Aug 26 13:30:42.872996: FIPS Product: YES Aug 26 13:30:42.873036: FIPS Kernel: NO Aug 26 13:30:42.873039: FIPS Mode: NO Aug 26 13:30:42.873042: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:30:42.873186: Initializing NSS Aug 26 13:30:42.873193: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:30:42.914596: NSS initialized Aug 26 13:30:42.914616: NSS crypto library initialized Aug 26 13:30:42.914619: FIPS HMAC integrity support [enabled] Aug 26 13:30:42.914622: FIPS mode disabled for pluto daemon Aug 26 13:30:42.958123: FIPS HMAC integrity verification self-test FAILED Aug 26 13:30:42.958270: libcap-ng support [enabled] Aug 26 13:30:42.958279: Linux audit support [enabled] Aug 26 13:30:42.958653: Linux audit activated Aug 26 13:30:42.958665: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10946 Aug 26 13:30:42.958669: core dump dir: /tmp Aug 26 13:30:42.958672: secrets file: /etc/ipsec.secrets Aug 26 13:30:42.958675: leak-detective enabled Aug 26 13:30:42.958677: NSS crypto [enabled] Aug 26 13:30:42.958680: XAUTH PAM support [enabled] Aug 26 13:30:42.958753: | libevent is using pluto's memory allocator Aug 26 13:30:42.958760: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:30:42.958774: | libevent_malloc: new ptr-libevent@0x5579aebe58a8 size 40 Aug 26 13:30:42.958777: | libevent_malloc: new ptr-libevent@0x5579aebe5828 size 40 Aug 26 13:30:42.958780: | libevent_malloc: new ptr-libevent@0x5579aebe57a8 size 40 Aug 26 13:30:42.958783: | creating event base Aug 26 13:30:42.958787: | libevent_malloc: new ptr-libevent@0x5579aebe90e8 size 56 Aug 26 13:30:42.958792: | libevent_malloc: new ptr-libevent@0x5579aeb77e58 size 664 Aug 26 13:30:42.958806: | libevent_malloc: new ptr-libevent@0x5579aec16f48 size 24 Aug 26 13:30:42.958810: | libevent_malloc: new ptr-libevent@0x5579aec16f98 size 384 Aug 26 13:30:42.958820: | libevent_malloc: new ptr-libevent@0x5579aec16f08 size 16 Aug 26 13:30:42.958823: | libevent_malloc: new ptr-libevent@0x5579aebe5728 size 40 Aug 26 13:30:42.958826: | libevent_malloc: new ptr-libevent@0x5579aebe56a8 size 48 Aug 26 13:30:42.958831: | libevent_realloc: new ptr-libevent@0x5579aeb77ae8 size 256 Aug 26 13:30:42.958834: | libevent_malloc: new ptr-libevent@0x5579aec17148 size 16 Aug 26 13:30:42.958840: | libevent_free: release ptr-libevent@0x5579aebe90e8 Aug 26 13:30:42.958844: | libevent initialized Aug 26 13:30:42.958848: | libevent_realloc: new ptr-libevent@0x5579aebe90e8 size 64 Aug 26 13:30:42.958854: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:30:42.958917: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:30:42.958920: NAT-Traversal support [enabled] Aug 26 13:30:42.958923: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:30:42.958929: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:30:42.958933: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:30:42.958967: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:30:42.958971: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:30:42.958974: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:30:42.959023: Encryption algorithms: Aug 26 13:30:42.959030: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:30:42.959034: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:30:42.959038: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:30:42.959042: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:30:42.959045: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:30:42.959054: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:30:42.959059: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:30:42.959063: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:30:42.959066: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:30:42.959070: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:30:42.959074: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:30:42.959078: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:30:42.959081: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:30:42.959085: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:30:42.959089: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:30:42.959092: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:30:42.959096: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:30:42.959105: Hash algorithms: Aug 26 13:30:42.959109: MD5 IKEv1: IKE IKEv2: Aug 26 13:30:42.959112: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:30:42.959115: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:30:42.959118: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:30:42.959121: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:30:42.959135: PRF algorithms: Aug 26 13:30:42.959138: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:30:42.959142: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:30:42.959145: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:30:42.959149: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:30:42.959152: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:30:42.959155: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:30:42.959182: Integrity algorithms: Aug 26 13:30:42.959185: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:30:42.959189: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:30:42.959193: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:30:42.959197: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:30:42.959202: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:30:42.959205: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:30:42.959209: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:30:42.959212: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:30:42.959215: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:30:42.959228: DH algorithms: Aug 26 13:30:42.959231: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:30:42.959235: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:30:42.959237: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:30:42.959243: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:30:42.959246: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:30:42.959249: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:30:42.959252: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:30:42.959255: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:30:42.959259: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:30:42.959262: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:30:42.959265: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:30:42.959267: testing CAMELLIA_CBC: Aug 26 13:30:42.959271: Camellia: 16 bytes with 128-bit key Aug 26 13:30:42.959397: Camellia: 16 bytes with 128-bit key Aug 26 13:30:42.959430: Camellia: 16 bytes with 256-bit key Aug 26 13:30:42.959460: Camellia: 16 bytes with 256-bit key Aug 26 13:30:42.959488: testing AES_GCM_16: Aug 26 13:30:42.959491: empty string Aug 26 13:30:42.959519: one block Aug 26 13:30:42.959544: two blocks Aug 26 13:30:42.959569: two blocks with associated data Aug 26 13:30:42.959595: testing AES_CTR: Aug 26 13:30:42.959598: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:30:42.959625: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:30:42.959652: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:30:42.959685: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:30:42.959711: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:30:42.959739: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:30:42.959767: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:30:42.959793: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:30:42.959821: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:30:42.959850: testing AES_CBC: Aug 26 13:30:42.959852: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:30:42.959879: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:30:42.959908: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:30:42.959937: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:30:42.959970: testing AES_XCBC: Aug 26 13:30:42.959973: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:30:42.960093: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:30:42.960221: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:30:42.960353: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:30:42.960486: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:30:42.960615: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:30:42.960833: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:30:42.961267: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:30:42.961627: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:30:42.961826: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:30:42.962073: testing HMAC_MD5: Aug 26 13:30:42.962079: RFC 2104: MD5_HMAC test 1 Aug 26 13:30:42.962276: RFC 2104: MD5_HMAC test 2 Aug 26 13:30:42.962450: RFC 2104: MD5_HMAC test 3 Aug 26 13:30:42.962689: 8 CPU cores online Aug 26 13:30:42.962694: starting up 7 crypto helpers Aug 26 13:30:42.962732: started thread for crypto helper 0 Aug 26 13:30:42.962759: | starting up helper thread 0 Aug 26 13:30:42.962770: started thread for crypto helper 1 Aug 26 13:30:42.962774: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:30:42.962775: | starting up helper thread 1 Aug 26 13:30:42.962779: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:42.962811: | starting up helper thread 2 Aug 26 13:30:42.962823: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:30:42.962827: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:42.962801: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:30:42.962803: started thread for crypto helper 2 Aug 26 13:30:42.962839: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:42.962908: started thread for crypto helper 3 Aug 26 13:30:42.962910: | starting up helper thread 3 Aug 26 13:30:42.962920: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:30:42.962921: | crypto helper 3 waiting (nothing to do) Aug 26 13:30:42.962934: started thread for crypto helper 4 Aug 26 13:30:42.962936: | starting up helper thread 4 Aug 26 13:30:42.962944: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:30:42.962946: | crypto helper 4 waiting (nothing to do) Aug 26 13:30:42.962957: started thread for crypto helper 5 Aug 26 13:30:42.962958: | starting up helper thread 5 Aug 26 13:30:42.962963: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:30:42.962964: | crypto helper 5 waiting (nothing to do) Aug 26 13:30:42.962976: started thread for crypto helper 6 Aug 26 13:30:42.962978: | starting up helper thread 6 Aug 26 13:30:42.962982: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:30:42.962984: | crypto helper 6 waiting (nothing to do) Aug 26 13:30:42.962984: | checking IKEv1 state table Aug 26 13:30:42.962992: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:42.962995: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:30:42.962998: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963001: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:30:42.963004: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:30:42.963006: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:30:42.963009: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:42.963011: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:42.963014: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:30:42.963016: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:30:42.963019: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:42.963021: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:42.963024: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:30:42.963027: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:42.963029: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:42.963031: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:42.963034: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:30:42.963036: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:42.963038: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:42.963041: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:42.963044: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:30:42.963046: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963049: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:30:42.963051: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963054: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963056: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:30:42.963059: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963061: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:42.963063: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:42.963066: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:30:42.963069: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:42.963071: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:42.963074: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:30:42.963077: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963079: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:30:42.963082: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963085: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:30:42.963087: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:30:42.963094: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:30:42.963097: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:30:42.963100: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:30:42.963103: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:30:42.963106: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:30:42.963108: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963111: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:30:42.963114: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963117: | INFO: category: informational flags: 0: Aug 26 13:30:42.963119: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963122: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:30:42.963125: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963128: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:30:42.963131: | -> XAUTH_R1 EVENT_NULL Aug 26 13:30:42.963133: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:30:42.963136: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:42.963139: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:30:42.963142: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:30:42.963145: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:30:42.963147: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:30:42.963150: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:30:42.963153: | -> UNDEFINED EVENT_NULL Aug 26 13:30:42.963156: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:30:42.963158: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:42.963161: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:30:42.963164: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:30:42.963166: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:30:42.963169: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:30:42.963174: | checking IKEv2 state table Aug 26 13:30:42.963181: | PARENT_I0: category: ignore flags: 0: Aug 26 13:30:42.963184: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:30:42.963188: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963191: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:30:42.963194: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:30:42.963198: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:30:42.963201: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:30:42.963204: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:30:42.963207: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:30:42.963210: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:30:42.963213: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:30:42.963216: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:30:42.963219: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:30:42.963222: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:30:42.963225: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:30:42.963227: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:30:42.963230: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963233: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:30:42.963236: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:30:42.963239: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:30:42.963242: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:30:42.963245: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:30:42.963248: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:30:42.963254: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:30:42.963257: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:30:42.963260: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:30:42.963263: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:30:42.963266: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:30:42.963269: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:30:42.963271: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:30:42.963275: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:30:42.963278: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:42.963280: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:30:42.963283: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:30:42.963287: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:30:42.963321: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:30:42.963325: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:30:42.963328: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:30:42.963331: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:30:42.963334: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:30:42.963336: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:42.963339: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:30:42.963342: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:30:42.963345: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:30:42.963349: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:30:42.963364: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:30:42.963367: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:30:42.963430: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:30:42.964208: | Hard-wiring algorithms Aug 26 13:30:42.964215: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:30:42.964219: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:30:42.964222: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:30:42.964224: | adding 3DES_CBC to kernel algorithm db Aug 26 13:30:42.964226: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:30:42.964229: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:30:42.964231: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:30:42.964233: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:30:42.964236: | adding AES_CTR to kernel algorithm db Aug 26 13:30:42.964238: | adding AES_CBC to kernel algorithm db Aug 26 13:30:42.964240: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:30:42.964242: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:30:42.964244: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:30:42.964247: | adding NULL to kernel algorithm db Aug 26 13:30:42.964249: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:30:42.964251: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:30:42.964253: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:30:42.964256: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:30:42.964258: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:30:42.964260: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:30:42.964263: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:30:42.964265: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:30:42.964267: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:30:42.964269: | adding NONE to kernel algorithm db Aug 26 13:30:42.964300: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:30:42.964310: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:30:42.964326: | setup kernel fd callback Aug 26 13:30:42.964329: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5579aec16bf8 Aug 26 13:30:42.964333: | libevent_malloc: new ptr-libevent@0x5579aec17378 size 128 Aug 26 13:30:42.964351: | libevent_malloc: new ptr-libevent@0x5579aec1c418 size 16 Aug 26 13:30:42.964358: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5579aec1c788 Aug 26 13:30:42.964363: | libevent_malloc: new ptr-libevent@0x5579aec14fe8 size 128 Aug 26 13:30:42.964366: | libevent_malloc: new ptr-libevent@0x5579aec1cd38 size 16 Aug 26 13:30:42.964785: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:30:42.964798: selinux support is enabled. Aug 26 13:30:42.965495: | unbound context created - setting debug level to 5 Aug 26 13:30:42.965525: | /etc/hosts lookups activated Aug 26 13:30:42.965539: | /etc/resolv.conf usage activated Aug 26 13:30:42.965605: | outgoing-port-avoid set 0-65535 Aug 26 13:30:42.965636: | outgoing-port-permit set 32768-60999 Aug 26 13:30:42.965640: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:30:42.965644: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:30:42.965648: | Setting up events, loop start Aug 26 13:30:42.965652: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5579aec1cc28 Aug 26 13:30:42.965656: | libevent_malloc: new ptr-libevent@0x5579aec28a58 size 128 Aug 26 13:30:42.965661: | libevent_malloc: new ptr-libevent@0x5579aec33d08 size 16 Aug 26 13:30:42.965668: | libevent_realloc: new ptr-libevent@0x5579aec33d48 size 256 Aug 26 13:30:42.965672: | libevent_malloc: new ptr-libevent@0x5579aec33e78 size 8 Aug 26 13:30:42.965676: | libevent_realloc: new ptr-libevent@0x5579aec16b38 size 144 Aug 26 13:30:42.965678: | libevent_malloc: new ptr-libevent@0x5579aeb78368 size 152 Aug 26 13:30:42.965681: | libevent_malloc: new ptr-libevent@0x5579aec33eb8 size 16 Aug 26 13:30:42.965684: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:30:42.965686: | libevent_malloc: new ptr-libevent@0x5579aec33ef8 size 8 Aug 26 13:30:42.965688: | libevent_malloc: new ptr-libevent@0x5579aec33f38 size 152 Aug 26 13:30:42.965690: | signal event handler PLUTO_SIGTERM installed Aug 26 13:30:42.965692: | libevent_malloc: new ptr-libevent@0x5579aec34008 size 8 Aug 26 13:30:42.965694: | libevent_malloc: new ptr-libevent@0x5579aec34048 size 152 Aug 26 13:30:42.965696: | signal event handler PLUTO_SIGHUP installed Aug 26 13:30:42.965697: | libevent_malloc: new ptr-libevent@0x5579aec34118 size 8 Aug 26 13:30:42.965699: | libevent_realloc: release ptr-libevent@0x5579aec16b38 Aug 26 13:30:42.965701: | libevent_realloc: new ptr-libevent@0x5579aec34158 size 256 Aug 26 13:30:42.965703: | libevent_malloc: new ptr-libevent@0x5579aec34288 size 152 Aug 26 13:30:42.965705: | signal event handler PLUTO_SIGSYS installed Aug 26 13:30:42.966152: | created addconn helper (pid:11047) using fork+execve Aug 26 13:30:42.966166: | forked child 11047 Aug 26 13:30:42.966203: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:42.966215: listening for IKE messages Aug 26 13:30:42.966301: | Inspecting interface lo Aug 26 13:30:42.966310: | found lo with address 127.0.0.1 Aug 26 13:30:42.966316: | Inspecting interface eth0 Aug 26 13:30:42.966319: | found eth0 with address 192.1.3.209 Aug 26 13:30:42.966322: | Inspecting interface eth0 Aug 26 13:30:42.966327: | found eth0 with address 192.1.33.222 Aug 26 13:30:42.966515: Kernel supports NIC esp-hw-offload Aug 26 13:30:42.966587: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.33.222:500 Aug 26 13:30:42.966655: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:42.966661: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:42.966666: adding interface eth0/eth0 192.1.33.222:4500 Aug 26 13:30:42.966700: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Aug 26 13:30:42.966725: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:42.966731: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:42.966735: adding interface eth0/eth0 192.1.3.209:4500 Aug 26 13:30:42.966763: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:30:42.966787: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:42.966792: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:42.966796: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:30:42.966903: | no interfaces to sort Aug 26 13:30:42.966909: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:30:42.966919: | add_fd_read_event_handler: new ethX-pe@0x5579aec34868 Aug 26 13:30:42.966922: | libevent_malloc: new ptr-libevent@0x5579aec289a8 size 128 Aug 26 13:30:42.966927: | libevent_malloc: new ptr-libevent@0x5579aec348d8 size 16 Aug 26 13:30:42.966935: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:42.966938: | add_fd_read_event_handler: new ethX-pe@0x5579aec34918 Aug 26 13:30:42.966944: | libevent_malloc: new ptr-libevent@0x5579aec15098 size 128 Aug 26 13:30:42.966947: | libevent_malloc: new ptr-libevent@0x5579aec34988 size 16 Aug 26 13:30:42.966952: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:42.966955: | add_fd_read_event_handler: new ethX-pe@0x5579aec349c8 Aug 26 13:30:42.966960: | libevent_malloc: new ptr-libevent@0x5579aebea9d8 size 128 Aug 26 13:30:42.966969: | libevent_malloc: new ptr-libevent@0x5579aec34a38 size 16 Aug 26 13:30:42.966980: | setup callback for interface eth0 192.1.3.209:4500 fd 20 Aug 26 13:30:42.966983: | add_fd_read_event_handler: new ethX-pe@0x5579aec34a78 Aug 26 13:30:42.966986: | libevent_malloc: new ptr-libevent@0x5579aebeaa88 size 128 Aug 26 13:30:42.966989: | libevent_malloc: new ptr-libevent@0x5579aec34ae8 size 16 Aug 26 13:30:42.966994: | setup callback for interface eth0 192.1.3.209:500 fd 19 Aug 26 13:30:42.966997: | add_fd_read_event_handler: new ethX-pe@0x5579aec34b28 Aug 26 13:30:42.966999: | libevent_malloc: new ptr-libevent@0x5579aec16a38 size 128 Aug 26 13:30:42.967002: | libevent_malloc: new ptr-libevent@0x5579aec34b98 size 16 Aug 26 13:30:42.967007: | setup callback for interface eth0 192.1.33.222:4500 fd 18 Aug 26 13:30:42.967010: | add_fd_read_event_handler: new ethX-pe@0x5579aec34bd8 Aug 26 13:30:42.967015: | libevent_malloc: new ptr-libevent@0x5579aebe8b38 size 128 Aug 26 13:30:42.967019: | libevent_malloc: new ptr-libevent@0x5579aec34c48 size 16 Aug 26 13:30:42.967024: | setup callback for interface eth0 192.1.33.222:500 fd 17 Aug 26 13:30:42.967030: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:42.967033: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:42.967054: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:42.967065: | Processing PSK at line 1: passed Aug 26 13:30:42.967069: | certs and keys locked by 'process_secret' Aug 26 13:30:42.967074: | certs and keys unlocked by 'process_secret' Aug 26 13:30:42.967085: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:42.967094: | spent 0.747 milliseconds in whack Aug 26 13:30:42.995768: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:42.995794: listening for IKE messages Aug 26 13:30:42.996043: | Inspecting interface lo Aug 26 13:30:42.996050: | found lo with address 127.0.0.1 Aug 26 13:30:42.996052: | Inspecting interface eth0 Aug 26 13:30:42.996055: | found eth0 with address 192.1.3.209 Aug 26 13:30:42.996057: | Inspecting interface eth0 Aug 26 13:30:42.996060: | found eth0 with address 192.1.33.222 Aug 26 13:30:42.996117: | no interfaces to sort Aug 26 13:30:42.996130: | libevent_free: release ptr-libevent@0x5579aec289a8 Aug 26 13:30:42.996135: | free_event_entry: release EVENT_NULL-pe@0x5579aec34868 Aug 26 13:30:42.996145: | add_fd_read_event_handler: new ethX-pe@0x5579aec34868 Aug 26 13:30:42.996150: | libevent_malloc: new ptr-libevent@0x5579aec289a8 size 128 Aug 26 13:30:42.996159: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:30:42.996165: | libevent_free: release ptr-libevent@0x5579aec15098 Aug 26 13:30:42.996169: | free_event_entry: release EVENT_NULL-pe@0x5579aec34918 Aug 26 13:30:42.996173: | add_fd_read_event_handler: new ethX-pe@0x5579aec34918 Aug 26 13:30:42.996177: | libevent_malloc: new ptr-libevent@0x5579aec15098 size 128 Aug 26 13:30:42.996183: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:30:42.996188: | libevent_free: release ptr-libevent@0x5579aebea9d8 Aug 26 13:30:42.996192: | free_event_entry: release EVENT_NULL-pe@0x5579aec349c8 Aug 26 13:30:42.996196: | add_fd_read_event_handler: new ethX-pe@0x5579aec349c8 Aug 26 13:30:42.996200: | libevent_malloc: new ptr-libevent@0x5579aebea9d8 size 128 Aug 26 13:30:42.996206: | setup callback for interface eth0 192.1.3.209:4500 fd 20 Aug 26 13:30:42.996211: | libevent_free: release ptr-libevent@0x5579aebeaa88 Aug 26 13:30:42.996215: | free_event_entry: release EVENT_NULL-pe@0x5579aec34a78 Aug 26 13:30:42.996219: | add_fd_read_event_handler: new ethX-pe@0x5579aec34a78 Aug 26 13:30:42.996222: | libevent_malloc: new ptr-libevent@0x5579aebeaa88 size 128 Aug 26 13:30:42.996229: | setup callback for interface eth0 192.1.3.209:500 fd 19 Aug 26 13:30:42.996234: | libevent_free: release ptr-libevent@0x5579aec16a38 Aug 26 13:30:42.996237: | free_event_entry: release EVENT_NULL-pe@0x5579aec34b28 Aug 26 13:30:42.996241: | add_fd_read_event_handler: new ethX-pe@0x5579aec34b28 Aug 26 13:30:42.996245: | libevent_malloc: new ptr-libevent@0x5579aec16a38 size 128 Aug 26 13:30:42.996251: | setup callback for interface eth0 192.1.33.222:4500 fd 18 Aug 26 13:30:42.996256: | libevent_free: release ptr-libevent@0x5579aebe8b38 Aug 26 13:30:42.996260: | free_event_entry: release EVENT_NULL-pe@0x5579aec34bd8 Aug 26 13:30:42.996263: | add_fd_read_event_handler: new ethX-pe@0x5579aec34bd8 Aug 26 13:30:42.996267: | libevent_malloc: new ptr-libevent@0x5579aebe8b38 size 128 Aug 26 13:30:42.996273: | setup callback for interface eth0 192.1.33.222:500 fd 17 Aug 26 13:30:42.996277: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:42.996280: forgetting secrets Aug 26 13:30:42.996308: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:42.996328: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:42.996339: | Processing PSK at line 1: passed Aug 26 13:30:42.996344: | certs and keys locked by 'process_secret' Aug 26 13:30:42.996347: | certs and keys unlocked by 'process_secret' Aug 26 13:30:42.996358: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:42.996367: | spent 0.59 milliseconds in whack Aug 26 13:30:42.996804: | processing signal PLUTO_SIGCHLD Aug 26 13:30:42.996822: | waitpid returned pid 11047 (exited with status 0) Aug 26 13:30:42.996827: | reaped addconn helper child (status 0) Aug 26 13:30:42.996832: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:42.996837: | spent 0.0234 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.053331: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.053360: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.053365: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.053368: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.053371: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:43.053376: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.053435: | Added new connection road-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.053505: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:30:43.053516: | from whack: got --esp=aes256-sha2 Aug 26 13:30:43.053533: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 13:30:43.053541: | counting wild cards for 192.1.3.209 is 0 Aug 26 13:30:43.053546: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:30:43.053552: | based upon policy narrowing=yes, the connection is a template. Aug 26 13:30:43.053561: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:43.053564: | new hp@0x5579aec36bb8 Aug 26 13:30:43.053569: added connection description "road-eastnet" Aug 26 13:30:43.053582: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:43.053594: | 192.1.3.209<192.1.3.209>[+MC+S=C]...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 13:30:43.053602: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.053610: | spent 0.288 milliseconds in whack Aug 26 13:30:43.168375: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.168430: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:30:43.168435: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:43.168441: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:30:43.168455: | find_host_pair: comparing 192.1.3.209:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:30:43.168474: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@0x5579aec36bb8: road-eastnet Aug 26 13:30:43.168476: | connection 'road-eastnet' +POLICY_UP Aug 26 13:30:43.168480: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:30:43.168483: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:30:43.168499: | creating state object #1 at 0x5579aec373c8 Aug 26 13:30:43.168502: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:30:43.168510: | pstats #1 ikev2.ike started Aug 26 13:30:43.168513: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:30:43.168517: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:30:43.168522: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.168530: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.168536: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:43.168539: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:30:43.168545: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 IKE SA #1 "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:43.168550: "road-eastnet"[1] 192.1.2.23 #1: initiating v2 parent SA Aug 26 13:30:43.168576: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Aug 26 13:30:43.168585: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.168593: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.168597: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.168603: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.168612: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.168618: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.168634: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:43.168640: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.168652: "road-eastnet"[1] 192.1.2.23: constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.168675: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:30:43.168679: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5579aec39b38 Aug 26 13:30:43.168683: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.168687: | libevent_malloc: new ptr-libevent@0x5579aec39ba8 size 128 Aug 26 13:30:43.168701: | #1 spent 0.259 milliseconds in ikev2_parent_outI1() Aug 26 13:30:43.168705: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.168706: | crypto helper 0 resuming Aug 26 13:30:43.168710: | RESET processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.168720: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:30:43.168732: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:43.168738: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:30:43.168738: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:30:43.168752: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:30:43.168756: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.168762: | spent 0.391 milliseconds in whack Aug 26 13:30:43.169396: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000659 seconds Aug 26 13:30:43.169408: | (#1) spent 0.636 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:30:43.169410: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:30:43.169412: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.169415: | libevent_malloc: new ptr-libevent@0x7f7fe0002888 size 128 Aug 26 13:30:43.169421: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.169428: | processing resume sending helper answer for #1 Aug 26 13:30:43.169437: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.169440: | crypto helper 0 replies to request ID 1 Aug 26 13:30:43.169442: | calling continuation function 0x5579ad810b50 Aug 26 13:30:43.169444: | ikev2_parent_outI1_continue for #1 Aug 26 13:30:43.169469: | **emit ISAKMP Message: Aug 26 13:30:43.169471: | initiator cookie: Aug 26 13:30:43.169473: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.169475: | responder cookie: Aug 26 13:30:43.169479: | 00 00 00 00 00 00 00 00 Aug 26 13:30:43.169481: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.169483: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.169485: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.169487: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.169489: | Message ID: 0 (0x0) Aug 26 13:30:43.169491: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.169501: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.169503: | Emitting ikev2_proposals ... Aug 26 13:30:43.169505: | ***emit IKEv2 Security Association Payload: Aug 26 13:30:43.169507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.169509: | flags: none (0x0) Aug 26 13:30:43.169511: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.169513: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.169515: | discarding INTEG=NONE Aug 26 13:30:43.169517: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.169519: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.169520: | prop #: 1 (0x1) Aug 26 13:30:43.169522: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.169524: | spi size: 0 (0x0) Aug 26 13:30:43.169525: | # transforms: 11 (0xb) Aug 26 13:30:43.169527: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.169529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169533: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.169534: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.169536: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169538: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.169540: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.169542: | length/value: 256 (0x100) Aug 26 13:30:43.169544: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.169546: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169549: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169550: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.169553: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169556: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169558: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169561: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169563: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.169566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169570: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169571: | discarding INTEG=NONE Aug 26 13:30:43.169573: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169578: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.169580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169584: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169586: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169595: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.169598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169604: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169606: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169612: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169614: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.169618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169624: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169627: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169635: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.169638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169646: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169652: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169655: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.169658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169661: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169664: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169666: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169674: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169677: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.169680: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169686: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169689: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169694: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169696: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.169699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169703: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169706: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169708: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169711: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.169714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169718: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.169722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169731: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.169734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.169737: | discarding INTEG=NONE Aug 26 13:30:43.169740: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.169742: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.169745: | prop #: 2 (0x2) Aug 26 13:30:43.169747: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.169750: | spi size: 0 (0x0) Aug 26 13:30:43.169752: | # transforms: 11 (0xb) Aug 26 13:30:43.169754: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.169756: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.169758: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169761: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.169763: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.169765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169766: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.169768: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.169770: | length/value: 128 (0x80) Aug 26 13:30:43.169772: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.169773: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169776: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169778: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.169782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169786: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169787: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169789: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169790: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169792: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.169794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169797: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169799: | discarding INTEG=NONE Aug 26 13:30:43.169800: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169802: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169805: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.169807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169811: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169812: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169817: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.169819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169821: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169823: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169824: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169826: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169829: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.169831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169834: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169836: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169841: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.169843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169846: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169848: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169852: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169854: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.169856: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169859: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169861: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169864: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169866: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.169868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169871: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169873: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169878: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.169880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169883: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169885: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169886: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.169888: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169889: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.169891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169895: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169897: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:43.169899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.169900: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.169902: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.169904: | prop #: 3 (0x3) Aug 26 13:30:43.169905: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.169907: | spi size: 0 (0x0) Aug 26 13:30:43.169908: | # transforms: 13 (0xd) Aug 26 13:30:43.169910: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.169912: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.169914: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169917: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.169919: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.169920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169925: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.169927: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.169928: | length/value: 256 (0x100) Aug 26 13:30:43.169930: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.169932: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169935: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169937: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.169938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169940: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169942: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169944: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169947: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.169948: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.169950: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169955: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169959: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.169960: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.169962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169966: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169967: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169971: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.169972: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.169974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169978: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169979: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169984: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.169986: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.169989: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.169991: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.169993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.169994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.169997: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.169999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170002: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170004: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170007: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170009: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.170011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170014: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170016: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170019: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170020: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.170022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170027: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170032: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.170034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170038: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170039: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170042: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170044: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.170046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170048: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170049: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170051: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170054: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170056: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.170058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170061: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170064: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170065: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.170067: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170069: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.170070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170074: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170076: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.170077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.170079: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.170081: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.170082: | prop #: 4 (0x4) Aug 26 13:30:43.170084: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.170086: | spi size: 0 (0x0) Aug 26 13:30:43.170087: | # transforms: 13 (0xd) Aug 26 13:30:43.170089: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:43.170091: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.170093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170096: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.170098: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.170099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170101: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.170103: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.170104: | length/value: 128 (0x80) Aug 26 13:30:43.170106: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.170107: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170111: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.170112: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.170114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170119: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170123: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.170125: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:43.170128: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170133: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170136: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170138: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170141: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.170144: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:43.170147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170155: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170157: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170163: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.170166: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.170169: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170171: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170175: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170177: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170182: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170185: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.170188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170194: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170196: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170204: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:43.170207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170212: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170215: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170222: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:43.170225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170234: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170242: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:43.170245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170248: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170251: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170252: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170257: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170259: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:43.170261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170264: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170266: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170271: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:43.170273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170276: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170278: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170283: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:43.170284: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170286: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170293: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170299: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.170300: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.170302: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.170304: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:43.170306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.170308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.170309: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.170311: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:43.170313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.170315: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:30:43.170316: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.170318: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:30:43.170320: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.170322: | flags: none (0x0) Aug 26 13:30:43.170323: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.170326: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:30:43.170328: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.170330: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:30:43.170332: | ikev2 g^x 49 b0 8a 13 b9 69 8f 12 e8 12 53 1f f4 60 9c a1 Aug 26 13:30:43.170334: | ikev2 g^x c5 e6 b8 db 05 37 e5 03 76 ac 6c f8 8b fc ad b8 Aug 26 13:30:43.170335: | ikev2 g^x 76 c1 ba e8 f5 ee 71 4d c8 21 b0 51 95 b6 3b af Aug 26 13:30:43.170338: | ikev2 g^x 5f b8 c9 2e 76 e0 e3 84 c6 6a f6 b3 b0 01 77 5a Aug 26 13:30:43.170340: | ikev2 g^x 1c 23 a1 67 bf ba 92 ac e6 c8 18 e0 2a 3f 21 7b Aug 26 13:30:43.170341: | ikev2 g^x d2 a5 d0 6b dc 63 9a 79 75 f7 40 6d 99 e9 f6 68 Aug 26 13:30:43.170343: | ikev2 g^x a1 9c 73 b7 b5 6b f5 3d 32 4a 2a 9d 69 9b 67 26 Aug 26 13:30:43.170344: | ikev2 g^x b5 f0 f5 bc 7f ce 4f 94 79 18 67 68 59 ce 06 d7 Aug 26 13:30:43.170346: | ikev2 g^x 4d fa e4 60 c9 9f e6 85 f7 a9 b9 55 d2 5f 7d 66 Aug 26 13:30:43.170347: | ikev2 g^x f6 d4 51 ad 21 fb 2b 2d 51 75 3b c7 78 1c 6f 1f Aug 26 13:30:43.170349: | ikev2 g^x 1e c0 c1 ac df ed 14 e6 ac 98 3c e2 fb 4c 08 39 Aug 26 13:30:43.170350: | ikev2 g^x 4a 5d 01 53 2a 1f b3 8b 9d 0a a1 22 cb 26 e2 65 Aug 26 13:30:43.170352: | ikev2 g^x 93 c5 46 6f f7 3c 85 b9 b5 21 79 4d ef 1e b2 34 Aug 26 13:30:43.170354: | ikev2 g^x 8b 9c c8 40 13 51 0c 67 77 6d 7f df 44 7a c5 27 Aug 26 13:30:43.170355: | ikev2 g^x 7a 74 32 f7 60 36 2f 34 2c ad aa b7 9e e6 f3 15 Aug 26 13:30:43.170357: | ikev2 g^x f7 1a c2 e6 ab a8 fe 12 75 5a 00 f8 83 bb 1f 3c Aug 26 13:30:43.170358: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:30:43.170360: | ***emit IKEv2 Nonce Payload: Aug 26 13:30:43.170362: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.170364: | flags: none (0x0) Aug 26 13:30:43.170366: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:30:43.170368: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.170370: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.170372: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:30:43.170373: | IKEv2 nonce 20 88 af d8 40 d2 bd 23 2b 49 fa bd 79 2c 2f 91 Aug 26 13:30:43.170375: | IKEv2 nonce dc 0e a8 45 58 ca 0f 27 5a 2d 0e 33 83 c4 88 57 Aug 26 13:30:43.170378: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:30:43.170381: | Adding a v2N Payload Aug 26 13:30:43.170383: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.170386: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.170389: | flags: none (0x0) Aug 26 13:30:43.170392: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.170394: | SPI size: 0 (0x0) Aug 26 13:30:43.170398: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.170401: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.170404: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.170407: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.170411: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:43.170414: | natd_hash: rcookie is zero Aug 26 13:30:43.170430: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:43.170434: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.170437: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.170439: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:43.170442: | natd_hash: port=500 Aug 26 13:30:43.170444: | natd_hash: hash= e1 fd 64 63 03 74 af c5 37 e3 ff cf b0 4f e1 2a Aug 26 13:30:43.170447: | natd_hash: hash= 1a 1d cc 27 Aug 26 13:30:43.170449: | Adding a v2N Payload Aug 26 13:30:43.170452: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.170454: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.170457: | flags: none (0x0) Aug 26 13:30:43.170460: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.170462: | SPI size: 0 (0x0) Aug 26 13:30:43.170465: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.170468: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.170473: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.170476: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.170492: | Notify data e1 fd 64 63 03 74 af c5 37 e3 ff cf b0 4f e1 2a Aug 26 13:30:43.170494: | Notify data 1a 1d cc 27 Aug 26 13:30:43.170496: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.170499: | natd_hash: rcookie is zero Aug 26 13:30:43.170509: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:43.170512: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.170515: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:43.170518: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.170521: | natd_hash: port=500 Aug 26 13:30:43.170524: | natd_hash: hash= c3 54 1f 88 3b 3c 4e 6f 74 d1 c9 70 65 1b 27 ba Aug 26 13:30:43.170526: | natd_hash: hash= 4e e8 cd 58 Aug 26 13:30:43.170529: | Adding a v2N Payload Aug 26 13:30:43.170531: | ***emit IKEv2 Notify Payload: Aug 26 13:30:43.170534: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.170537: | flags: none (0x0) Aug 26 13:30:43.170539: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.170541: | SPI size: 0 (0x0) Aug 26 13:30:43.170544: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.170562: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.170564: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.170566: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:43.170567: | Notify data c3 54 1f 88 3b 3c 4e 6f 74 d1 c9 70 65 1b 27 ba Aug 26 13:30:43.170569: | Notify data 4e e8 cd 58 Aug 26 13:30:43.170571: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:43.170573: | emitting length of ISAKMP Message: 828 Aug 26 13:30:43.170579: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:30:43.170588: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.170591: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:30:43.170593: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:30:43.170596: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:30:43.170598: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:30:43.170600: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:30:43.170603: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.170606: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.170618: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:30:43.170628: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.170632: | 90 cc e3 db 95 f3 db f8 00 00 00 00 00 00 00 00 Aug 26 13:30:43.170634: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:30:43.170637: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.170639: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:30:43.170641: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:30:43.170643: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:30:43.170645: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:30:43.170647: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:30:43.170649: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:30:43.170652: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:30:43.170656: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:30:43.170658: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:30:43.170660: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:30:43.170662: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:30:43.170665: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:30:43.170667: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:30:43.170669: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:30:43.170672: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:30:43.170674: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:30:43.170676: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:30:43.170678: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:30:43.170681: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:30:43.170683: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:30:43.170685: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:30:43.170687: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:30:43.170689: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:30:43.170691: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:30:43.170694: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:30:43.170696: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:30:43.170698: | 28 00 01 08 00 0e 00 00 49 b0 8a 13 b9 69 8f 12 Aug 26 13:30:43.170701: | e8 12 53 1f f4 60 9c a1 c5 e6 b8 db 05 37 e5 03 Aug 26 13:30:43.170703: | 76 ac 6c f8 8b fc ad b8 76 c1 ba e8 f5 ee 71 4d Aug 26 13:30:43.170705: | c8 21 b0 51 95 b6 3b af 5f b8 c9 2e 76 e0 e3 84 Aug 26 13:30:43.170707: | c6 6a f6 b3 b0 01 77 5a 1c 23 a1 67 bf ba 92 ac Aug 26 13:30:43.170710: | e6 c8 18 e0 2a 3f 21 7b d2 a5 d0 6b dc 63 9a 79 Aug 26 13:30:43.170712: | 75 f7 40 6d 99 e9 f6 68 a1 9c 73 b7 b5 6b f5 3d Aug 26 13:30:43.170714: | 32 4a 2a 9d 69 9b 67 26 b5 f0 f5 bc 7f ce 4f 94 Aug 26 13:30:43.170716: | 79 18 67 68 59 ce 06 d7 4d fa e4 60 c9 9f e6 85 Aug 26 13:30:43.170718: | f7 a9 b9 55 d2 5f 7d 66 f6 d4 51 ad 21 fb 2b 2d Aug 26 13:30:43.170721: | 51 75 3b c7 78 1c 6f 1f 1e c0 c1 ac df ed 14 e6 Aug 26 13:30:43.170723: | ac 98 3c e2 fb 4c 08 39 4a 5d 01 53 2a 1f b3 8b Aug 26 13:30:43.170725: | 9d 0a a1 22 cb 26 e2 65 93 c5 46 6f f7 3c 85 b9 Aug 26 13:30:43.170728: | b5 21 79 4d ef 1e b2 34 8b 9c c8 40 13 51 0c 67 Aug 26 13:30:43.170730: | 77 6d 7f df 44 7a c5 27 7a 74 32 f7 60 36 2f 34 Aug 26 13:30:43.170732: | 2c ad aa b7 9e e6 f3 15 f7 1a c2 e6 ab a8 fe 12 Aug 26 13:30:43.170735: | 75 5a 00 f8 83 bb 1f 3c 29 00 00 24 20 88 af d8 Aug 26 13:30:43.170737: | 40 d2 bd 23 2b 49 fa bd 79 2c 2f 91 dc 0e a8 45 Aug 26 13:30:43.170739: | 58 ca 0f 27 5a 2d 0e 33 83 c4 88 57 29 00 00 08 Aug 26 13:30:43.170741: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e1 fd 64 63 Aug 26 13:30:43.170744: | 03 74 af c5 37 e3 ff cf b0 4f e1 2a 1a 1d cc 27 Aug 26 13:30:43.170746: | 00 00 00 1c 00 00 40 05 c3 54 1f 88 3b 3c 4e 6f Aug 26 13:30:43.170748: | 74 d1 c9 70 65 1b 27 ba 4e e8 cd 58 Aug 26 13:30:43.170829: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.170837: | libevent_free: release ptr-libevent@0x5579aec39ba8 Aug 26 13:30:43.170841: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5579aec39b38 Aug 26 13:30:43.170844: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.170847: | event_schedule: new EVENT_RETRANSMIT-pe@0x5579aec39b38 Aug 26 13:30:43.170851: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:30:43.170854: | libevent_malloc: new ptr-libevent@0x5579aec39ba8 size 128 Aug 26 13:30:43.170860: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11528.913313 Aug 26 13:30:43.170866: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:30:43.170873: | #1 spent 1.38 milliseconds in resume sending helper answer Aug 26 13:30:43.170879: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.170883: | libevent_free: release ptr-libevent@0x7f7fe0002888 Aug 26 13:30:43.173561: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.173585: | *received 432 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:30:43.173589: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173591: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:30:43.173593: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:30:43.173596: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:30:43.173598: | 04 00 00 0e 28 00 01 08 00 0e 00 00 87 42 ce bc Aug 26 13:30:43.173599: | 5f ec 45 4d 9a 2d 01 1b 0a 47 a5 85 f1 7c 3b 69 Aug 26 13:30:43.173600: | 8a cc b4 77 4e af a3 72 e2 00 34 e5 01 23 f0 78 Aug 26 13:30:43.173602: | b1 07 d6 e4 8d 5a 5d 1e 43 e4 ad d9 32 f6 6a 25 Aug 26 13:30:43.173603: | 76 1b fc c7 98 59 69 70 8a 2e 6e 59 2a ee 6a a3 Aug 26 13:30:43.173605: | 49 07 7f 3b 93 3f 8f fd 05 34 0d 62 4f f3 f1 11 Aug 26 13:30:43.173606: | f0 ab 94 8f b1 91 81 ad 6b c1 07 fd 71 b2 77 bf Aug 26 13:30:43.173608: | b0 cb 3b 01 b1 10 4f 8a 6c bd f9 85 5f 4b 4e 30 Aug 26 13:30:43.173609: | 59 4c 2a 1f 09 e8 a9 a8 1c 88 91 b9 77 e6 1f e8 Aug 26 13:30:43.173611: | 09 f4 f2 5e 95 8f 57 99 c1 0b 3a 0d 4b 25 a9 a2 Aug 26 13:30:43.173612: | e4 03 d7 3a 41 a7 62 dd 7a 6f 64 d6 4c e7 db 59 Aug 26 13:30:43.173614: | 06 89 79 10 ad 29 8e d3 43 fe f9 6e af 16 8d 6d Aug 26 13:30:43.173615: | b5 17 aa 59 9e bf 06 40 81 6e be 08 2e c3 c0 2a Aug 26 13:30:43.173617: | 74 3a 13 d5 a5 93 03 71 af ee 97 7b c0 2f 4c e9 Aug 26 13:30:43.173618: | 5e 76 5d ff 8d 92 fe 00 2a ff 6a 76 aa 3b a3 0f Aug 26 13:30:43.173620: | 90 46 1b 8a c8 61 61 81 ba a9 fb f9 cd 09 36 e1 Aug 26 13:30:43.173621: | 8c 01 c1 1d e4 f1 25 45 58 d7 dc b5 29 00 00 24 Aug 26 13:30:43.173622: | c0 fc 88 59 95 3d 6e 31 66 09 b2 c3 4e ae 93 6e Aug 26 13:30:43.173624: | 26 b3 62 44 57 77 e2 2e c7 c3 c7 d8 ca 30 82 d5 Aug 26 13:30:43.173625: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:30:43.173627: | 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:43.173628: | cf 5f ab 58 00 00 00 1c 00 00 40 05 08 a2 42 f5 Aug 26 13:30:43.173630: | dd 14 8c 64 62 3e 92 1c a8 12 74 ac b0 4d 55 33 Aug 26 13:30:43.173633: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.173635: | **parse ISAKMP Message: Aug 26 13:30:43.173637: | initiator cookie: Aug 26 13:30:43.173639: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173655: | responder cookie: Aug 26 13:30:43.173656: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173658: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.173660: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.173662: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:43.173664: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.173666: | Message ID: 0 (0x0) Aug 26 13:30:43.173667: | length: 432 (0x1b0) Aug 26 13:30:43.173669: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:30:43.173671: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:30:43.173674: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:30:43.173679: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.173683: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.173686: | #1 is idle Aug 26 13:30:43.173688: | #1 idle Aug 26 13:30:43.173689: | unpacking clear payload Aug 26 13:30:43.173691: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.173693: | ***parse IKEv2 Security Association Payload: Aug 26 13:30:43.173695: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:30:43.173697: | flags: none (0x0) Aug 26 13:30:43.173698: | length: 40 (0x28) Aug 26 13:30:43.173700: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:30:43.173702: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:30:43.173704: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:30:43.173705: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:30:43.173707: | flags: none (0x0) Aug 26 13:30:43.173708: | length: 264 (0x108) Aug 26 13:30:43.173710: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.173712: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:30:43.173713: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:30:43.173715: | ***parse IKEv2 Nonce Payload: Aug 26 13:30:43.173717: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.173718: | flags: none (0x0) Aug 26 13:30:43.173720: | length: 36 (0x24) Aug 26 13:30:43.173721: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:30:43.173723: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.173725: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.173726: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.173728: | flags: none (0x0) Aug 26 13:30:43.173729: | length: 8 (0x8) Aug 26 13:30:43.173731: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173733: | SPI size: 0 (0x0) Aug 26 13:30:43.173734: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:43.173736: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.173738: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.173739: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.173741: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.173743: | flags: none (0x0) Aug 26 13:30:43.173744: | length: 28 (0x1c) Aug 26 13:30:43.173746: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173747: | SPI size: 0 (0x0) Aug 26 13:30:43.173749: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:43.173751: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.173752: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.173754: | ***parse IKEv2 Notify Payload: Aug 26 13:30:43.173755: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.173757: | flags: none (0x0) Aug 26 13:30:43.173758: | length: 28 (0x1c) Aug 26 13:30:43.173760: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.173761: | SPI size: 0 (0x0) Aug 26 13:30:43.173763: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:43.173765: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:43.173766: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:30:43.173769: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:43.173771: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.173773: | Now let's proceed with state specific processing Aug 26 13:30:43.173775: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:43.173777: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:30:43.173788: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:43.173792: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:30:43.173795: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.173798: | local proposal 1 type PRF has 2 transforms Aug 26 13:30:43.173800: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.173803: | local proposal 1 type DH has 8 transforms Aug 26 13:30:43.173805: | local proposal 1 type ESN has 0 transforms Aug 26 13:30:43.173808: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.173810: | local proposal 2 type ENCR has 1 transforms Aug 26 13:30:43.173811: | local proposal 2 type PRF has 2 transforms Aug 26 13:30:43.173813: | local proposal 2 type INTEG has 1 transforms Aug 26 13:30:43.173815: | local proposal 2 type DH has 8 transforms Aug 26 13:30:43.173816: | local proposal 2 type ESN has 0 transforms Aug 26 13:30:43.173818: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:43.173820: | local proposal 3 type ENCR has 1 transforms Aug 26 13:30:43.173821: | local proposal 3 type PRF has 2 transforms Aug 26 13:30:43.173824: | local proposal 3 type INTEG has 2 transforms Aug 26 13:30:43.173826: | local proposal 3 type DH has 8 transforms Aug 26 13:30:43.173829: | local proposal 3 type ESN has 0 transforms Aug 26 13:30:43.173832: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.173834: | local proposal 4 type ENCR has 1 transforms Aug 26 13:30:43.173835: | local proposal 4 type PRF has 2 transforms Aug 26 13:30:43.173837: | local proposal 4 type INTEG has 2 transforms Aug 26 13:30:43.173839: | local proposal 4 type DH has 8 transforms Aug 26 13:30:43.173840: | local proposal 4 type ESN has 0 transforms Aug 26 13:30:43.173842: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:43.173844: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.173846: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.173847: | length: 36 (0x24) Aug 26 13:30:43.173849: | prop #: 1 (0x1) Aug 26 13:30:43.173851: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:43.173852: | spi size: 0 (0x0) Aug 26 13:30:43.173854: | # transforms: 3 (0x3) Aug 26 13:30:43.173856: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:30:43.173858: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173861: | length: 12 (0xc) Aug 26 13:30:43.173863: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.173864: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:43.173866: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.173868: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.173870: | length/value: 256 (0x100) Aug 26 13:30:43.173872: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.173874: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.173877: | length: 8 (0x8) Aug 26 13:30:43.173879: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:43.173881: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:43.173883: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:30:43.173885: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.173886: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.173888: | length: 8 (0x8) Aug 26 13:30:43.173889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:43.173891: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:43.173895: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:30:43.173897: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:30:43.173900: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:30:43.173902: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.173904: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:30:43.173907: | converting proposal to internal trans attrs Aug 26 13:30:43.173924: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:43.173927: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173930: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173933: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:43.173935: | natd_hash: port=500 Aug 26 13:30:43.173938: | natd_hash: hash= 08 a2 42 f5 dd 14 8c 64 62 3e 92 1c a8 12 74 ac Aug 26 13:30:43.173940: | natd_hash: hash= b0 4d 55 33 Aug 26 13:30:43.173947: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:43.173950: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.173953: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.173955: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:43.173957: | natd_hash: port=500 Aug 26 13:30:43.173972: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:43.173975: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:43.173977: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:30:43.173980: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:30:43.173982: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:30:43.173985: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:30:43.173991: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:30:43.173995: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:30:43.173997: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.174000: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:30:43.174004: | libevent_free: release ptr-libevent@0x5579aec39ba8 Aug 26 13:30:43.174020: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5579aec39b38 Aug 26 13:30:43.174023: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5579aec39b38 Aug 26 13:30:43.174027: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:43.174030: | libevent_malloc: new ptr-libevent@0x5579aec398d8 size 128 Aug 26 13:30:43.174042: | #1 spent 0.262 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:30:43.174049: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.174047: | crypto helper 2 resuming Aug 26 13:30:43.174057: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:30:43.174066: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:30:43.174074: | suspending state #1 and saving MD Aug 26 13:30:43.174078: | #1 is busy; has a suspended MD Aug 26 13:30:43.174079: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:30:43.174088: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:43.174093: | "road-eastnet"[1] 192.1.2.23 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:43.174099: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.174105: | #1 spent 0.527 milliseconds in ikev2_process_packet() Aug 26 13:30:43.174109: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.174113: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.174118: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.174122: | spent 0.546 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.174891: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:30:43.175166: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001088 seconds Aug 26 13:30:43.175173: | (#1) spent 1.09 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:30:43.175175: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:30:43.175177: | scheduling resume sending helper answer for #1 Aug 26 13:30:43.175179: | libevent_malloc: new ptr-libevent@0x7f7fd8000f48 size 128 Aug 26 13:30:43.175185: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:43.175209: | processing resume sending helper answer for #1 Aug 26 13:30:43.175219: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:43.175222: | crypto helper 2 replies to request ID 2 Aug 26 13:30:43.175224: | calling continuation function 0x5579ad810b50 Aug 26 13:30:43.175226: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:30:43.175233: | creating state object #2 at 0x5579aec3c7b8 Aug 26 13:30:43.175236: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:30:43.175239: | pstats #2 ikev2.child started Aug 26 13:30:43.175242: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #2 for IPSEC SA Aug 26 13:30:43.175245: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:30:43.175249: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:43.175253: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.175255: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:43.175257: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:43.175260: | libevent_free: release ptr-libevent@0x5579aec398d8 Aug 26 13:30:43.175262: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5579aec39b38 Aug 26 13:30:43.175264: | event_schedule: new EVENT_SA_REPLACE-pe@0x5579aec39b38 Aug 26 13:30:43.175266: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:30:43.175268: | libevent_malloc: new ptr-libevent@0x5579aec398d8 size 128 Aug 26 13:30:43.175271: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:30:43.175275: | **emit ISAKMP Message: Aug 26 13:30:43.175277: | initiator cookie: Aug 26 13:30:43.175279: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.175281: | responder cookie: Aug 26 13:30:43.175282: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.175284: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:43.175286: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.175292: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.175298: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:43.175300: | Message ID: 1 (0x1) Aug 26 13:30:43.175302: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:43.175304: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:43.175306: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175308: | flags: none (0x0) Aug 26 13:30:43.175310: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:43.175312: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175316: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:43.175323: | IKEv2 CERT: send a certificate? Aug 26 13:30:43.175325: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:30:43.175327: | IDr payload will NOT be sent Aug 26 13:30:43.175338: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:30:43.175340: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175342: | flags: none (0x0) Aug 26 13:30:43.175344: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.175346: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:30:43.175348: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175350: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:30:43.175352: | my identity c0 01 03 d1 Aug 26 13:30:43.175354: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:30:43.175359: | not sending INITIAL_CONTACT Aug 26 13:30:43.175362: | ****emit IKEv2 Authentication Payload: Aug 26 13:30:43.175363: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175365: | flags: none (0x0) Aug 26 13:30:43.175367: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.175369: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.175371: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175373: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:30:43.175377: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.175380: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.175382: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 13:30:43.175385: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:43.175387: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:43.175389: | line 1: match=002 Aug 26 13:30:43.175391: | match 002 beats previous best_match 000 match=0x5579aeb44c48 (line=1) Aug 26 13:30:43.175393: | concluding with best_match=002 best=0x5579aeb44c48 (lineno=1) Aug 26 13:30:43.175431: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:30:43.175433: | PSK auth 05 7f 65 04 57 0d 39 7e 73 a8 1e 79 2b d9 4d 39 Aug 26 13:30:43.175435: | PSK auth c6 a4 32 74 e1 44 d2 90 fa b1 82 c5 4f 8d f1 4c Aug 26 13:30:43.175437: | PSK auth 0a ad 8e 10 26 d2 ed 63 fa 57 7e 13 d4 48 1f 4c Aug 26 13:30:43.175438: | PSK auth 22 39 a1 c7 5a d4 e1 83 88 44 c8 da a4 6f be 8f Aug 26 13:30:43.175440: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:30:43.175442: | Send Configuration Payload request Aug 26 13:30:43.175444: | ****emit IKEv2 Configuration Payload: Aug 26 13:30:43.175445: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.175447: | flags: none (0x0) Aug 26 13:30:43.175449: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 13:30:43.175451: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:30:43.175453: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 13:30:43.175454: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175456: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.175458: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:30:43.175460: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:43.175462: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.175465: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) Aug 26 13:30:43.175467: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:43.175468: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.175470: | Attribute Type: IKEv2_INTERNAL_IP6_ADDRESS (0x8) Aug 26 13:30:43.175471: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:43.175473: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.175475: | Attribute Type: IKEv2_INTERNAL_IP6_DNS (0xa) Aug 26 13:30:43.175476: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:43.175478: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.175480: | Attribute Type: IKEv2_INTERNAL_DNS_DOMAIN (0x19) Aug 26 13:30:43.175481: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:43.175483: | emitting length of IKEv2 Configuration Payload: 28 Aug 26 13:30:43.175485: | getting first pending from state #1 Aug 26 13:30:43.175501: | netlink_get_spi: allocated 0x31ab1270 for esp.0@192.1.3.209 Aug 26 13:30:43.175504: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:30:43.175509: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:30:43.175513: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.175516: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.175525: | Emitting ikev2_proposals ... Aug 26 13:30:43.175528: | ****emit IKEv2 Security Association Payload: Aug 26 13:30:43.175531: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175533: | flags: none (0x0) Aug 26 13:30:43.175536: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:43.175539: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175542: | discarding DH=NONE Aug 26 13:30:43.175544: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.175547: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.175549: | prop #: 1 (0x1) Aug 26 13:30:43.175551: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.175553: | spi size: 4 (0x4) Aug 26 13:30:43.175554: | # transforms: 3 (0x3) Aug 26 13:30:43.175556: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:43.175559: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:30:43.175560: | our spi 31 ab 12 70 Aug 26 13:30:43.175562: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.175564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.175565: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.175567: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.175569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.175571: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.175573: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.175575: | length/value: 256 (0x100) Aug 26 13:30:43.175576: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:43.175578: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.175580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.175581: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.175583: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.175585: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.175589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.175591: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.175592: | discarding DH=NONE Aug 26 13:30:43.175594: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:43.175596: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.175597: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.175599: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.175601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.175603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:43.175604: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:43.175606: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:30:43.175608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:43.175610: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:30:43.175612: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:43.175614: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.175615: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175617: | flags: none (0x0) Aug 26 13:30:43.175619: | number of TS: 1 (0x1) Aug 26 13:30:43.175621: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.175623: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175624: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.175627: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.175629: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.175632: | start port: 0 (0x0) Aug 26 13:30:43.175635: | end port: 65535 (0xffff) Aug 26 13:30:43.175637: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.175640: | ipv4 start c0 01 03 d1 Aug 26 13:30:43.175643: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.175645: | ipv4 end c0 01 03 d1 Aug 26 13:30:43.175648: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.175651: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:30:43.175654: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.175656: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175659: | flags: none (0x0) Aug 26 13:30:43.175662: | number of TS: 1 (0x1) Aug 26 13:30:43.175665: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.175669: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175671: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:43.175675: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.175677: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.175680: | start port: 0 (0x0) Aug 26 13:30:43.175683: | end port: 65535 (0xffff) Aug 26 13:30:43.175686: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:43.175688: | ipv4 start c0 00 02 00 Aug 26 13:30:43.175691: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:43.175693: | ipv4 end c0 00 02 ff Aug 26 13:30:43.175696: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:43.175700: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:30:43.175703: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:30:43.175707: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:43.175709: | Adding a v2N Payload Aug 26 13:30:43.175712: | ****emit IKEv2 Notify Payload: Aug 26 13:30:43.175715: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.175718: | flags: none (0x0) Aug 26 13:30:43.175720: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.175723: | SPI size: 0 (0x0) Aug 26 13:30:43.175725: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.175729: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:43.175732: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:43.175735: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:43.175738: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:43.175741: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:43.175745: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:43.175747: | emitting length of IKEv2 Encryption Payload: 241 Aug 26 13:30:43.175750: | emitting length of ISAKMP Message: 269 Aug 26 13:30:43.175762: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.175766: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.175769: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:30:43.175771: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:30:43.175773: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:30:43.175775: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:30:43.175778: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:43.175781: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:30:43.175786: "road-eastnet"[1] 192.1.2.23 #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:30:43.175794: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:30:43.175801: | sending 269 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:43.175804: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.175805: | 2e 20 23 08 00 00 00 01 00 00 01 0d 23 00 00 f1 Aug 26 13:30:43.175807: | 5c 8d 5b 3b 6b e5 fa 87 54 ba 31 ee 9d 9c e6 14 Aug 26 13:30:43.175809: | 92 73 0d 18 c4 17 96 47 46 ff 56 c5 eb 75 f5 d2 Aug 26 13:30:43.175810: | c3 05 40 31 30 c5 98 b4 cc 25 0a 7f 42 f8 c8 d4 Aug 26 13:30:43.175812: | 37 53 f0 e5 91 c6 df 7f fe 59 1b b4 fe 5c 9c 15 Aug 26 13:30:43.175813: | 7a f0 18 72 1d 09 92 a5 e3 2a 1b f3 74 ee 4a dd Aug 26 13:30:43.175815: | b9 95 65 82 fa 0b 7d ba 4c e1 fb 91 4c 03 e0 3f Aug 26 13:30:43.175816: | 14 a2 bb 2f 28 e8 86 d1 30 7f 1d 03 13 ef ed fe Aug 26 13:30:43.175818: | f8 47 4e 96 4e 9d 1d 36 15 98 be 43 96 d1 82 12 Aug 26 13:30:43.175819: | 43 1b e6 07 0f 5a 00 47 11 cf b0 f8 45 46 23 8d Aug 26 13:30:43.175821: | f8 33 1c b2 28 9b 0a ed 0e cd 24 54 04 71 85 84 Aug 26 13:30:43.175822: | a9 2b 9a 5d ca 44 0c 13 ac 54 10 a6 f7 da 70 5d Aug 26 13:30:43.175824: | d6 0e b5 ca 78 b1 24 bc 30 cb 36 1a 1e bc 87 5e Aug 26 13:30:43.175827: | 65 75 8e 4f 25 ac e5 6a 6c 4d 50 0c 5c 15 64 83 Aug 26 13:30:43.175828: | 78 9a 23 e3 95 e4 70 0a 7b 25 ef 2a 12 4c 45 13 Aug 26 13:30:43.175830: | bf 05 b9 0f 68 cf b1 34 39 19 7c 1b 61 Aug 26 13:30:43.175870: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:43.175875: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7fe0002b78 Aug 26 13:30:43.175879: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:30:43.175883: | libevent_malloc: new ptr-libevent@0x5579aec3d488 size 128 Aug 26 13:30:43.175887: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11528.918341 Aug 26 13:30:43.175891: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:43.175897: | #1 spent 0.647 milliseconds in resume sending helper answer Aug 26 13:30:43.175903: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:43.175906: | libevent_free: release ptr-libevent@0x7f7fd8000f48 Aug 26 13:30:43.223716: | spent 0.00306 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:43.223740: | *received 257 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:30:43.223744: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.223748: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Aug 26 13:30:43.223751: | 31 af f0 a9 7b 7d 92 72 f7 97 25 21 03 68 c2 eb Aug 26 13:30:43.223754: | 1d 0b 6a 63 93 44 1f 6e c6 8e 90 28 d8 5a 35 22 Aug 26 13:30:43.223757: | 15 d1 4a 80 39 8b 0c 24 20 95 be b3 8a 87 af d2 Aug 26 13:30:43.223760: | 79 9b 72 b7 2b 14 25 99 56 b3 55 33 b2 89 c6 ce Aug 26 13:30:43.223762: | 16 13 4f 1d cf 76 5f 0b a3 0b 0e 8a 53 c8 a8 35 Aug 26 13:30:43.223765: | d1 af fc 54 c2 f1 97 44 cc 6b 07 80 82 88 82 aa Aug 26 13:30:43.223768: | 26 f4 61 f4 96 06 9b bc 8d a6 87 9a 19 45 d8 54 Aug 26 13:30:43.223771: | 7c 53 10 d3 bf b7 37 4f b1 8c f2 ae cc f1 1b 50 Aug 26 13:30:43.223774: | ed 4e 00 60 fd c7 d6 47 31 79 4a 5e 81 e1 f5 e4 Aug 26 13:30:43.223777: | 64 04 fa 83 6d 2b 95 d9 e8 7e 8a b9 df 5a 03 3c Aug 26 13:30:43.223780: | a5 3e 85 d9 03 d0 37 0f 37 69 2a a6 da 0c 59 7b Aug 26 13:30:43.223783: | 26 3d b0 40 91 c6 fc 33 57 ce 1b fc 7a 0f 0b 25 Aug 26 13:30:43.223786: | c9 c1 79 49 aa c6 12 9f 97 b7 fb 5c 5b fb df 51 Aug 26 13:30:43.223789: | 69 99 81 fe 2e 52 f5 b0 31 30 63 48 d4 1c 38 9d Aug 26 13:30:43.223791: | 1c Aug 26 13:30:43.223797: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:43.223801: | **parse ISAKMP Message: Aug 26 13:30:43.223805: | initiator cookie: Aug 26 13:30:43.223808: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:43.223811: | responder cookie: Aug 26 13:30:43.223814: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:43.223817: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:43.223821: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:43.223824: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:43.223827: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:43.223830: | Message ID: 1 (0x1) Aug 26 13:30:43.223833: | length: 257 (0x101) Aug 26 13:30:43.223837: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:30:43.223841: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:30:43.223846: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:30:43.223854: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:43.223858: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:30:43.223865: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.223874: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:43.223877: | #2 is idle Aug 26 13:30:43.223880: | #2 idle Aug 26 13:30:43.223883: | unpacking clear payload Aug 26 13:30:43.223887: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:43.223890: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:43.223893: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:43.223896: | flags: none (0x0) Aug 26 13:30:43.223899: | length: 229 (0xe5) Aug 26 13:30:43.223903: | processing payload: ISAKMP_NEXT_v2SK (len=225) Aug 26 13:30:43.223906: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:30:43.223922: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:30:43.223925: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:43.223929: | **parse IKEv2 Notify Payload: Aug 26 13:30:43.223932: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:30:43.223935: | flags: none (0x0) Aug 26 13:30:43.223938: | length: 8 (0x8) Aug 26 13:30:43.223941: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:43.223944: | SPI size: 0 (0x0) Aug 26 13:30:43.223947: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:43.223950: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:43.223953: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:30:43.223957: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:30:43.223960: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:30:43.223962: | flags: none (0x0) Aug 26 13:30:43.223966: | length: 12 (0xc) Aug 26 13:30:43.223969: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:43.223972: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:30:43.223975: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:30:43.223978: | **parse IKEv2 Authentication Payload: Aug 26 13:30:43.223981: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:30:43.223984: | flags: none (0x0) Aug 26 13:30:43.223986: | length: 72 (0x48) Aug 26 13:30:43.223990: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:43.223993: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:30:43.223995: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 13:30:43.223998: | **parse IKEv2 Configuration Payload: Aug 26 13:30:43.224002: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:43.224004: | flags: none (0x0) Aug 26 13:30:43.224007: | length: 16 (0x10) Aug 26 13:30:43.224010: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 13:30:43.224013: | processing payload: ISAKMP_NEXT_v2CP (len=8) Aug 26 13:30:43.224016: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:43.224020: | **parse IKEv2 Security Association Payload: Aug 26 13:30:43.224023: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:30:43.224026: | flags: none (0x0) Aug 26 13:30:43.224028: | length: 44 (0x2c) Aug 26 13:30:43.224031: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:30:43.224034: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:30:43.224038: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:43.224041: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:30:43.224043: | flags: none (0x0) Aug 26 13:30:43.224046: | length: 24 (0x18) Aug 26 13:30:43.224049: | number of TS: 1 (0x1) Aug 26 13:30:43.224052: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:30:43.224055: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:30:43.224058: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:43.224061: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:43.224064: | flags: none (0x0) Aug 26 13:30:43.224067: | length: 24 (0x18) Aug 26 13:30:43.224070: | number of TS: 1 (0x1) Aug 26 13:30:43.224073: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:30:43.224076: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:30:43.224081: | Now let's proceed with state specific processing Aug 26 13:30:43.224084: | calling processor Initiator: process IKE_AUTH response Aug 26 13:30:43.224088: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 13:30:43.224092: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 13:30:43.224095: | peer ID c0 01 02 17 Aug 26 13:30:43.224099: | offered CA: '%none' Aug 26 13:30:43.224106: "road-eastnet"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 13:30:43.224148: | verifying AUTH payload Aug 26 13:30:43.224153: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:30:43.224159: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.224164: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:43.224169: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 13:30:43.224174: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:43.224177: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:43.224180: | line 1: match=002 Aug 26 13:30:43.224184: | match 002 beats previous best_match 000 match=0x5579aeb44c48 (line=1) Aug 26 13:30:43.224187: | concluding with best_match=002 best=0x5579aeb44c48 (lineno=1) Aug 26 13:30:43.224259: "road-eastnet"[1] 192.1.2.23 #2: Authenticated using authby=secret Aug 26 13:30:43.224269: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:30:43.224275: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:30:43.224279: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:30:43.224283: | libevent_free: release ptr-libevent@0x5579aec398d8 Aug 26 13:30:43.224286: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5579aec39b38 Aug 26 13:30:43.224309: | event_schedule: new EVENT_SA_REKEY-pe@0x5579aec39b38 Aug 26 13:30:43.224314: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:30:43.224318: | libevent_malloc: new ptr-libevent@0x7f7fd8000f48 size 128 Aug 26 13:30:43.224389: | pstats #1 ikev2.ike established Aug 26 13:30:43.224396: | #2 road-eastnet[1] parsing ISAKMP_NEXT_v2CP payload Aug 26 13:30:43.224399: | ***parse IKEv2 Configuration Payload Attribute: Aug 26 13:30:43.224402: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:30:43.224405: | length/value: 4 (0x4) Aug 26 13:30:43.224409: | parsing 4 raw bytes of IKEv2 Configuration Payload Attribute into INTERNAL_IP_ADDRESS Aug 26 13:30:43.224412: | INTERNAL_IP_ADDRESS c0 00 03 0a Aug 26 13:30:43.224418: "road-eastnet"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.3.10 Aug 26 13:30:43.224424: | setting host source IP address to 192.0.3.10 Aug 26 13:30:43.224428: | TSi: parsing 1 traffic selectors Aug 26 13:30:43.224431: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.224434: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.224437: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.224440: | length: 16 (0x10) Aug 26 13:30:43.224443: | start port: 0 (0x0) Aug 26 13:30:43.224446: | end port: 65535 (0xffff) Aug 26 13:30:43.224449: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.224452: | TS low c0 00 03 0a Aug 26 13:30:43.224455: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.224458: | TS high c0 00 03 0a Aug 26 13:30:43.224460: | TSi: parsed 1 traffic selectors Aug 26 13:30:43.224463: | TSr: parsing 1 traffic selectors Aug 26 13:30:43.224466: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:43.224469: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:43.224472: | IP Protocol ID: 0 (0x0) Aug 26 13:30:43.224475: | length: 16 (0x10) Aug 26 13:30:43.224477: | start port: 0 (0x0) Aug 26 13:30:43.224480: | end port: 65535 (0xffff) Aug 26 13:30:43.224482: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:43.224485: | TS low c0 00 02 00 Aug 26 13:30:43.224489: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:43.224491: | TS high c0 00 02 ff Aug 26 13:30:43.224494: | TSr: parsed 1 traffic selectors Aug 26 13:30:43.224501: | evaluating our conn="road-eastnet"[1] 192.1.2.23 I=192.0.3.10/32:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:30:43.224506: | TSi[0] .net=192.0.3.10-192.0.3.10 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.224513: | match address end->client=192.0.3.10/32 >= TSi[0]net=192.0.3.10-192.0.3.10: YES fitness 32 Aug 26 13:30:43.224516: | narrow port end=0..65535 >= TSi[0]=0..65535: 0 Aug 26 13:30:43.224519: | TSi[0] port match: YES fitness 65536 Aug 26 13:30:43.224522: | narrow protocol end=*0 >= TSi[0]=*0: 0 Aug 26 13:30:43.224525: | match end->protocol=*0 >= TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.224530: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:43.224535: | match address end->client=192.0.2.0/24 >= TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:30:43.224538: | narrow port end=0..65535 >= TSr[0]=0..65535: 0 Aug 26 13:30:43.224541: | TSr[0] port match: YES fitness 65536 Aug 26 13:30:43.224544: | narrow protocol end=*0 >= TSr[0]=*0: 0 Aug 26 13:30:43.224546: | match end->protocol=*0 >= TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:43.224549: | best fit so far: TSi[0] TSr[0] Aug 26 13:30:43.224552: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:30:43.224554: | printing contents struct traffic_selector Aug 26 13:30:43.224556: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.224559: | ipprotoid: 0 Aug 26 13:30:43.224561: | port range: 0-65535 Aug 26 13:30:43.224565: | ip range: 192.0.3.10-192.0.3.10 Aug 26 13:30:43.224568: | printing contents struct traffic_selector Aug 26 13:30:43.224570: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:43.224572: | ipprotoid: 0 Aug 26 13:30:43.224574: | port range: 0-65535 Aug 26 13:30:43.224578: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:30:43.224586: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:43.224589: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:30:43.224593: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:43.224596: | local proposal 1 type PRF has 0 transforms Aug 26 13:30:43.224599: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:43.224601: | local proposal 1 type DH has 1 transforms Aug 26 13:30:43.224604: | local proposal 1 type ESN has 1 transforms Aug 26 13:30:43.224608: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:30:43.224611: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:43.224614: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:43.224616: | length: 40 (0x28) Aug 26 13:30:43.224619: | prop #: 1 (0x1) Aug 26 13:30:43.224621: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:43.224624: | spi size: 4 (0x4) Aug 26 13:30:43.224626: | # transforms: 3 (0x3) Aug 26 13:30:43.224629: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:30:43.224632: | remote SPI 2b b6 d0 74 Aug 26 13:30:43.224635: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:30:43.224638: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.224641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.224643: | length: 12 (0xc) Aug 26 13:30:43.224646: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:43.224648: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:43.224651: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:43.224654: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:43.224657: | length/value: 256 (0x100) Aug 26 13:30:43.224661: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:43.224665: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.224668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:43.224670: | length: 8 (0x8) Aug 26 13:30:43.224673: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:43.224676: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:43.224679: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:30:43.224682: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:43.224685: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:43.224687: | length: 8 (0x8) Aug 26 13:30:43.224690: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:43.224692: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:43.224696: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:30:43.224700: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:30:43.224704: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:30:43.224707: | remote proposal 1 matches local proposal 1 Aug 26 13:30:43.224710: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 13:30:43.224716: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=2bb6d074;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:30:43.224718: | converting proposal to internal trans attrs Aug 26 13:30:43.224723: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 13:30:43.224727: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 13:30:43.224887: | #1 spent 1.14 milliseconds Aug 26 13:30:43.224892: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:30:43.224896: | could_route called for road-eastnet (kind=CK_INSTANCE) Aug 26 13:30:43.224898: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.224901: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.224904: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.224907: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.224910: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.224915: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.224919: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.224922: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.224925: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.224930: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.224933: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 13:30:43.224936: | netlink: enabling tunnel mode Aug 26 13:30:43.224939: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.224942: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.225014: | netlink response for Add SA esp.2bb6d074@192.1.2.23 included non-error error Aug 26 13:30:43.225019: | set up outgoing SA, ref=0/0 Aug 26 13:30:43.225022: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:43.225025: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:43.225027: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:43.225031: | setting IPsec SA replay-window to 32 Aug 26 13:30:43.225034: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 13:30:43.225036: | netlink: enabling tunnel mode Aug 26 13:30:43.225039: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:43.225044: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:43.225076: | netlink response for Add SA esp.31ab1270@192.1.3.209 included non-error error Aug 26 13:30:43.225080: | priority calculation of connection "road-eastnet" is 0xfdfe7 Aug 26 13:30:43.225087: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.10/32:0 => tun.10000@192.1.3.209 (raw_eroute) Aug 26 13:30:43.225091: | IPsec Sa SPD priority set to 1040359 Aug 26 13:30:43.225110: | raw_eroute result=success Aug 26 13:30:43.225113: | set up incoming SA, ref=0/0 Aug 26 13:30:43.225116: | sr for #2: unrouted Aug 26 13:30:43.225119: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:30:43.225121: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:43.225124: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.225127: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.225130: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:43.225132: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:43.225137: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 13:30:43.225141: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:30:43.225144: | priority calculation of connection "road-eastnet" is 0xfdfe7 Aug 26 13:30:43.225150: | eroute_connection add eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:30:43.225153: | IPsec Sa SPD priority set to 1040359 Aug 26 13:30:43.225164: | raw_eroute result=success Aug 26 13:30:43.225167: | running updown command "ipsec _updown" for verb up Aug 26 13:30:43.225170: | command executing up-client Aug 26 13:30:43.225198: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIG Aug 26 13:30:43.225202: | popen cmd is 1106 chars long Aug 26 13:30:43.225205: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Aug 26 13:30:43.225208: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID: Aug 26 13:30:43.225210: | cmd( 160):='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' : Aug 26 13:30:43.225213: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 13:30:43.225216: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 13:30:43.225219: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 13:30:43.225221: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:30:43.225224: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS: Aug 26 13:30:43.225227: | cmd( 640):K+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_A: Aug 26 13:30:43.225229: | cmd( 720):LLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' X: Aug 26 13:30:43.225232: | cmd( 800):AUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Aug 26 13:30:43.225236: | cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Aug 26 13:30:43.225239: | cmd( 960):PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Aug 26 13:30:43.225242: | cmd(1040):HARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:43.270594: | route_and_eroute: firewall_notified: true Aug 26 13:30:43.270616: | running updown command "ipsec _updown" for verb prepare Aug 26 13:30:43.270621: | command executing prepare-client Aug 26 13:30:43.270657: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO Aug 26 13:30:43.270663: | popen cmd is 1111 chars long Aug 26 13:30:43.270667: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 13:30:43.270670: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_: Aug 26 13:30:43.270673: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 13:30:43.270675: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Aug 26 13:30:43.270679: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 13:30:43.270681: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:30:43.270684: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:30:43.270687: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:30:43.270690: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_F: Aug 26 13:30:43.270692: | cmd( 720):RAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ip: Aug 26 13:30:43.270695: | cmd( 800):v4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_: Aug 26 13:30:43.270698: | cmd( 880):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: Aug 26 13:30:43.270701: | cmd( 960):='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : Aug 26 13:30:43.270704: | cmd(1040):VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:43.283089: | running updown command "ipsec _updown" for verb route Aug 26 13:30:43.283110: | command executing route-client Aug 26 13:30:43.283147: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_ Aug 26 13:30:43.283157: | popen cmd is 1109 chars long Aug 26 13:30:43.283161: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Aug 26 13:30:43.283164: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY: Aug 26 13:30:43.283167: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Aug 26 13:30:43.283169: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:43.283172: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:43.283175: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:43.283177: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:43.283180: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 13:30:43.283183: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRA: Aug 26 13:30:43.283185: | cmd( 720):G_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4: Aug 26 13:30:43.283188: | cmd( 800):' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Aug 26 13:30:43.283191: | cmd( 880):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Aug 26 13:30:43.283193: | cmd( 960):0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT: Aug 26 13:30:43.283196: | cmd(1040):I_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:43.298486: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.298754: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.298808: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.298849: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.298867: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.298995: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:43.305132: | route_and_eroute: instance "road-eastnet"[1] 192.1.2.23, setting eroute_owner {spd=0x5579aec36de8,sr=0x5579aec36de8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:30:43.305567: | #1 spent 2.23 milliseconds in install_ipsec_sa() Aug 26 13:30:43.305580: | inR2: instance road-eastnet[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:30:43.305584: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:43.305590: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:30:43.305604: | libevent_free: release ptr-libevent@0x5579aec3d488 Aug 26 13:30:43.305612: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7fe0002b78 Aug 26 13:30:43.305618: | #2 spent 3.06 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:30:43.305629: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:43.305633: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:30:43.305637: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:30:43.305641: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:30:43.305648: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:30:43.305655: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:30:43.305660: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:43.305664: | pstats #2 ikev2.child established Aug 26 13:30:43.305676: "road-eastnet"[1] 192.1.2.23 #2: negotiated connection [192.0.3.10-192.0.3.10:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:30:43.305691: | NAT-T: encaps is 'auto' Aug 26 13:30:43.305697: "road-eastnet"[1] 192.1.2.23 #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x2bb6d074 <0x31ab1270 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 13:30:43.305703: | releasing whack for #2 (sock=fd@25) Aug 26 13:30:43.305708: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:30:43.305892: | releasing whack and unpending for parent #1 Aug 26 13:30:43.305901: | unpending state #1 connection "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:43.305909: | delete from pending Child SA with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:43.305913: | removing pending policy for no connection {0x5579aeb44898} Aug 26 13:30:43.305922: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:30:43.305928: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:30:43.305933: | event_schedule: new EVENT_SA_REKEY-pe@0x7f7fe0002b78 Aug 26 13:30:43.305937: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:30:43.305941: | libevent_malloc: new ptr-libevent@0x5579aec3c2e8 size 128 Aug 26 13:30:43.305951: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:43.305958: | #1 spent 3.58 milliseconds in ikev2_process_packet() Aug 26 13:30:43.305963: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:43.305968: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:43.305971: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:43.305975: | spent 3.6 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:43.305990: | kernel_process_msg_cb process netlink message Aug 26 13:30:43.305997: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:30:43.306000: | xfrm netlink address change RTM_NEWADDR msg len 76 Aug 26 13:30:43.306005: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Aug 26 13:30:43.306008: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:30:43.306014: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:43.306020: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:43.306025: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:43.306031: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:43.306034: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:30:43.306036: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:30:43.306102: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:30:43.306107: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:43.306112: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:43.306118: | spent 0.0677 milliseconds in kernel message Aug 26 13:30:43.306128: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.306135: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.306139: | spent 0.0056 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.306142: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.306149: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.306153: | spent 0.00399 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:43.306156: | processing signal PLUTO_SIGCHLD Aug 26 13:30:43.306159: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:43.306163: | spent 0.00393 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.484638: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.484657: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:30:44.484660: | FOR_EACH_STATE_... in sort_states Aug 26 13:30:44.484682: | get_sa_info esp.31ab1270@192.1.3.209 Aug 26 13:30:44.484695: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:30:44.484724: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.484744: | spent 0.113 milliseconds in whack Aug 26 13:30:49.806862: | kernel_process_msg_cb process netlink message Aug 26 13:30:49.807200: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.807216: | spent 0.329 milliseconds in kernel message Aug 26 13:30:49.860686: | kernel_process_msg_cb process netlink message Aug 26 13:30:49.860712: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:49.860721: | spent 0.0093 milliseconds in kernel message Aug 26 13:30:49.913250: | kernel_process_msg_cb process netlink message Aug 26 13:30:49.913270: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:30:49.913273: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 13:30:49.913277: | XFRM RTM_DELADDR 192.1.3.209 IFA_LOCAL Aug 26 13:30:49.913279: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:30:49.913285: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:49.913294: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:49.913300: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:49.913303: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:49.913306: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:49.913307: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:49.913310: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:49.913311: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:49.913315: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL Aug 26 13:30:49.913317: | running updown command "ipsec _updown" for verb down Aug 26 13:30:49.913319: | command executing down-client Aug 26 13:30:49.913339: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PL Aug 26 13:30:49.913343: | popen cmd is 1117 chars long Aug 26 13:30:49.913345: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Aug 26 13:30:49.913347: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_: Aug 26 13:30:49.913349: | cmd( 160):ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10: Aug 26 13:30:49.913354: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 13:30:49.913355: | cmd( 320): PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 13:30:49.913357: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:30:49.913359: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:30:49.913361: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN: Aug 26 13:30:49.913362: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK: Aug 26 13:30:49.913364: | cmd( 720):+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMI: Aug 26 13:30:49.913366: | cmd( 800):LY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' : Aug 26 13:30:49.913367: | cmd( 880):PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_: Aug 26 13:30:49.913369: | cmd( 960):SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING: Aug 26 13:30:49.913371: | cmd(1040):='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:49.946278: "road-eastnet"[1] 192.1.2.23 #1: down-client output: restoring resolvconf Aug 26 13:30:49.946318: "road-eastnet"[1] 192.1.2.23 #1: down-client output: Problem in restoring the resolv.conf, as there is no backup file Aug 26 13:30:49.946605: | running updown command "ipsec _updown" for verb unroute Aug 26 13:30:49.946612: | command executing unroute-client Aug 26 13:30:49.946636: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT= Aug 26 13:30:49.946639: | popen cmd is 1120 chars long Aug 26 13:30:49.946641: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 13:30:49.946643: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_: Aug 26 13:30:49.946645: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 13:30:49.946646: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Aug 26 13:30:49.946648: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 13:30:49.946650: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:30:49.946651: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:30:49.946653: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_C: Aug 26 13:30:49.946655: | cmd( 640):ONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TR: Aug 26 13:30:49.946656: | cmd( 720):ACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF: Aug 26 13:30:49.946658: | cmd( 800):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=': Aug 26 13:30:49.946662: | cmd( 880):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 13:30:49.946664: | cmd( 960):FG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 13:30:49.946666: | cmd(1040):ING='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:49.955512: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.955537: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.955541: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.955543: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.955545: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.955548: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:30:49.964373: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:30:49.964395: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 13:30:49.964400: | libevent_malloc: new ptr-libevent@0x5579aec39828 size 128 Aug 26 13:30:49.964416: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:49.964421: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:30:49.964424: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:30:49.964426: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:30:49.964433: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964437: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964440: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964443: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964447: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964450: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:30:49.964453: | xfrm netlink address change RTM_DELADDR msg len 76 Aug 26 13:30:49.964457: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Aug 26 13:30:49.964460: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:30:49.964466: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:49.964471: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:49.964477: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:49.964482: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:49.964485: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:30:49.964487: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:30:49.964490: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:30:49.964493: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:49.964502: | spent 1.14 milliseconds in kernel message Aug 26 13:30:49.964519: | timer_event_cb: processing event@0x5579aec39ca8 Aug 26 13:30:49.964522: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:30:49.964528: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:30:49.964531: | #1 IKEv2 local address change Aug 26 13:30:49.965157: | #1 MOBIKE new source address 192.1.33.222 remote 192.1.2.23 and gateway 192.1.33.254 Aug 26 13:30:49.965165: | Opening output PBS mobike informational request Aug 26 13:30:49.965169: | **emit ISAKMP Message: Aug 26 13:30:49.965172: | initiator cookie: Aug 26 13:30:49.965174: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.965177: | responder cookie: Aug 26 13:30:49.965179: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.965186: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:49.965189: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:49.965192: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:49.965197: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:49.965199: | Message ID: 2 (0x2) Aug 26 13:30:49.965203: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:49.965206: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:49.965209: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.965212: | flags: none (0x0) Aug 26 13:30:49.965215: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:49.965218: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:49.965222: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:49.965238: | Adding a v2N Payload Aug 26 13:30:49.965241: | ****emit IKEv2 Notify Payload: Aug 26 13:30:49.965244: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.965246: | flags: none (0x0) Aug 26 13:30:49.965249: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.965252: | SPI size: 0 (0x0) Aug 26 13:30:49.965255: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:49.965259: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:49.965262: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:49.965265: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:49.965268: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:49.965312: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:49.965319: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.965322: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.965325: | natd_hash: ip= c0 01 21 de Aug 26 13:30:49.965327: | natd_hash: port=500 Aug 26 13:30:49.965330: | natd_hash: hash= 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:49.965332: | natd_hash: hash= 93 49 13 a4 Aug 26 13:30:49.965335: | Adding a v2N Payload Aug 26 13:30:49.965337: | ****emit IKEv2 Notify Payload: Aug 26 13:30:49.965353: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.965355: | flags: none (0x0) Aug 26 13:30:49.965358: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.965361: | SPI size: 0 (0x0) Aug 26 13:30:49.965363: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:49.965367: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:49.965370: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:49.965373: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:49.965376: | Notify data 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:49.965393: | Notify data 93 49 13 a4 Aug 26 13:30:49.965396: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:49.965403: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:49.965406: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.965409: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.965424: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:49.965426: | natd_hash: port=500 Aug 26 13:30:49.965429: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:49.965431: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:49.965448: | Adding a v2N Payload Aug 26 13:30:49.965451: | ****emit IKEv2 Notify Payload: Aug 26 13:30:49.965453: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.965469: | flags: none (0x0) Aug 26 13:30:49.965471: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.965476: | SPI size: 0 (0x0) Aug 26 13:30:49.965478: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:49.965482: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:49.965485: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:49.965488: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:49.965490: | Notify data 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:49.965493: | Notify data cf 5f ab 58 Aug 26 13:30:49.965495: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:49.965498: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:49.965502: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:49.965505: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:49.965508: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 13:30:49.965510: | emitting length of ISAKMP Message: 121 Aug 26 13:30:49.965534: | sending 121 bytes for mobike informational request through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:49.965537: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.965540: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 13:30:49.965542: | ab 94 a8 4f 0f 44 2c 64 60 28 df 70 aa c5 7f 09 Aug 26 13:30:49.965544: | fa 42 d8 0e 1b 62 80 e3 83 88 81 44 d7 1d ae ac Aug 26 13:30:49.965547: | c4 d4 18 6e f3 e3 6c dd a0 31 d6 96 6c 27 9d ea Aug 26 13:30:49.965564: | 49 03 cc 92 eb 9e 31 5e d3 c7 bb b6 e1 97 e1 b2 Aug 26 13:30:49.965566: | 82 c5 20 20 39 6e 87 7f 13 95 83 95 50 f7 24 f9 Aug 26 13:30:49.965569: | 27 99 d4 90 0f 0e b8 8e 8f Aug 26 13:30:49.965992: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:49.966003: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 13:30:49.966010: | libevent_free: release ptr-libevent@0x5579aec39828 Aug 26 13:30:49.966013: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:30:49.966021: | #1 spent 1.43 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:30:49.966028: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:30:49.966032: | processing signal PLUTO_SIGCHLD Aug 26 13:30:49.966038: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:49.966042: | spent 0.00573 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:49.966045: | processing signal PLUTO_SIGCHLD Aug 26 13:30:49.966048: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:49.966052: | spent 0.00374 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:49.966617: | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:49.966667: | *received 113 bytes from 192.1.2.23:500 on eth0 (192.1.33.222:500) Aug 26 13:30:49.966672: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966674: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 13:30:49.966677: | f1 c4 3a 98 0f 61 e5 3a da ab d7 e1 c7 00 1e 16 Aug 26 13:30:49.966679: | 73 21 6c 1e 3c b9 f5 a7 74 9f c5 6f 47 82 75 8d Aug 26 13:30:49.966682: | ed 2c 26 05 7b 55 36 e8 06 06 d5 fd 69 a7 2e 87 Aug 26 13:30:49.966684: | 9c 16 b0 45 2e 32 88 e1 37 b8 e8 8c 85 a0 be ad Aug 26 13:30:49.966687: | c6 bb 8c 03 67 ab 39 b3 1e 86 ad 3b 16 fb 07 c0 Aug 26 13:30:49.966689: | 8f Aug 26 13:30:49.966694: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:49.966698: | **parse ISAKMP Message: Aug 26 13:30:49.966704: | initiator cookie: Aug 26 13:30:49.966706: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:49.966709: | responder cookie: Aug 26 13:30:49.966712: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:49.966714: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:49.966717: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:49.966720: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:49.966723: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:49.966725: | Message ID: 2 (0x2) Aug 26 13:30:49.966728: | length: 113 (0x71) Aug 26 13:30:49.966744: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:49.966747: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:30:49.966751: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:30:49.966758: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:49.966764: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:49.966767: | #1 is idle Aug 26 13:30:49.966769: | #1 idle Aug 26 13:30:49.966771: | unpacking clear payload Aug 26 13:30:49.966774: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:49.966777: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:49.966780: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:49.966783: | flags: none (0x0) Aug 26 13:30:49.966785: | length: 85 (0x55) Aug 26 13:30:49.966788: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 13:30:49.966791: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:30:49.966806: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:49.966809: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:49.966812: | **parse IKEv2 Notify Payload: Aug 26 13:30:49.966815: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:49.966817: | flags: none (0x0) Aug 26 13:30:49.966820: | length: 28 (0x1c) Aug 26 13:30:49.966822: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966825: | SPI size: 0 (0x0) Aug 26 13:30:49.966827: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:49.966830: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:49.966833: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:49.966835: | **parse IKEv2 Notify Payload: Aug 26 13:30:49.966838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:49.966840: | flags: none (0x0) Aug 26 13:30:49.966843: | length: 28 (0x1c) Aug 26 13:30:49.966845: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:49.966848: | SPI size: 0 (0x0) Aug 26 13:30:49.966851: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:49.966853: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:49.966856: | selected state microcode I3: Informational Request Aug 26 13:30:49.966858: | Now let's proceed with state specific processing Aug 26 13:30:49.966861: | calling processor I3: Informational Request Aug 26 13:30:49.966864: | an informational response Aug 26 13:30:49.966867: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 13:30:49.966870: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 13:30:49.966876: | #2 pst=#1 MOBIKE update local address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 13:30:49.966883: | initiator migrate kernel SA esp.2bb6d074@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Aug 26 13:30:49.966925: | initiator migrate kernel SA esp.31ab1270@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Aug 26 13:30:49.966954: | initiator migrate kernel SA esp.31ab1270@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Aug 26 13:30:49.966968: "road-eastnet"[1] 192.1.2.23 #1: success MOBIKE update local address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 13:30:49.966975: | connect_to_host_pair: 192.1.33.222:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:49.966982: | new hp@0x5579aec42178 Aug 26 13:30:49.966987: | running updown command "ipsec _updown" for verb up Aug 26 13:30:49.966990: | command executing up-client Aug 26 13:30:49.967020: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLU Aug 26 13:30:49.967024: | popen cmd is 1118 chars long Aug 26 13:30:49.967027: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Aug 26 13:30:49.967030: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY: Aug 26 13:30:49.967032: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Aug 26 13:30:49.967035: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:49.967038: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:49.967040: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:49.967043: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:49.967045: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CON: Aug 26 13:30:49.967048: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRAC: Aug 26 13:30:49.967051: | cmd( 720):K+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAM: Aug 26 13:30:49.967053: | cmd( 800):ILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0': Aug 26 13:30:49.967056: | cmd( 880): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Aug 26 13:30:49.967059: | cmd( 960):_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Aug 26 13:30:49.967061: | cmd(1040):G='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:49.996835: | running updown command "ipsec _updown" for verb route Aug 26 13:30:49.996851: | command executing route-client Aug 26 13:30:49.996874: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=' Aug 26 13:30:49.996880: | popen cmd is 1121 chars long Aug 26 13:30:49.996883: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Aug 26 13:30:49.996885: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO: Aug 26 13:30:49.996886: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:49.996888: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 13:30:49.996890: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Aug 26 13:30:49.996892: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0: Aug 26 13:30:49.996893: | cmd( 480):.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 13:30:49.996895: | cmd( 560):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_: Aug 26 13:30:49.996897: | cmd( 640):CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_T: Aug 26 13:30:49.996898: | cmd( 720):RACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDR: Aug 26 13:30:49.996900: | cmd( 800):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=: Aug 26 13:30:49.996902: | cmd( 880):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Aug 26 13:30:49.996903: | cmd( 960):CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Aug 26 13:30:49.996905: | cmd(1040):TING='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&: Aug 26 13:30:49.996907: | cmd(1120):1: Aug 26 13:30:50.006496: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.006525: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.006531: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.006536: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.006541: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.006547: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:50.012815: | #1 updating local interface from 192.1.33.222:500 to 192.1.33.222:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:50.012829: "road-eastnet"[1] 192.1.2.23 #1: MOBIKE response: updating IPsec SA Aug 26 13:30:50.012832: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 13:30:50.012843: | #1 spent 1.14 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 13:30:50.012849: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:50.012853: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:30:50.012855: | Message ID: updating counters for #1 to 2 after switching state Aug 26 13:30:50.012859: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 13:30:50.012862: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:50.012864: | STATE_PARENT_I3: PARENT SA established Aug 26 13:30:50.012869: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:50.012874: | #1 spent 1.4 milliseconds in ikev2_process_packet() Aug 26 13:30:50.012877: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:50.012886: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:50.012888: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:50.012891: | spent 1.41 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:50.012905: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.012914: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:30:50.012916: | xfrm netlink address change RTM_NEWADDR msg len 76 Aug 26 13:30:50.012919: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Aug 26 13:30:50.012921: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:30:50.012924: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:50.012928: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:50.012931: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1575) Aug 26 13:30:50.012934: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:30:50.012937: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 3 seconds for #1 Aug 26 13:30:50.012939: | libevent_malloc: new ptr-libevent@0x5579aec420c8 size 128 Aug 26 13:30:50.012945: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1577) Aug 26 13:30:50.012947: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:30:50.012949: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:30:50.012950: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:30:50.012953: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.012956: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:50.012959: | spent 0.0506 milliseconds in kernel message Aug 26 13:30:50.012965: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.012969: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.012972: | spent 0.00397 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:50.012973: | processing signal PLUTO_SIGCHLD Aug 26 13:30:50.012976: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:50.012978: | spent 0.00239 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:53.015343: | timer_event_cb: processing event@0x5579aec39ca8 Aug 26 13:30:53.015370: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:30:53.015377: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:30:53.015380: | #1 IKEv2 local address change Aug 26 13:30:53.015530: | #1 MOBIKE new source address 192.1.33.222 remote 192.1.2.23 and gateway 192.1.33.254 Aug 26 13:30:53.015534: | Opening output PBS mobike informational request Aug 26 13:30:53.015537: | **emit ISAKMP Message: Aug 26 13:30:53.015539: | initiator cookie: Aug 26 13:30:53.015541: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.015542: | responder cookie: Aug 26 13:30:53.015544: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015546: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:53.015547: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.015549: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.015553: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:53.015555: | Message ID: 3 (0x3) Aug 26 13:30:53.015557: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:53.015559: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:53.015561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.015563: | flags: none (0x0) Aug 26 13:30:53.015565: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:53.015567: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.015572: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:53.015587: | Adding a v2N Payload Aug 26 13:30:53.015589: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.015590: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.015592: | flags: none (0x0) Aug 26 13:30:53.015594: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015596: | SPI size: 0 (0x0) Aug 26 13:30:53.015597: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 13:30:53.015599: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.015601: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.015603: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:53.015605: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:53.015624: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:53.015626: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.015627: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015629: | natd_hash: ip= c0 01 21 de Aug 26 13:30:53.015630: | natd_hash: port=500 Aug 26 13:30:53.015632: | natd_hash: hash= 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:53.015634: | natd_hash: hash= 93 49 13 a4 Aug 26 13:30:53.015635: | Adding a v2N Payload Aug 26 13:30:53.015637: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.015638: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.015640: | flags: none (0x0) Aug 26 13:30:53.015642: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015643: | SPI size: 0 (0x0) Aug 26 13:30:53.015645: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.015647: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.015649: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.015651: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.015652: | Notify data 9b a9 3b 9a 8b 56 df 80 9e 28 62 33 be ed 12 a4 Aug 26 13:30:53.015654: | Notify data 93 49 13 a4 Aug 26 13:30:53.015656: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.015660: | natd_hash: hasher=0x5579ad8e5800(20) Aug 26 13:30:53.015662: | natd_hash: icookie= 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.015664: | natd_hash: rcookie= a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015665: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:53.015666: | natd_hash: port=500 Aug 26 13:30:53.015668: | natd_hash: hash= 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:53.015670: | natd_hash: hash= cf 5f ab 58 Aug 26 13:30:53.015671: | Adding a v2N Payload Aug 26 13:30:53.015672: | ****emit IKEv2 Notify Payload: Aug 26 13:30:53.015674: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.015676: | flags: none (0x0) Aug 26 13:30:53.015677: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.015679: | SPI size: 0 (0x0) Aug 26 13:30:53.015680: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.015682: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:53.015684: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 13:30:53.015686: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:53.015688: | Notify data 8c 04 c7 e4 e8 93 34 d1 10 23 2a 98 a3 36 03 ec Aug 26 13:30:53.015689: | Notify data cf 5f ab 58 Aug 26 13:30:53.015691: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:53.015692: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:53.015695: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:53.015698: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:53.015700: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 13:30:53.015701: | emitting length of ISAKMP Message: 121 Aug 26 13:30:53.015719: | sending 121 bytes for mobike informational request through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:53.015721: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.015723: | 2e 20 25 08 00 00 00 03 00 00 00 79 29 00 00 5d Aug 26 13:30:53.015725: | 3c 4b eb 5a 11 7a 1a f0 95 35 0a b7 5a 92 08 2b Aug 26 13:30:53.015726: | 8d c2 55 01 1a 96 1a fd 2a 5a 12 2b 1b 57 31 be Aug 26 13:30:53.015728: | 3f cb 10 e0 77 3b 21 39 78 29 c3 4c 8e 0a 1b 6b Aug 26 13:30:53.015729: | e8 f9 3a 50 fe 47 48 46 98 69 ae f3 14 44 b7 0e Aug 26 13:30:53.015731: | 18 6d 95 23 ad a2 74 12 1f bc 37 fe a5 76 27 3c Aug 26 13:30:53.015732: | 12 34 6f df 9c a2 df d7 be Aug 26 13:30:53.015793: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:53.015799: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:30:53.015802: | libevent_free: release ptr-libevent@0x5579aec420c8 Aug 26 13:30:53.015804: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:30:53.015810: | #1 spent 0.443 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:30:53.015814: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:30:53.016206: | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:53.016221: | *received 113 bytes from 192.1.2.23:500 on eth0 (192.1.33.222:500) Aug 26 13:30:53.016224: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016226: | 2e 20 25 20 00 00 00 03 00 00 00 71 29 00 00 55 Aug 26 13:30:53.016227: | 91 5b 97 c3 33 86 c9 2c 03 a2 38 a3 fe 82 8a e0 Aug 26 13:30:53.016229: | 4f f6 c8 bf af e1 0d 3d 30 ac 43 67 99 5e 2e a0 Aug 26 13:30:53.016230: | 48 ce 61 64 5b 5a 53 4c ee 91 b1 db c0 0f 68 55 Aug 26 13:30:53.016232: | 1d 99 8b 78 cd 31 bd e0 58 e6 b0 f3 3c ed 2e 52 Aug 26 13:30:53.016233: | 48 6b d9 98 78 91 27 a2 6e fe 24 fc 2f a6 29 cb Aug 26 13:30:53.016235: | ec Aug 26 13:30:53.016238: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:53.016240: | **parse ISAKMP Message: Aug 26 13:30:53.016242: | initiator cookie: Aug 26 13:30:53.016244: | 90 cc e3 db 95 f3 db f8 Aug 26 13:30:53.016245: | responder cookie: Aug 26 13:30:53.016247: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:30:53.016249: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:53.016251: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:53.016252: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:30:53.016254: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:53.016256: | Message ID: 3 (0x3) Aug 26 13:30:53.016258: | length: 113 (0x71) Aug 26 13:30:53.016260: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:30:53.016262: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 13:30:53.016265: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:30:53.016269: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:53.016273: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:53.016275: | #1 is idle Aug 26 13:30:53.016276: | #1 idle Aug 26 13:30:53.016278: | unpacking clear payload Aug 26 13:30:53.016282: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:53.016284: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:53.016286: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.016295: | flags: none (0x0) Aug 26 13:30:53.016300: | length: 85 (0x55) Aug 26 13:30:53.016302: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 13:30:53.016304: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:30:53.016327: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:30:53.016330: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.016332: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.016333: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:53.016335: | flags: none (0x0) Aug 26 13:30:53.016336: | length: 28 (0x1c) Aug 26 13:30:53.016338: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.016339: | SPI size: 0 (0x0) Aug 26 13:30:53.016341: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:53.016343: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.016344: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:53.016346: | **parse IKEv2 Notify Payload: Aug 26 13:30:53.016348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:53.016349: | flags: none (0x0) Aug 26 13:30:53.016351: | length: 28 (0x1c) Aug 26 13:30:53.016352: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:53.016354: | SPI size: 0 (0x0) Aug 26 13:30:53.016355: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:53.016357: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:53.016358: | selected state microcode I3: Informational Request Aug 26 13:30:53.016360: | Now let's proceed with state specific processing Aug 26 13:30:53.016362: | calling processor I3: Informational Request Aug 26 13:30:53.016364: | an informational response Aug 26 13:30:53.016366: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 13:30:53.016367: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 13:30:53.016371: | #2 pst=#1 MOBIKE update local address 192.1.33.222:500 -> 192.1.33.222:500 Aug 26 13:30:53.016376: | initiator migrate kernel SA esp.2bb6d074@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Aug 26 13:30:53.016436: | initiator migrate kernel SA esp.31ab1270@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Aug 26 13:30:53.016456: | initiator migrate kernel SA esp.31ab1270@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Aug 26 13:30:53.016475: "road-eastnet"[1] 192.1.2.23 #1: success MOBIKE update local address 192.1.33.222:500 -> 192.1.33.222:500 Aug 26 13:30:53.016480: | free hp@0x5579aec42178 Aug 26 13:30:53.016483: | connect_to_host_pair: 192.1.33.222:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:53.016485: | new hp@0x5579aec42178 Aug 26 13:30:53.016488: | running updown command "ipsec _updown" for verb up Aug 26 13:30:53.016490: | command executing up-client Aug 26 13:30:53.016509: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLU Aug 26 13:30:53.016513: | popen cmd is 1118 chars long Aug 26 13:30:53.016515: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Aug 26 13:30:53.016517: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY: Aug 26 13:30:53.016518: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Aug 26 13:30:53.016520: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:30:53.016522: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:30:53.016523: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:30:53.016525: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:30:53.016527: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CON: Aug 26 13:30:53.016528: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRAC: Aug 26 13:30:53.016530: | cmd( 720):K+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAM: Aug 26 13:30:53.016532: | cmd( 800):ILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0': Aug 26 13:30:53.016533: | cmd( 880): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Aug 26 13:30:53.016535: | cmd( 960):_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Aug 26 13:30:53.016537: | cmd(1040):G='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:30:53.053023: | running updown command "ipsec _updown" for verb route Aug 26 13:30:53.053042: | command executing route-client Aug 26 13:30:53.053066: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=' Aug 26 13:30:53.053070: | popen cmd is 1121 chars long Aug 26 13:30:53.053072: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Aug 26 13:30:53.053074: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO: Aug 26 13:30:53.053075: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:53.053077: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 13:30:53.053079: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Aug 26 13:30:53.053080: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0: Aug 26 13:30:53.053082: | cmd( 480):.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 13:30:53.053084: | cmd( 560):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_: Aug 26 13:30:53.053085: | cmd( 640):CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_T: Aug 26 13:30:53.053087: | cmd( 720):RACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDR: Aug 26 13:30:53.053091: | cmd( 800):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=: Aug 26 13:30:53.053093: | cmd( 880):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Aug 26 13:30:53.053095: | cmd( 960):CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Aug 26 13:30:53.053096: | cmd(1040):TING='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&: Aug 26 13:30:53.053098: | cmd(1120):1: Aug 26 13:30:53.062614: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062636: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062639: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062641: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062645: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062647: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.062649: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:53.068155: | #1 updating local interface from 192.1.33.222:500 to 192.1.33.222:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:30:53.068168: "road-eastnet"[1] 192.1.2.23 #1: MOBIKE response: updating IPsec SA Aug 26 13:30:53.068171: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 13:30:53.068180: | #1 spent 1.03 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 13:30:53.068185: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:53.068188: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:30:53.068190: | Message ID: updating counters for #1 to 3 after switching state Aug 26 13:30:53.068193: | Message ID: recv #1 response 3; ike: initiator.sent=3 initiator.recv=2->3 responder.sent=-1 responder.recv=-1 wip.initiator=3->-1 wip.responder=-1 Aug 26 13:30:53.068196: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:53.068198: | STATE_PARENT_I3: PARENT SA established Aug 26 13:30:53.068203: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:53.068208: | #1 spent 1.2 milliseconds in ikev2_process_packet() Aug 26 13:30:53.068211: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:53.068218: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:53.068220: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:53.068222: | spent 1.22 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:53.068238: | processing signal PLUTO_SIGCHLD Aug 26 13:30:53.068243: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:53.068245: | spent 0.0043 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:53.068247: | processing signal PLUTO_SIGCHLD Aug 26 13:30:53.068250: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:53.068252: | spent 0.00238 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:02.975487: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:31:02.975558: | expiring aged bare shunts from shunt table Aug 26 13:31:02.975580: | spent 0.0173 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:31:04.789326: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:04.789398: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:31:04.789421: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:04.789451: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:04.789505: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:04.789584: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:04.789607: | spent 0.315 milliseconds in whack Aug 26 13:31:05.118464: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:05.118669: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:05.118676: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:05.118754: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:31:05.118757: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:05.118767: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:05.118782: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:05.118798: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:05.118803: | spent 0.348 milliseconds in whack Aug 26 13:31:05.236875: | kernel_process_msg_cb process netlink message Aug 26 13:31:05.236923: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:31:05.236933: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 13:31:05.236944: | XFRM RTM_DELADDR 192.1.33.222 IFA_LOCAL Aug 26 13:31:05.236950: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:31:05.236966: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:31:05.236979: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:31:05.236991: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1575) Aug 26 13:31:05.236998: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:31:05.237006: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:05.237012: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:05.237018: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:05.237024: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:05.237033: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL Aug 26 13:31:05.237040: | running updown command "ipsec _updown" for verb down Aug 26 13:31:05.237046: | command executing down-client Aug 26 13:31:05.237107: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' Aug 26 13:31:05.237120: | popen cmd is 1120 chars long Aug 26 13:31:05.237127: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Aug 26 13:31:05.237133: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_: Aug 26 13:31:05.237139: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 13:31:05.237145: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Aug 26 13:31:05.237150: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 13:31:05.237163: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:31:05.237169: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:31:05.237174: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_C: Aug 26 13:31:05.237180: | cmd( 640):ONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TR: Aug 26 13:31:05.237185: | cmd( 720):ACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF: Aug 26 13:31:05.237191: | cmd( 800):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=': Aug 26 13:31:05.237196: | cmd( 880):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 13:31:05.237202: | cmd( 960):FG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 13:31:05.237207: | cmd(1040):ING='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2>&1: Aug 26 13:31:05.282144: "road-eastnet"[1] 192.1.2.23 #1: down-client output: restoring resolvconf Aug 26 13:31:05.282184: "road-eastnet"[1] 192.1.2.23 #1: down-client output: Problem in restoring the resolv.conf, as there is no backup file Aug 26 13:31:05.282493: | running updown command "ipsec _updown" for verb unroute Aug 26 13:31:05.282503: | command executing unroute-client Aug 26 13:31:05.282529: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIE Aug 26 13:31:05.282532: | popen cmd is 1123 chars long Aug 26 13:31:05.282535: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 13:31:05.282537: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLU: Aug 26 13:31:05.282539: | cmd( 160):TO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.: Aug 26 13:31:05.282541: | cmd( 240):0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOC: Aug 26 13:31:05.282542: | cmd( 320):OL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_: Aug 26 13:31:05.282544: | cmd( 400):PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:31:05.282546: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:31:05.282548: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826243' PLUT: Aug 26 13:31:05.282550: | cmd( 640):O_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF: Aug 26 13:31:05.282551: | cmd( 720):_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_AD: Aug 26 13:31:05.282553: | cmd( 800):DRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISC: Aug 26 13:31:05.282555: | cmd( 880):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Aug 26 13:31:05.282557: | cmd( 960):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Aug 26 13:31:05.282562: | cmd(1040):OUTING='no' VTI_SHARED='no' SPI_IN=0x2bb6d074 SPI_OUT=0x31ab1270 ipsec _updown 2: Aug 26 13:31:05.282564: | cmd(1120):>&1: Aug 26 13:31:05.293654: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.293676: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.293682: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.293696: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.293712: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:05.295937: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: RTNETLINK answers: Network is unreachable Aug 26 13:31:05.302438: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:31:05.302454: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 13:31:05.302458: | libevent_malloc: new ptr-libevent@0x5579aec42018 size 128 Aug 26 13:31:05.302471: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1577) Aug 26 13:31:05.302475: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:31:05.302477: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:31:05.302478: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:31:05.302483: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:05.302486: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:05.302488: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:05.302490: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:05.302493: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:31:05.302495: | xfrm netlink address change RTM_NEWADDR msg len 80 Aug 26 13:31:05.302498: | XFRM RTM_NEWADDR 192.1.3.209 IFA_LOCAL Aug 26 13:31:05.302499: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:31:05.302503: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:31:05.302507: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:31:05.302510: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1575) Aug 26 13:31:05.302512: | #1 MOBIKE ignore address 192.1.3.209 change pending previous Aug 26 13:31:05.302515: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1577) Aug 26 13:31:05.302517: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:31:05.302519: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:31:05.302520: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:31:05.302523: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:31:05.302525: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:31:05.302527: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:31:05.302529: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:31:05.302532: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:31:05.302533: | xfrm netlink address change RTM_DELADDR msg len 76 Aug 26 13:31:05.302535: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Aug 26 13:31:05.302537: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:31:05.302540: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:31:05.302543: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:31:05.302546: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1575) Aug 26 13:31:05.302549: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1577) Aug 26 13:31:05.302554: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:31:05.302555: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:31:05.302557: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:31:05.302560: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:05.302567: | spent 1.77 milliseconds in kernel message Aug 26 13:31:05.302580: | timer_event_cb: processing event@0x5579aec39ca8 Aug 26 13:31:05.302582: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 13:31:05.302585: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:31:05.302587: | #1 IKEv2 local address change Aug 26 13:31:05.302965: "road-eastnet"[1] 192.1.2.23 #1: unexpected TRY AGAIN from second resolve_defaultroute_one Aug 26 13:31:05.302970: "road-eastnet"[1] 192.1.2.23 #1: no local source address to reach remote 192.1.2.23, local gateway Aug 26 13:31:05.302973: | libevent_free: release ptr-libevent@0x5579aec42018 Aug 26 13:31:05.302975: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x5579aec39ca8 Aug 26 13:31:05.302979: | #1 spent 0.398 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 13:31:05.302982: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:31:05.302984: | processing signal PLUTO_SIGCHLD Aug 26 13:31:05.302989: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:05.302991: | spent 0.00427 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:05.302993: | processing signal PLUTO_SIGCHLD Aug 26 13:31:05.302995: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:05.302998: | spent 0.00238 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:06.221309: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:06.221342: shutting down Aug 26 13:31:06.221363: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:31:06.221368: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:31:06.221369: forgetting secrets Aug 26 13:31:06.221377: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:31:06.221384: | start processing: connection "road-eastnet"[1] 192.1.2.23 (in delete_connection() at connections.c:189) Aug 26 13:31:06.221389: "road-eastnet"[1] 192.1.2.23: deleting connection "road-eastnet"[1] 192.1.2.23 instance with peer 192.1.2.23 {isakmp=#1/ipsec=#2} Aug 26 13:31:06.221392: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:06.221394: | pass 0 Aug 26 13:31:06.221397: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:06.221412: | state #2 Aug 26 13:31:06.221416: | suspend processing: connection "road-eastnet"[1] 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:06.221422: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:06.221425: | pstats #2 ikev2.child deleted completed Aug 26 13:31:06.221430: | #2 spent 3.06 milliseconds in total Aug 26 13:31:06.221436: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:06.221440: "road-eastnet"[1] 192.1.2.23 #2: deleting state (STATE_V2_IPSEC_I) aged 23.046s and sending notification Aug 26 13:31:06.221443: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:31:06.221446: | get_sa_info esp.2bb6d074@192.1.2.23 Aug 26 13:31:06.221461: | get_sa_info esp.31ab1270@192.1.33.222 Aug 26 13:31:06.221467: "road-eastnet"[1] 192.1.2.23 #2: ESP traffic information: in=336B out=336B Aug 26 13:31:06.221471: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:31:06.221473: | Opening output PBS informational exchange delete request Aug 26 13:31:06.221476: | **emit ISAKMP Message: Aug 26 13:31:06.221480: | initiator cookie: Aug 26 13:31:06.221482: | 90 cc e3 db 95 f3 db f8 Aug 26 13:31:06.221484: | responder cookie: Aug 26 13:31:06.221485: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:06.221487: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:06.221489: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:06.221491: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:06.221493: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:31:06.221495: | Message ID: 4 (0x4) Aug 26 13:31:06.221497: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:06.221499: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:06.221501: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:06.221502: | flags: none (0x0) Aug 26 13:31:06.221504: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:06.221506: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:06.221509: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:06.221521: | ****emit IKEv2 Delete Payload: Aug 26 13:31:06.221523: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:06.221525: | flags: none (0x0) Aug 26 13:31:06.221527: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:06.221528: | SPI size: 4 (0x4) Aug 26 13:31:06.221530: | number of SPIs: 1 (0x1) Aug 26 13:31:06.221532: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:06.221534: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:06.221536: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:31:06.221538: | local spis 31 ab 12 70 Aug 26 13:31:06.221539: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:31:06.221541: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:06.221543: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:06.221545: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:06.221547: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:31:06.221549: | emitting length of ISAKMP Message: 69 Aug 26 13:31:06.221574: | sending 69 bytes for delete notification through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #2) Aug 26 13:31:06.221577: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:06.221578: | 2e 20 25 08 00 00 00 04 00 00 00 45 2a 00 00 29 Aug 26 13:31:06.221580: | f0 b6 1d f2 6d 3d cf 98 d7 2a 38 2e 5e 29 6d 95 Aug 26 13:31:06.221581: | f5 91 e0 0a bd ea 3a 2a 37 4e 19 37 6c 07 27 be Aug 26 13:31:06.221583: | 29 ae 14 c2 50 Aug 26 13:31:06.221593: ERROR: "road-eastnet"[1] 192.1.2.23 #2: sendto on eth0 to 192.1.2.23:500 failed in delete notification. Errno 22: Invalid argument Aug 26 13:31:06.221596: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:31:06.221598: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:31:06.221601: | Message ID: sent #1 request 4; ike: initiator.sent=3->4 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1->4 wip.responder=-1 Aug 26 13:31:06.221603: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:06.221606: | libevent_free: release ptr-libevent@0x5579aec3c2e8 Aug 26 13:31:06.221610: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f7fe0002b78 Aug 26 13:31:06.221729: | delete esp.2bb6d074@192.1.2.23 Aug 26 13:31:06.221755: | netlink response for Del SA esp.2bb6d074@192.1.2.23 included non-error error Aug 26 13:31:06.221759: | delete esp.31ab1270@192.1.33.222 Aug 26 13:31:06.221768: | netlink response for Del SA esp.31ab1270@192.1.33.222 included non-error error Aug 26 13:31:06.221778: | stop processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:31:06.221781: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:31:06.221784: | in connection_discard for connection road-eastnet Aug 26 13:31:06.221787: | State DB: deleting IKEv2 state #2 in V2_IPSEC_I Aug 26 13:31:06.221794: | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:31:06.221799: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:06.221808: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:06.221810: | state #1 Aug 26 13:31:06.221824: | pass 1 Aug 26 13:31:06.221826: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:06.221827: | state #1 Aug 26 13:31:06.221831: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:31:06.221833: | pstats #1 ikev2.ike deleted completed Aug 26 13:31:06.221837: | #1 spent 13 milliseconds in total Aug 26 13:31:06.221840: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:31:06.221843: "road-eastnet"[1] 192.1.2.23 #1: deleting state (STATE_PARENT_I3) aged 23.053s and sending notification Aug 26 13:31:06.221845: | parent state #1: PARENT_I3(established IKE SA) => delete Aug 26 13:31:06.221872: | #1 send IKEv2 delete notification for STATE_PARENT_I3 Aug 26 13:31:06.221875: | Opening output PBS informational exchange delete request Aug 26 13:31:06.221877: | **emit ISAKMP Message: Aug 26 13:31:06.221879: | initiator cookie: Aug 26 13:31:06.221881: | 90 cc e3 db 95 f3 db f8 Aug 26 13:31:06.221882: | responder cookie: Aug 26 13:31:06.221884: | a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:06.221885: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:06.221887: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:06.221889: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:06.221891: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:31:06.221892: | Message ID: 5 (0x5) Aug 26 13:31:06.221894: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:06.221896: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:06.221898: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:06.221899: | flags: none (0x0) Aug 26 13:31:06.221902: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:06.221903: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:06.221905: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:06.221913: | ****emit IKEv2 Delete Payload: Aug 26 13:31:06.221915: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:06.221916: | flags: none (0x0) Aug 26 13:31:06.221918: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:31:06.221919: | SPI size: 0 (0x0) Aug 26 13:31:06.221921: | number of SPIs: 0 (0x0) Aug 26 13:31:06.221923: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:06.221925: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:31:06.221927: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:31:06.221928: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:06.221930: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:06.221932: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:06.221936: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:31:06.221937: | emitting length of ISAKMP Message: 65 Aug 26 13:31:06.221947: | sending 65 bytes for delete notification through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Aug 26 13:31:06.221949: | 90 cc e3 db 95 f3 db f8 a0 a2 b5 2d 8b 8e 34 4c Aug 26 13:31:06.221950: | 2e 20 25 08 00 00 00 05 00 00 00 41 2a 00 00 25 Aug 26 13:31:06.221952: | 55 3f 59 c9 9c 90 25 42 e0 f0 ac e2 d5 8c 37 f0 Aug 26 13:31:06.221953: | 67 4c 62 9a 82 d2 b6 3d 65 bd 49 bf de 9e 48 a5 Aug 26 13:31:06.221955: | 3b Aug 26 13:31:06.221961: ERROR: "road-eastnet"[1] 192.1.2.23 #1: sendto on eth0 to 192.1.2.23:500 failed in delete notification. Errno 22: Invalid argument Aug 26 13:31:06.221964: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:31:06.221966: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:31:06.221969: | Message ID: #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?); initiator.sent=5 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=5 wip.responder=-1 Aug 26 13:31:06.221973: | Message ID: sent #1 request 5; ike: initiator.sent=4->5 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=4->5 wip.responder=-1 Aug 26 13:31:06.221975: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:06.221977: | libevent_free: release ptr-libevent@0x7f7fd8000f48 Aug 26 13:31:06.221981: | free_event_entry: release EVENT_SA_REKEY-pe@0x5579aec39b38 Aug 26 13:31:06.221983: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:06.221985: | picked newest_isakmp_sa #0 for #1 Aug 26 13:31:06.221987: "road-eastnet"[1] 192.1.2.23 #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:06.221989: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Aug 26 13:31:06.221991: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:31:06.221994: | in connection_discard for connection road-eastnet Aug 26 13:31:06.221996: | State DB: deleting IKEv2 state #1 in PARENT_I3 Aug 26 13:31:06.221998: | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) Aug 26 13:31:06.222023: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:31:06.222044: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:31:06.222046: ABORT: ASSERTION FAILED: sr->eroute_owner == SOS_NOBODY (in delete_states_by_connection() at state.c:1384)