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:05.614544: shutting down Aug 26 13:31:05.614550: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:31:05.614553: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:31:05.614554: forgetting secrets Aug 26 13:31:05.614559: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:31:05.614563: | start processing: connection "eastnet-any"[1] 192.1.33.222 (in delete_connection() at connections.c:189) Aug 26 13:31:05.614567: "eastnet-any"[1] 192.1.33.222: deleting connection "eastnet-any"[1] 192.1.33.222 instance with peer 192.1.33.222 {isakmp=#1/ipsec=#2} Aug 26 13:31:05.614570: | addresspool free lease entry ptr 0x561bd55bd3c8 refcnt 0 Aug 26 13:31:05.614574: | freed lease refcnt 0 192.0.3.10 from addresspool 192.0.3.10-192.0.3.19 index=0. pool size 10 used 0 lingering=0 address Aug 26 13:31:05.614576: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:05.614577: | pass 0 Aug 26 13:31:05.614579: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.614581: | state #2 Aug 26 13:31:05.614584: | suspend processing: connection "eastnet-any"[1] 192.1.33.222 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:05.614588: | start processing: state #2 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:05.614590: | pstats #2 ikev2.child deleted completed Aug 26 13:31:05.614593: | [RE]START processing: state #2 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in delete_state() at state.c:879) Aug 26 13:31:05.614597: "eastnet-any"[1] 192.1.33.222 #2: deleting state (STATE_V2_IPSEC_R) aged 22.436s and sending notification Aug 26 13:31:05.614599: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:31:05.614603: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:05.614615: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:05.614621: "eastnet-any"[1] 192.1.33.222 #2: ESP traffic information: in=336B out=336B Aug 26 13:31:05.614624: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:31:05.614626: | Opening output PBS informational exchange delete request Aug 26 13:31:05.614628: | **emit ISAKMP Message: Aug 26 13:31:05.614630: | initiator cookie: Aug 26 13:31:05.614632: | 90 cc e3 db 95 f3 db f8 Aug 26 13:31:05.614633: | responder cookie: Aug 26 13:31:05.614635: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:05.614637: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.614639: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.614641: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.614643: | flags: none (0x0) Aug 26 13:31:05.614644: | Message ID: 0 (0x0) Aug 26 13:31:05.614646: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.614649: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:05.614651: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.614652: | flags: none (0x0) Aug 26 13:31:05.614654: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:05.614656: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:05.614659: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:05.614667: | ****emit IKEv2 Delete Payload: Aug 26 13:31:05.614669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.614670: | flags: none (0x0) Aug 26 13:31:05.614672: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:05.614673: | SPI size: 4 (0x4) Aug 26 13:31:05.614675: | number of SPIs: 1 (0x1) Aug 26 13:31:05.614677: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:05.614682: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:05.614684: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:31:05.614685: | local spis 2b b6 d0 74 Aug 26 13:31:05.614687: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:31:05.614689: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:05.614691: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:05.614693: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:05.614695: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:31:05.614697: | emitting length of ISAKMP Message: 69 Aug 26 13:31:05.614717: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #2) Aug 26 13:31:05.614719: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:05.614720: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:05.614722: | a1 7e 16 85 5d 58 73 5e f3 72 47 56 9a 72 3e 17 Aug 26 13:31:05.614723: | 97 08 34 d4 29 3f 9b da 0a 1e ef f7 c4 e3 b0 6e Aug 26 13:31:05.614725: | 40 86 5e ee 4e Aug 26 13:31:05.614760: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:31:05.614763: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:31:05.614766: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:31:05.614768: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:05.614772: | libevent_free: release ptr-libevent@0x561bd55bd318 Aug 26 13:31:05.614774: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f3264002b78 Aug 26 13:31:05.614810: | running updown command "ipsec _updown" for verb down Aug 26 13:31:05.614814: | command executing down-client Aug 26 13:31:05.614832: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 13:31:05.614835: | popen cmd is 1064 chars long Aug 26 13:31:05.614837: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUT: Aug 26 13:31:05.614838: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_I: Aug 26 13:31:05.614840: | cmd( 160):D='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PL: Aug 26 13:31:05.614842: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Aug 26 13:31:05.614860: | cmd( 320):_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='1: Aug 26 13:31:05.614867: | cmd( 400):92.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10': Aug 26 13:31:05.614870: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:31:05.614876: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CON: Aug 26 13:31:05.614880: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 13:31:05.614883: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 13:31:05.614899: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 13:31:05.614902: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 13:31:05.614906: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x31ab1270 SPI_OUT=0x2bb: Aug 26 13:31:05.614909: | cmd(1040):6d074 ipsec _updown 2>&1: Aug 26 13:31:05.621986: | shunt_eroute() called for connection 'eastnet-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:31:05.622000: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:05.622003: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:31:05.622006: | IPsec Sa SPD priority set to 1042399 Aug 26 13:31:05.622034: | delete esp.31ab1270@192.1.33.222 Aug 26 13:31:05.622048: | netlink response for Del SA esp.31ab1270@192.1.33.222 included non-error error Aug 26 13:31:05.622050: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:31:05.622055: | delete inbound eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:31:05.622069: | raw_eroute result=success Aug 26 13:31:05.622086: | delete esp.2bb6d074@192.1.2.23 Aug 26 13:31:05.622093: | netlink response for Del SA esp.2bb6d074@192.1.2.23 included non-error error Aug 26 13:31:05.622103: | stop processing: connection "eastnet-any"[1] 192.1.33.222 (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:31:05.622106: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:31:05.622108: | in connection_discard for connection eastnet-any Aug 26 13:31:05.622110: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:31:05.622115: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:31:05.622135: | stop processing: state #2 from 192.1.33.222:500 (in delete_state() at state.c:1143) Aug 26 13:31:05.622158: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:05.622160: | state #1 Aug 26 13:31:05.622162: | pass 1 Aug 26 13:31:05.622164: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.622165: | state #1 Aug 26 13:31:05.622169: | start processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:05.622171: | pstats #1 ikev2.ike deleted completed Aug 26 13:31:05.622177: | #1 spent 9.01 milliseconds in total Aug 26 13:31:05.622180: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in delete_state() at state.c:879) Aug 26 13:31:05.622183: "eastnet-any"[1] 192.1.33.222 #1: deleting state (STATE_PARENT_R2) aged 22.450s and sending notification Aug 26 13:31:05.622185: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:31:05.622229: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:31:05.622236: | Opening output PBS informational exchange delete request Aug 26 13:31:05.622239: | **emit ISAKMP Message: Aug 26 13:31:05.622241: | initiator cookie: Aug 26 13:31:05.622242: | 90 cc e3 db 95 f3 db f8 Aug 26 13:31:05.622244: | responder cookie: Aug 26 13:31:05.622246: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:05.622248: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:05.622249: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:05.622251: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:05.622255: | flags: none (0x0) Aug 26 13:31:05.622258: | Message ID: 1 (0x1) Aug 26 13:31:05.622261: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:05.622263: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:05.622265: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.622266: | flags: none (0x0) Aug 26 13:31:05.622268: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:05.622270: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:05.622273: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:05.622286: | ****emit IKEv2 Delete Payload: Aug 26 13:31:05.622296: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:05.622302: | flags: none (0x0) Aug 26 13:31:05.622304: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:31:05.622306: | SPI size: 0 (0x0) Aug 26 13:31:05.622307: | number of SPIs: 0 (0x0) Aug 26 13:31:05.622309: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:05.622311: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:05.622313: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:31:05.622328: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:05.622330: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:05.622332: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:05.622334: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:31:05.622336: | emitting length of ISAKMP Message: 65 Aug 26 13:31:05.622357: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 13:31:05.622359: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:05.622361: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:31:05.622362: | e2 63 89 dc c9 55 ea 76 e2 2f b1 92 19 c8 d1 9b Aug 26 13:31:05.622364: | 04 f4 57 b6 23 7d f0 53 ae cc 17 d9 af 17 c7 e4 Aug 26 13:31:05.622365: | 15 Aug 26 13:31:05.622398: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:31:05.622400: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:31:05.622404: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=1 wip.responder=-1 Aug 26 13:31:05.622408: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=0->1 wip.responder=-1 Aug 26 13:31:05.622410: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:05.622417: | libevent_free: release ptr-libevent@0x561bd55bc708 Aug 26 13:31:05.622419: | free_event_entry: release EVENT_SA_REKEY-pe@0x561bd55b8e38 Aug 26 13:31:05.622422: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:05.622425: | in connection_discard for connection eastnet-any Aug 26 13:31:05.622426: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:31:05.622429: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:31:05.622455: | stop processing: state #1 from 192.1.33.222:500 (in delete_state() at state.c:1143) Aug 26 13:31:05.622477: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:05.622480: | shunt_eroute() called for connection 'eastnet-any' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:31:05.622482: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:05.622484: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:31:05.622503: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 13:31:05.622511: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:31:05.622513: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:31:05.622515: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:31:05.622517: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 13:31:05.622518: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 13:31:05.622521: | route owner of "eastnet-any" unrouted: NULL Aug 26 13:31:05.622522: | running updown command "ipsec _updown" for verb unroute Aug 26 13:31:05.622524: | command executing unroute-client Aug 26 13:31:05.622542: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 13:31:05.622544: | popen cmd is 1045 chars long Aug 26 13:31:05.622546: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Aug 26 13:31:05.622548: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_M: Aug 26 13:31:05.622550: | cmd( 160):Y_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0': Aug 26 13:31:05.622552: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:31:05.622553: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.33.222' PLUTO_PEER_I: Aug 26 13:31:05.622555: | cmd( 400):D='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 13:31:05.622557: | cmd( 480):.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:31:05.622558: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:31:05.622560: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO: Aug 26 13:31:05.622561: | cmd( 720):' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 13:31:05.622563: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 13:31:05.622565: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 13:31:05.622566: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 13:31:05.622568: | cmd(1040): 2>&1: Aug 26 13:31:05.631243: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631260: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631263: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631264: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631266: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631273: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631284: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631306: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631311: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631338: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.631343: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.636860: | unreference addresspool of conn eastnet-any[1] kind CK_GOING_AWAY refcnt 2 Aug 26 13:31:05.636879: | free hp@0x561bd55b8d08 Aug 26 13:31:05.636883: | flush revival: connection 'eastnet-any' wasn't on the list Aug 26 13:31:05.636886: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:31:05.636894: | start processing: connection "eastnet-any" (in delete_connection() at connections.c:189) Aug 26 13:31:05.636897: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:05.636899: | pass 0 Aug 26 13:31:05.636900: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.636902: | pass 1 Aug 26 13:31:05.636904: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:05.636906: | unreference addresspool of conn eastnet-any[1] kind CK_TEMPLATE refcnt 1 Aug 26 13:31:05.636907: | freeing memory for addresspool ptr 0x561bd55a3c38 Aug 26 13:31:05.636909: | free_lease_list: addresspool free the lease list ptr (nil) Aug 26 13:31:05.636911: | free hp@0x561bd55b6db8 Aug 26 13:31:05.636913: | flush revival: connection 'eastnet-any' wasn't on the list Aug 26 13:31:05.636915: | stop processing: connection "eastnet-any" (in discard_connection() at connections.c:249) Aug 26 13:31:05.636924: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:31:05.636926: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:31:05.636934: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:31:05.636936: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:31:05.636938: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:31:05.636940: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:31:05.636942: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:31:05.636944: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:31:05.636947: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:31:05.636957: | libevent_free: release ptr-libevent@0x561bd55a8d48 Aug 26 13:31:05.636959: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4bd8 Aug 26 13:31:05.636967: | libevent_free: release ptr-libevent@0x561bd5546f68 Aug 26 13:31:05.636969: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4c88 Aug 26 13:31:05.636974: | libevent_free: release ptr-libevent@0x561bd5546e68 Aug 26 13:31:05.636976: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4d38 Aug 26 13:31:05.636981: | libevent_free: release ptr-libevent@0x561bd5546698 Aug 26 13:31:05.636983: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4de8 Aug 26 13:31:05.636987: | libevent_free: release ptr-libevent@0x561bd55154e8 Aug 26 13:31:05.636989: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4e98 Aug 26 13:31:05.636993: | libevent_free: release ptr-libevent@0x561bd55151d8 Aug 26 13:31:05.636995: | free_event_entry: release EVENT_NULL-pe@0x561bd55b4f48 Aug 26 13:31:05.636999: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:31:05.637370: | libevent_free: release ptr-libevent@0x561bd55a8df8 Aug 26 13:31:05.637377: | free_event_entry: release EVENT_NULL-pe@0x561bd559cb38 Aug 26 13:31:05.637381: | libevent_free: release ptr-libevent@0x561bd5546d68 Aug 26 13:31:05.637384: | free_event_entry: release EVENT_NULL-pe@0x561bd559bff8 Aug 26 13:31:05.637387: | libevent_free: release ptr-libevent@0x561bd5580418 Aug 26 13:31:05.637389: | free_event_entry: release EVENT_NULL-pe@0x561bd559cba8 Aug 26 13:31:05.637392: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:31:05.637394: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:31:05.637396: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:31:05.637397: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:31:05.637399: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:31:05.637400: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:31:05.637404: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:31:05.637406: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:31:05.637408: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:31:05.637412: | libevent_free: release ptr-libevent@0x561bd5548048 Aug 26 13:31:05.637414: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:31:05.637416: | libevent_free: release ptr-libevent@0x561bd55b4338 Aug 26 13:31:05.637417: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:31:05.637419: | libevent_free: release ptr-libevent@0x561bd55b4448 Aug 26 13:31:05.637421: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:31:05.637423: | libevent_free: release ptr-libevent@0x561bd55b4688 Aug 26 13:31:05.637425: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:31:05.637426: | releasing event base Aug 26 13:31:05.637436: | libevent_free: release ptr-libevent@0x561bd55b4558 Aug 26 13:31:05.637438: | libevent_free: release ptr-libevent@0x561bd55973e8 Aug 26 13:31:05.637440: | libevent_free: release ptr-libevent@0x561bd5597398 Aug 26 13:31:05.637442: | libevent_free: release ptr-libevent@0x561bd5597328 Aug 26 13:31:05.637444: | libevent_free: release ptr-libevent@0x561bd55972e8 Aug 26 13:31:05.637446: | libevent_free: release ptr-libevent@0x561bd55b4108 Aug 26 13:31:05.637447: | libevent_free: release ptr-libevent@0x561bd55b42b8 Aug 26 13:31:05.637450: | libevent_free: release ptr-libevent@0x561bd5597598 Aug 26 13:31:05.637452: | libevent_free: release ptr-libevent@0x561bd559c108 Aug 26 13:31:05.637455: | libevent_free: release ptr-libevent@0x561bd559caf8 Aug 26 13:31:05.637457: | libevent_free: release ptr-libevent@0x561bd55b4fb8 Aug 26 13:31:05.637459: | libevent_free: release ptr-libevent@0x561bd55b4f08 Aug 26 13:31:05.637461: | libevent_free: release ptr-libevent@0x561bd55b4e58 Aug 26 13:31:05.637464: | libevent_free: release ptr-libevent@0x561bd55b4da8 Aug 26 13:31:05.637466: | libevent_free: release ptr-libevent@0x561bd55b4cf8 Aug 26 13:31:05.637468: | libevent_free: release ptr-libevent@0x561bd55b4c48 Aug 26 13:31:05.637470: | libevent_free: release ptr-libevent@0x561bd5543af8 Aug 26 13:31:05.637473: | libevent_free: release ptr-libevent@0x561bd55b4408 Aug 26 13:31:05.637475: | libevent_free: release ptr-libevent@0x561bd55b42f8 Aug 26 13:31:05.637477: | libevent_free: release ptr-libevent@0x561bd55b4278 Aug 26 13:31:05.637480: | libevent_free: release ptr-libevent@0x561bd55b4518 Aug 26 13:31:05.637482: | libevent_free: release ptr-libevent@0x561bd55b4148 Aug 26 13:31:05.637485: | libevent_free: release ptr-libevent@0x561bd5514908 Aug 26 13:31:05.637487: | libevent_free: release ptr-libevent@0x561bd5514d38 Aug 26 13:31:05.637490: | libevent_free: release ptr-libevent@0x561bd5543e68 Aug 26 13:31:05.637492: | releasing global libevent data Aug 26 13:31:05.637495: | libevent_free: release ptr-libevent@0x561bd55158b8 Aug 26 13:31:05.637497: | libevent_free: release ptr-libevent@0x561bd5514cd8 Aug 26 13:31:05.637500: | libevent_free: release ptr-libevent@0x561bd5514dd8 Aug 26 13:31:05.637534: leak: copy of id, item size: 1 Aug 26 13:31:05.637541: leak detective found 1 leaks, total size 1