Aug 26 13:30:43.929010: FIPS Product: YES Aug 26 13:30:43.929128: FIPS Kernel: NO Aug 26 13:30:43.929130: FIPS Mode: NO Aug 26 13:30:43.929132: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:30:43.929245: Initializing NSS Aug 26 13:30:43.929250: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:30:43.955316: NSS initialized Aug 26 13:30:43.955332: NSS crypto library initialized Aug 26 13:30:43.955334: FIPS HMAC integrity support [enabled] Aug 26 13:30:43.955336: FIPS mode disabled for pluto daemon Aug 26 13:30:43.982988: FIPS HMAC integrity verification self-test FAILED Aug 26 13:30:43.983074: libcap-ng support [enabled] Aug 26 13:30:43.983080: Linux audit support [enabled] Aug 26 13:30:43.983099: Linux audit activated Aug 26 13:30:43.983106: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13582 Aug 26 13:30:43.983109: core dump dir: /tmp Aug 26 13:30:43.983111: secrets file: /etc/ipsec.secrets Aug 26 13:30:43.983112: leak-detective enabled Aug 26 13:30:43.983114: NSS crypto [enabled] Aug 26 13:30:43.983115: XAUTH PAM support [enabled] Aug 26 13:30:43.983171: | libevent is using pluto's memory allocator Aug 26 13:30:43.983179: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:30:43.983191: | libevent_malloc: new ptr-libevent@0x5562414ea958 size 40 Aug 26 13:30:43.983195: | libevent_malloc: new ptr-libevent@0x5562414ec3a8 size 40 Aug 26 13:30:43.983197: | libevent_malloc: new ptr-libevent@0x5562414ec328 size 40 Aug 26 13:30:43.983199: | creating event base Aug 26 13:30:43.983202: | libevent_malloc: new ptr-libevent@0x5562414eb128 size 56 Aug 26 13:30:43.983206: | libevent_malloc: new ptr-libevent@0x55624147cf78 size 664 Aug 26 13:30:43.983215: | libevent_malloc: new ptr-libevent@0x55624151c4f8 size 24 Aug 26 13:30:43.983217: | libevent_malloc: new ptr-libevent@0x55624151c548 size 384 Aug 26 13:30:43.983225: | libevent_malloc: new ptr-libevent@0x55624151c4b8 size 16 Aug 26 13:30:43.983227: | libevent_malloc: new ptr-libevent@0x5562414ec2a8 size 40 Aug 26 13:30:43.983229: | libevent_malloc: new ptr-libevent@0x5562414ec228 size 48 Aug 26 13:30:43.983232: | libevent_realloc: new ptr-libevent@0x55624147cc08 size 256 Aug 26 13:30:43.983234: | libevent_malloc: new ptr-libevent@0x55624151c6f8 size 16 Aug 26 13:30:43.983239: | libevent_free: release ptr-libevent@0x5562414eb128 Aug 26 13:30:43.983241: | libevent initialized Aug 26 13:30:43.983244: | libevent_realloc: new ptr-libevent@0x5562414eb128 size 64 Aug 26 13:30:43.983248: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:30:43.983259: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:30:43.983261: NAT-Traversal support [enabled] Aug 26 13:30:43.983263: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:30:43.983268: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:30:43.983271: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:30:43.983303: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:30:43.983308: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:30:43.983310: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:30:43.983360: Encryption algorithms: Aug 26 13:30:43.983366: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:30:43.983369: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:30:43.983371: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:30:43.983373: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:30:43.983376: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:30:43.983382: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:30:43.983400: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:30:43.983402: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:30:43.983404: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:30:43.983407: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:30:43.983409: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:30:43.983411: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:30:43.983413: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:30:43.983416: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:30:43.983418: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:30:43.983420: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:30:43.983422: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:30:43.983427: Hash algorithms: Aug 26 13:30:43.983429: MD5 IKEv1: IKE IKEv2: Aug 26 13:30:43.983430: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:30:43.983433: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:30:43.983434: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:30:43.983436: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:30:43.983445: PRF algorithms: Aug 26 13:30:43.983447: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:30:43.983449: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:30:43.983451: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:30:43.983454: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:30:43.983456: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:30:43.983457: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:30:43.983474: Integrity algorithms: Aug 26 13:30:43.983476: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:30:43.983479: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:30:43.983481: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:30:43.983483: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:30:43.983486: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:30:43.983488: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:30:43.983490: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:30:43.983492: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:30:43.983494: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:30:43.983501: DH algorithms: Aug 26 13:30:43.983503: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:30:43.983505: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:30:43.983507: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:30:43.983511: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:30:43.983513: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:30:43.983515: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:30:43.983516: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:30:43.983518: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:30:43.983520: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:30:43.983522: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:30:43.983524: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:30:43.983526: testing CAMELLIA_CBC: Aug 26 13:30:43.983528: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.983617: Camellia: 16 bytes with 128-bit key Aug 26 13:30:43.983636: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.983655: Camellia: 16 bytes with 256-bit key Aug 26 13:30:43.983672: testing AES_GCM_16: Aug 26 13:30:43.983674: empty string Aug 26 13:30:43.983694: one block Aug 26 13:30:43.983710: two blocks Aug 26 13:30:43.983728: two blocks with associated data Aug 26 13:30:43.983744: testing AES_CTR: Aug 26 13:30:43.983746: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:30:43.983762: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:30:43.983781: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:30:43.983798: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:30:43.983814: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:30:43.983831: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:30:43.983848: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:30:43.983864: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:30:43.983881: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:30:43.983898: testing AES_CBC: Aug 26 13:30:43.983900: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:30:43.983916: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.983933: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.983952: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:30:43.983972: testing AES_XCBC: Aug 26 13:30:43.983974: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:30:43.984052: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:30:43.984181: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:30:43.984262: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:30:43.984353: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:30:43.984433: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:30:43.984512: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:30:43.984680: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:30:43.984761: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:30:43.984855: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:30:43.984998: testing HMAC_MD5: Aug 26 13:30:43.985001: RFC 2104: MD5_HMAC test 1 Aug 26 13:30:43.985109: RFC 2104: MD5_HMAC test 2 Aug 26 13:30:43.985203: RFC 2104: MD5_HMAC test 3 Aug 26 13:30:43.985334: 8 CPU cores online Aug 26 13:30:43.985340: starting up 7 crypto helpers Aug 26 13:30:43.985396: started thread for crypto helper 0 Aug 26 13:30:43.985402: | starting up helper thread 0 Aug 26 13:30:43.985414: started thread for crypto helper 1 Aug 26 13:30:43.985416: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:30:43.985419: | starting up helper thread 1 Aug 26 13:30:43.985420: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:43.985443: | starting up helper thread 2 Aug 26 13:30:43.985449: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:30:43.985454: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:43.985429: started thread for crypto helper 2 Aug 26 13:30:43.985437: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:30:43.985471: | crypto helper 1 waiting (nothing to do) Aug 26 13:30:43.985489: started thread for crypto helper 3 Aug 26 13:30:43.985492: | starting up helper thread 3 Aug 26 13:30:43.985503: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:30:43.985506: | crypto helper 3 waiting (nothing to do) Aug 26 13:30:43.985514: started thread for crypto helper 4 Aug 26 13:30:43.985517: | starting up helper thread 4 Aug 26 13:30:43.985527: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:30:43.985530: | crypto helper 4 waiting (nothing to do) Aug 26 13:30:43.985539: started thread for crypto helper 5 Aug 26 13:30:43.985542: | starting up helper thread 5 Aug 26 13:30:43.985551: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:30:43.985554: | crypto helper 5 waiting (nothing to do) Aug 26 13:30:43.985563: started thread for crypto helper 6 Aug 26 13:30:43.985566: | starting up helper thread 6 Aug 26 13:30:43.985572: | checking IKEv1 state table Aug 26 13:30:43.985573: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:30:43.985583: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985584: | crypto helper 6 waiting (nothing to do) Aug 26 13:30:43.985589: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:30:43.985598: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985601: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:30:43.985604: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.985607: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:30:43.985610: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.985612: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.985615: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.985618: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:30:43.985621: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.985623: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:30:43.985626: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:30:43.985629: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.985632: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.985634: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.985637: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:30:43.985640: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.985642: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.985645: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:30:43.985648: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:30:43.985651: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985654: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:30:43.985656: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985659: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985662: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:30:43.985665: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985668: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.985670: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:30:43.985674: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:30:43.985677: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.985679: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:30:43.985682: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:30:43.985685: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985688: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.985690: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985693: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:30:43.985696: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:30:43.985702: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:30:43.985706: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:30:43.985709: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:30:43.985711: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:30:43.985714: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:30:43.985717: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985720: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:30:43.985723: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985726: | INFO: category: informational flags: 0: Aug 26 13:30:43.985729: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985732: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:30:43.985735: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985737: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:30:43.985740: | -> XAUTH_R1 EVENT_NULL Aug 26 13:30:43.985743: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.985745: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:30:43.985748: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:30:43.985750: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:30:43.985753: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:30:43.985755: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:30:43.985758: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.985760: | -> UNDEFINED EVENT_NULL Aug 26 13:30:43.985763: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.985765: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:30:43.985768: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.985771: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:30:43.985773: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:30:43.985776: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:30:43.985781: | checking IKEv2 state table Aug 26 13:30:43.985788: | PARENT_I0: category: ignore flags: 0: Aug 26 13:30:43.985791: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:30:43.985794: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985798: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:30:43.985801: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:30:43.985804: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:30:43.985806: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:30:43.985809: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:30:43.985813: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:30:43.985815: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:30:43.985818: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:30:43.985821: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:30:43.985824: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:30:43.985827: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:30:43.985829: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:30:43.985832: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:30:43.985834: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985837: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:30:43.985840: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:30:43.985843: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:30:43.985845: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:30:43.985848: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:30:43.985851: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:30:43.985856: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:30:43.985859: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:30:43.985862: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:30:43.985865: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.985868: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:30:43.985870: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.985873: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:30:43.985876: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.985879: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.985882: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:30:43.985885: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:30:43.985888: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:30:43.985891: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:30:43.985894: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:30:43.985897: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.985900: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:30:43.985903: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:30:43.985905: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:30:43.985908: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:30:43.985911: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:30:43.985913: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:30:43.985915: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:30:43.985917: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:30:43.985919: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:30:43.985928: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:30:43.985969: | Hard-wiring algorithms Aug 26 13:30:43.985972: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:30:43.985975: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:30:43.985976: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:30:43.985978: | adding 3DES_CBC to kernel algorithm db Aug 26 13:30:43.985980: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:30:43.985982: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:30:43.985983: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:30:43.985985: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:30:43.985986: | adding AES_CTR to kernel algorithm db Aug 26 13:30:43.985988: | adding AES_CBC to kernel algorithm db Aug 26 13:30:43.985990: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:30:43.985992: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:30:43.985993: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:30:43.985995: | adding NULL to kernel algorithm db Aug 26 13:30:43.985997: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:30:43.985999: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:30:43.986000: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:30:43.986002: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:30:43.986004: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:30:43.986005: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:30:43.986007: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:30:43.986009: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:30:43.986010: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:30:43.986012: | adding NONE to kernel algorithm db Aug 26 13:30:43.986033: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:30:43.986038: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:30:43.986040: | setup kernel fd callback Aug 26 13:30:43.986042: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55624151bf18 Aug 26 13:30:43.986045: | libevent_malloc: new ptr-libevent@0x55624151a728 size 128 Aug 26 13:30:43.986047: | libevent_malloc: new ptr-libevent@0x556241521918 size 16 Aug 26 13:30:43.986053: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x556241521c88 Aug 26 13:30:43.986055: | libevent_malloc: new ptr-libevent@0x5562414f0048 size 128 Aug 26 13:30:43.986056: | libevent_malloc: new ptr-libevent@0x556241522238 size 16 Aug 26 13:30:43.986242: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:30:43.986252: selinux support is enabled. Aug 26 13:30:43.986496: | unbound context created - setting debug level to 5 Aug 26 13:30:43.986520: | /etc/hosts lookups activated Aug 26 13:30:43.986531: | /etc/resolv.conf usage activated Aug 26 13:30:43.986596: | outgoing-port-avoid set 0-65535 Aug 26 13:30:43.986626: | outgoing-port-permit set 32768-60999 Aug 26 13:30:43.986630: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:30:43.986633: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:30:43.986637: | Setting up events, loop start Aug 26 13:30:43.986640: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x556241522128 Aug 26 13:30:43.986643: | libevent_malloc: new ptr-libevent@0x55624152e008 size 128 Aug 26 13:30:43.986647: | libevent_malloc: new ptr-libevent@0x5562415392d8 size 16 Aug 26 13:30:43.986652: | libevent_realloc: new ptr-libevent@0x556241539318 size 256 Aug 26 13:30:43.986655: | libevent_malloc: new ptr-libevent@0x556241539448 size 8 Aug 26 13:30:43.986658: | libevent_realloc: new ptr-libevent@0x556241539488 size 144 Aug 26 13:30:43.986661: | libevent_malloc: new ptr-libevent@0x55624147d8e8 size 152 Aug 26 13:30:43.986665: | libevent_malloc: new ptr-libevent@0x556241539548 size 16 Aug 26 13:30:43.986669: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:30:43.986672: | libevent_malloc: new ptr-libevent@0x556241539588 size 8 Aug 26 13:30:43.986675: | libevent_malloc: new ptr-libevent@0x5562415395c8 size 152 Aug 26 13:30:43.986678: | signal event handler PLUTO_SIGTERM installed Aug 26 13:30:43.986680: | libevent_malloc: new ptr-libevent@0x556241539698 size 8 Aug 26 13:30:43.986683: | libevent_malloc: new ptr-libevent@0x5562415396d8 size 152 Aug 26 13:30:43.986686: | signal event handler PLUTO_SIGHUP installed Aug 26 13:30:43.986689: | libevent_malloc: new ptr-libevent@0x5562415397a8 size 8 Aug 26 13:30:43.986692: | libevent_realloc: release ptr-libevent@0x556241539488 Aug 26 13:30:43.986695: | libevent_realloc: new ptr-libevent@0x5562415397e8 size 256 Aug 26 13:30:43.986698: | libevent_malloc: new ptr-libevent@0x556241539918 size 152 Aug 26 13:30:43.986701: | signal event handler PLUTO_SIGSYS installed Aug 26 13:30:43.987035: | created addconn helper (pid:13762) using fork+execve Aug 26 13:30:43.987050: | forked child 13762 Aug 26 13:30:43.987101: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:43.987117: listening for IKE messages Aug 26 13:30:43.987177: | Inspecting interface lo Aug 26 13:30:43.987185: | found lo with address 127.0.0.1 Aug 26 13:30:43.987188: | Inspecting interface eth0 Aug 26 13:30:43.987193: | found eth0 with address 192.1.3.209 Aug 26 13:30:43.987271: Kernel supports NIC esp-hw-offload Aug 26 13:30:43.987285: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Aug 26 13:30:43.987340: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.987349: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.987354: adding interface eth0/eth0 192.1.3.209:4500 Aug 26 13:30:43.987397: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:30:43.987454: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:30:43.987459: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:30:43.987464: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:30:43.987560: | no interfaces to sort Aug 26 13:30:43.987565: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:30:43.987572: | add_fd_read_event_handler: new ethX-pe@0x556241539c88 Aug 26 13:30:43.987576: | libevent_malloc: new ptr-libevent@0x55624152df58 size 128 Aug 26 13:30:43.987580: | libevent_malloc: new ptr-libevent@0x556241539cf8 size 16 Aug 26 13:30:43.987586: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:30:43.987590: | add_fd_read_event_handler: new ethX-pe@0x556241539d38 Aug 26 13:30:43.987594: | libevent_malloc: new ptr-libevent@0x5562414f00f8 size 128 Aug 26 13:30:43.987597: | libevent_malloc: new ptr-libevent@0x556241539da8 size 16 Aug 26 13:30:43.987602: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:30:43.987605: | add_fd_read_event_handler: new ethX-pe@0x556241539de8 Aug 26 13:30:43.987609: | libevent_malloc: new ptr-libevent@0x5562414f1328 size 128 Aug 26 13:30:43.987611: | libevent_malloc: new ptr-libevent@0x556241539e58 size 16 Aug 26 13:30:43.987616: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:30:43.987619: | add_fd_read_event_handler: new ethX-pe@0x556241539e98 Aug 26 13:30:43.987623: | libevent_malloc: new ptr-libevent@0x5562414ead28 size 128 Aug 26 13:30:43.987626: | libevent_malloc: new ptr-libevent@0x556241539f08 size 16 Aug 26 13:30:43.987630: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:30:43.987634: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:43.987637: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:43.987654: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:43.987680: | Processing PSK at line 1: passed Aug 26 13:30:43.987684: | certs and keys locked by 'process_secret' Aug 26 13:30:43.987686: | certs and keys unlocked by 'process_secret' Aug 26 13:30:43.987694: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:43.987700: | spent 0.604 milliseconds in whack Aug 26 13:30:44.011725: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.011757: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.011762: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:44.011765: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.011767: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:44.011772: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.011776: Failed to add connection "clear": shunt connection cannot have authentication method other then authby=never Aug 26 13:30:44.011786: | flush revival: connection 'clear' wasn't on the list Aug 26 13:30:44.011790: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:30:44.011806: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.011815: | spent 0.0978 milliseconds in whack Aug 26 13:30:44.011828: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.011837: listening for IKE messages Aug 26 13:30:44.011873: | Inspecting interface lo Aug 26 13:30:44.011881: | found lo with address 127.0.0.1 Aug 26 13:30:44.011885: | Inspecting interface eth0 Aug 26 13:30:44.011889: | found eth0 with address 192.1.3.209 Aug 26 13:30:44.011953: | no interfaces to sort Aug 26 13:30:44.011963: | libevent_free: release ptr-libevent@0x55624152df58 Aug 26 13:30:44.011967: | free_event_entry: release EVENT_NULL-pe@0x556241539c88 Aug 26 13:30:44.011971: | add_fd_read_event_handler: new ethX-pe@0x556241539c88 Aug 26 13:30:44.011975: | libevent_malloc: new ptr-libevent@0x55624152df58 size 128 Aug 26 13:30:44.011983: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:30:44.011988: | libevent_free: release ptr-libevent@0x5562414f00f8 Aug 26 13:30:44.011996: | free_event_entry: release EVENT_NULL-pe@0x556241539d38 Aug 26 13:30:44.011999: | add_fd_read_event_handler: new ethX-pe@0x556241539d38 Aug 26 13:30:44.012002: | libevent_malloc: new ptr-libevent@0x5562414f00f8 size 128 Aug 26 13:30:44.012008: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:30:44.012013: | libevent_free: release ptr-libevent@0x5562414f1328 Aug 26 13:30:44.012015: | free_event_entry: release EVENT_NULL-pe@0x556241539de8 Aug 26 13:30:44.012018: | add_fd_read_event_handler: new ethX-pe@0x556241539de8 Aug 26 13:30:44.012021: | libevent_malloc: new ptr-libevent@0x5562414f1328 size 128 Aug 26 13:30:44.012026: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:30:44.012031: | libevent_free: release ptr-libevent@0x5562414ead28 Aug 26 13:30:44.012033: | free_event_entry: release EVENT_NULL-pe@0x556241539e98 Aug 26 13:30:44.012036: | add_fd_read_event_handler: new ethX-pe@0x556241539e98 Aug 26 13:30:44.012039: | libevent_malloc: new ptr-libevent@0x5562414ead28 size 128 Aug 26 13:30:44.012044: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:30:44.012048: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:30:44.012050: forgetting secrets Aug 26 13:30:44.012059: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:30:44.012073: loading secrets from "/etc/ipsec.secrets" Aug 26 13:30:44.012082: | Processing PSK at line 1: passed Aug 26 13:30:44.012086: | certs and keys locked by 'process_secret' Aug 26 13:30:44.012089: | certs and keys unlocked by 'process_secret' Aug 26 13:30:44.012098: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.012104: | spent 0.28 milliseconds in whack Aug 26 13:30:44.012125: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.012134: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.012137: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:44.012147: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.012152: | spent 0.0309 milliseconds in whack Aug 26 13:30:44.012576: | processing signal PLUTO_SIGCHLD Aug 26 13:30:44.012595: | waitpid returned pid 13762 (exited with status 0) Aug 26 13:30:44.012601: | reaped addconn helper child (status 0) Aug 26 13:30:44.012606: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:44.012611: | spent 0.0221 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.066479: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.066500: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.066503: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:44.066505: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.066506: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:30:44.066509: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.066568: | Added new connection road-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:44.066636: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:30:44.066639: | from whack: got --esp=aes256-sha2 Aug 26 13:30:44.066662: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 13:30:44.066666: | counting wild cards for (none) is 15 Aug 26 13:30:44.066672: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:30:44.066678: | based upon policy narrowing=yes, the connection is a template. Aug 26 13:30:44.066685: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:30:44.066693: | new hp@0x55624153bde8 Aug 26 13:30:44.066699: added connection description "road-eastnet" Aug 26 13:30:44.066709: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 13:30:44.066719: | 192.1.3.209[+MC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>===0.0.0.0/0 Aug 26 13:30:44.066726: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.066732: | spent 0.261 milliseconds in whack Aug 26 13:30:44.180073: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:44.180108: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 13:30:44.180112: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:30:44.180117: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 13:30:44.180131: | find_host_pair: comparing 192.1.3.209:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:30:44.180136: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@0x55624153bde8: road-eastnet Aug 26 13:30:44.180139: | connection 'road-eastnet' +POLICY_UP Aug 26 13:30:44.180143: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 13:30:44.180146: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:30:44.180162: | creating state object #1 at 0x55624153c5b8 Aug 26 13:30:44.180166: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:30:44.180174: | pstats #1 ikev2.ike started Aug 26 13:30:44.180177: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:30:44.180181: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:30:44.180186: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:44.180193: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:44.180200: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:30:44.180203: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:30:44.180209: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 IKE SA #1 "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:44.180214: "road-eastnet"[1] 192.1.2.23 #1: initiating v2 parent SA Aug 26 13:30:44.180226: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Aug 26 13:30:44.180237: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:44.180245: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.180249: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:44.180255: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.180259: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:44.180264: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.180268: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:30:44.180273: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.180293: "road-eastnet"[1] 192.1.2.23: constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.180304: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:30:44.180308: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55624153ed28 Aug 26 13:30:44.180312: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:44.180316: | libevent_malloc: new ptr-libevent@0x5562414eae28 size 128 Aug 26 13:30:44.180329: | #1 spent 0.207 milliseconds in ikev2_parent_outI1() Aug 26 13:30:44.180331: | crypto helper 0 resuming Aug 26 13:30:44.180333: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:44.180345: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:30:44.180353: | RESET processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:44.180354: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:30:44.180359: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:30:44.180368: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:30:44.180372: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 13:30:44.180376: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:44.180380: | spent 0.321 milliseconds in whack Aug 26 13:30:44.180995: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000641 seconds Aug 26 13:30:44.181005: | (#1) spent 0.647 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:30:44.181008: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:30:44.181012: | scheduling resume sending helper answer for #1 Aug 26 13:30:44.181016: | libevent_malloc: new ptr-libevent@0x7fb894002888 size 128 Aug 26 13:30:44.181023: | crypto helper 0 waiting (nothing to do) Aug 26 13:30:44.181031: | processing resume sending helper answer for #1 Aug 26 13:30:44.181041: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:44.181045: | crypto helper 0 replies to request ID 1 Aug 26 13:30:44.181048: | calling continuation function 0x5562411c4b50 Aug 26 13:30:44.181050: | ikev2_parent_outI1_continue for #1 Aug 26 13:30:44.181097: | **emit ISAKMP Message: Aug 26 13:30:44.181101: | initiator cookie: Aug 26 13:30:44.181104: | ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.181106: | responder cookie: Aug 26 13:30:44.181109: | 00 00 00 00 00 00 00 00 Aug 26 13:30:44.181112: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:44.181115: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:44.181118: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:44.181121: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:44.181124: | Message ID: 0 (0x0) Aug 26 13:30:44.181127: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:44.181142: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.181148: | Emitting ikev2_proposals ... Aug 26 13:30:44.181151: | ***emit IKEv2 Security Association Payload: Aug 26 13:30:44.181154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.181157: | flags: none (0x0) Aug 26 13:30:44.181161: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:44.181164: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.181167: | discarding INTEG=NONE Aug 26 13:30:44.181170: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.181173: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181175: | prop #: 1 (0x1) Aug 26 13:30:44.181178: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:44.181180: | spi size: 0 (0x0) Aug 26 13:30:44.181183: | # transforms: 11 (0xb) Aug 26 13:30:44.181186: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:44.181189: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181194: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.181197: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:44.181200: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181203: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.181206: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.181208: | length/value: 256 (0x100) Aug 26 13:30:44.181211: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:44.181214: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181219: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181222: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:44.181225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181234: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181239: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181241: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:44.181244: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181247: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181250: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181252: | discarding INTEG=NONE Aug 26 13:30:44.181254: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181260: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181264: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.181267: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181273: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181276: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181283: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:44.181286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181295: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181298: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181301: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181304: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181306: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181309: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:44.181312: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181315: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181318: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181320: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181323: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181328: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:44.181331: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181334: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181337: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181339: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181342: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181345: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181347: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:44.181350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181356: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181359: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181364: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181367: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:44.181370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181375: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181380: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:44.181390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181398: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181401: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.181404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181406: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:44.181409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181415: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181417: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:44.181421: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:44.181423: | discarding INTEG=NONE Aug 26 13:30:44.181426: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.181429: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181431: | prop #: 2 (0x2) Aug 26 13:30:44.181434: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:44.181436: | spi size: 0 (0x0) Aug 26 13:30:44.181439: | # transforms: 11 (0xb) Aug 26 13:30:44.181442: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181445: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:44.181448: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181453: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.181456: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:44.181459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181462: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.181464: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.181467: | length/value: 128 (0x80) Aug 26 13:30:44.181470: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:44.181472: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181477: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181480: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:44.181483: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181486: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181489: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181491: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181496: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181499: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:44.181504: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181510: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181512: | discarding INTEG=NONE Aug 26 13:30:44.181515: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181523: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.181526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181531: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181534: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181542: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:44.181545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181553: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181558: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181561: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:44.181564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181570: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181572: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181577: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181580: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:44.181583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181589: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181591: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181596: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181599: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:44.181602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181608: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181610: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181619: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:44.181622: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181628: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181631: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181633: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181638: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:44.181641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181647: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181650: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181652: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.181655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181658: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:44.181661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181666: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181669: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:30:44.181672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:44.181675: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.181677: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181680: | prop #: 3 (0x3) Aug 26 13:30:44.181683: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:44.181685: | spi size: 0 (0x0) Aug 26 13:30:44.181688: | # transforms: 13 (0xd) Aug 26 13:30:44.181691: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181694: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:44.181697: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181699: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181702: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.181704: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:44.181707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181710: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.181713: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.181715: | length/value: 256 (0x100) Aug 26 13:30:44.181718: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:44.181721: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181723: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181726: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181728: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:44.181732: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181741: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181744: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181746: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181749: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.181752: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:44.181755: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181757: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181760: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181763: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181768: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.181771: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:44.181774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181779: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181782: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181784: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181787: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.181790: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:44.181793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181798: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181809: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.181812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181817: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181820: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181825: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181828: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:44.181831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181836: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181839: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181841: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181848: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:44.181851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181857: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181859: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181864: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181867: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:44.181870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181875: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181878: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181883: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181886: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:44.181889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181894: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181904: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:44.181908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181913: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181921: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181923: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:44.181927: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181932: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181935: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181937: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.181940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.181943: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:44.181946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181951: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.181955: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:44.181958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:44.181960: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.181963: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:44.181965: | prop #: 4 (0x4) Aug 26 13:30:44.181968: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:44.181970: | spi size: 0 (0x0) Aug 26 13:30:44.181973: | # transforms: 13 (0xd) Aug 26 13:30:44.181976: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:30:44.181979: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:44.181982: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.181984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.181987: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.181990: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:44.181992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.181995: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.181998: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.182000: | length/value: 128 (0x80) Aug 26 13:30:44.182003: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:44.182006: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182008: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182011: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.182014: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:44.182017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182023: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182031: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.182033: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:30:44.182036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182050: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.182052: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:30:44.182055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182058: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182061: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182064: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182069: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.182071: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:44.182075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182081: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182084: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182089: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182092: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.182095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182100: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182103: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182108: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182111: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:30:44.182114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182117: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182119: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182122: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182130: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:30:44.182133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182138: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182141: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182146: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182148: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:30:44.182152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182157: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182160: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182165: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182168: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:30:44.182171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182176: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182179: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182187: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:30:44.182191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182196: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182199: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182206: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:30:44.182209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182215: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182218: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.182220: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.182223: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.182225: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:30:44.182228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.182231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.182234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.182237: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:30:44.182240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:44.182242: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:30:44.182245: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:44.182248: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:30:44.182251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.182254: | flags: none (0x0) Aug 26 13:30:44.182256: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.182260: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:30:44.182262: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.182266: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:30:44.182269: | ikev2 g^x 7f ac f0 e1 fc 81 29 b8 de 26 13 a9 b1 26 af ac Aug 26 13:30:44.182271: | ikev2 g^x 5d 20 03 32 0e 17 a0 1c ca 42 7a d6 3f e8 93 a6 Aug 26 13:30:44.182274: | ikev2 g^x b7 13 dc b4 71 95 fb c6 20 f8 e5 e3 c2 22 89 ef Aug 26 13:30:44.182277: | ikev2 g^x 77 97 8c 33 34 75 4d 02 78 6e 56 f8 63 4e 9d 8b Aug 26 13:30:44.182279: | ikev2 g^x 9d eb 4f 40 30 b8 e5 48 9a b5 0b ce 9b 22 78 41 Aug 26 13:30:44.182282: | ikev2 g^x fe 41 46 b1 a6 6e 2b 65 90 30 5e 7d 65 e3 8c 3c Aug 26 13:30:44.182284: | ikev2 g^x 7e 0e 9a fd 47 c1 1b 6f 3a 08 7f c1 c4 11 0d f9 Aug 26 13:30:44.182287: | ikev2 g^x 69 7b 37 67 12 fe bf 7e 6b 64 9a a8 09 ef f3 d7 Aug 26 13:30:44.182293: | ikev2 g^x da 33 e2 fb 4e cd 11 d6 84 d5 49 62 b6 32 33 ff Aug 26 13:30:44.182295: | ikev2 g^x 71 5a ef 90 5c 5f 00 05 77 d4 29 9f b7 c4 96 67 Aug 26 13:30:44.182298: | ikev2 g^x 93 41 57 68 3a a9 cf c7 33 b1 e0 d4 91 ee 78 5f Aug 26 13:30:44.182302: | ikev2 g^x 0b 9d 00 b8 5f 2a 2c a2 39 4b 2c 02 d8 90 3f 01 Aug 26 13:30:44.182305: | ikev2 g^x 57 9e 35 14 37 37 e3 52 03 60 62 92 1d 16 5f 8d Aug 26 13:30:44.182308: | ikev2 g^x 90 08 ba 64 67 45 0d dd 17 27 c0 31 07 8f 15 d7 Aug 26 13:30:44.182310: | ikev2 g^x c2 1b 01 94 96 74 b9 6c b3 2a 7b 05 14 5d f6 3d Aug 26 13:30:44.182313: | ikev2 g^x 5d ba 48 e0 f8 59 49 58 d0 78 1a 10 58 71 3e 66 Aug 26 13:30:44.182315: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:30:44.182318: | ***emit IKEv2 Nonce Payload: Aug 26 13:30:44.182322: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:44.182325: | flags: none (0x0) Aug 26 13:30:44.182328: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:30:44.182331: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:30:44.182334: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.182337: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:30:44.182340: | IKEv2 nonce 72 84 7b 88 71 f1 fd 16 5f 36 73 8c 00 c0 6e 88 Aug 26 13:30:44.182342: | IKEv2 nonce 9f b4 af 70 25 27 5a ce 1f aa 6e c3 a4 12 ca 8a Aug 26 13:30:44.182345: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:30:44.182348: | Adding a v2N Payload Aug 26 13:30:44.182350: | ***emit IKEv2 Notify Payload: Aug 26 13:30:44.182353: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.182356: | flags: none (0x0) Aug 26 13:30:44.182358: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.182361: | SPI size: 0 (0x0) Aug 26 13:30:44.182364: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:44.182367: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:44.182370: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.182372: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:44.182376: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:30:44.182379: | natd_hash: rcookie is zero Aug 26 13:30:44.182392: | natd_hash: hasher=0x556241299800(20) Aug 26 13:30:44.182395: | natd_hash: icookie= ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.182397: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:44.182400: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:44.182402: | natd_hash: port=500 Aug 26 13:30:44.182405: | natd_hash: hash= ea 7a a6 ce fa 5d fa 86 73 c8 66 25 77 cd f0 58 Aug 26 13:30:44.182408: | natd_hash: hash= 4b c9 b6 9e Aug 26 13:30:44.182410: | Adding a v2N Payload Aug 26 13:30:44.182413: | ***emit IKEv2 Notify Payload: Aug 26 13:30:44.182415: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.182418: | flags: none (0x0) Aug 26 13:30:44.182420: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.182423: | SPI size: 0 (0x0) Aug 26 13:30:44.182426: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:44.182429: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:44.182431: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.182434: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:44.182437: | Notify data ea 7a a6 ce fa 5d fa 86 73 c8 66 25 77 cd f0 58 Aug 26 13:30:44.182440: | Notify data 4b c9 b6 9e Aug 26 13:30:44.182442: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:44.182445: | natd_hash: rcookie is zero Aug 26 13:30:44.182451: | natd_hash: hasher=0x556241299800(20) Aug 26 13:30:44.182453: | natd_hash: icookie= ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.182456: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:30:44.182460: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:44.182462: | natd_hash: port=500 Aug 26 13:30:44.182465: | natd_hash: hash= 6b c0 4f b4 73 a4 b5 e0 3e 41 a8 ad e0 84 89 4d Aug 26 13:30:44.182467: | natd_hash: hash= 95 11 6f 5c Aug 26 13:30:44.182470: | Adding a v2N Payload Aug 26 13:30:44.182472: | ***emit IKEv2 Notify Payload: Aug 26 13:30:44.182475: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.182477: | flags: none (0x0) Aug 26 13:30:44.182480: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.182482: | SPI size: 0 (0x0) Aug 26 13:30:44.182485: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:44.182488: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:44.182491: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.182494: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:30:44.182497: | Notify data 6b c0 4f b4 73 a4 b5 e0 3e 41 a8 ad e0 84 89 4d Aug 26 13:30:44.182499: | Notify data 95 11 6f 5c Aug 26 13:30:44.182502: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:30:44.182504: | emitting length of ISAKMP Message: 828 Aug 26 13:30:44.182512: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:30:44.182523: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:44.182527: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:30:44.182530: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:30:44.182534: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:30:44.182537: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:30:44.182540: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:30:44.182545: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:44.182549: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:44.182559: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:30:44.182568: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:30:44.182571: | ff 33 a9 82 41 3c bd 50 00 00 00 00 00 00 00 00 Aug 26 13:30:44.182574: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:30:44.182576: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:30:44.182579: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:30:44.182582: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:30:44.182585: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:30:44.182587: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:30:44.182589: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:30:44.182592: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:30:44.182594: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:30:44.182597: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:30:44.182599: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:30:44.182602: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:30:44.182604: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:30:44.182607: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:30:44.182609: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:30:44.182612: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:30:44.182614: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:30:44.182616: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:30:44.182620: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:30:44.182623: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:30:44.182625: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:30:44.182628: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:30:44.182630: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:30:44.182633: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:30:44.182635: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:30:44.182638: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:30:44.182640: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:30:44.182642: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:30:44.182645: | 28 00 01 08 00 0e 00 00 7f ac f0 e1 fc 81 29 b8 Aug 26 13:30:44.182647: | de 26 13 a9 b1 26 af ac 5d 20 03 32 0e 17 a0 1c Aug 26 13:30:44.182650: | ca 42 7a d6 3f e8 93 a6 b7 13 dc b4 71 95 fb c6 Aug 26 13:30:44.182652: | 20 f8 e5 e3 c2 22 89 ef 77 97 8c 33 34 75 4d 02 Aug 26 13:30:44.182655: | 78 6e 56 f8 63 4e 9d 8b 9d eb 4f 40 30 b8 e5 48 Aug 26 13:30:44.182657: | 9a b5 0b ce 9b 22 78 41 fe 41 46 b1 a6 6e 2b 65 Aug 26 13:30:44.182660: | 90 30 5e 7d 65 e3 8c 3c 7e 0e 9a fd 47 c1 1b 6f Aug 26 13:30:44.182662: | 3a 08 7f c1 c4 11 0d f9 69 7b 37 67 12 fe bf 7e Aug 26 13:30:44.182665: | 6b 64 9a a8 09 ef f3 d7 da 33 e2 fb 4e cd 11 d6 Aug 26 13:30:44.182667: | 84 d5 49 62 b6 32 33 ff 71 5a ef 90 5c 5f 00 05 Aug 26 13:30:44.182670: | 77 d4 29 9f b7 c4 96 67 93 41 57 68 3a a9 cf c7 Aug 26 13:30:44.182672: | 33 b1 e0 d4 91 ee 78 5f 0b 9d 00 b8 5f 2a 2c a2 Aug 26 13:30:44.182675: | 39 4b 2c 02 d8 90 3f 01 57 9e 35 14 37 37 e3 52 Aug 26 13:30:44.182677: | 03 60 62 92 1d 16 5f 8d 90 08 ba 64 67 45 0d dd Aug 26 13:30:44.182679: | 17 27 c0 31 07 8f 15 d7 c2 1b 01 94 96 74 b9 6c Aug 26 13:30:44.182682: | b3 2a 7b 05 14 5d f6 3d 5d ba 48 e0 f8 59 49 58 Aug 26 13:30:44.182684: | d0 78 1a 10 58 71 3e 66 29 00 00 24 72 84 7b 88 Aug 26 13:30:44.182687: | 71 f1 fd 16 5f 36 73 8c 00 c0 6e 88 9f b4 af 70 Aug 26 13:30:44.182689: | 25 27 5a ce 1f aa 6e c3 a4 12 ca 8a 29 00 00 08 Aug 26 13:30:44.182692: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ea 7a a6 ce Aug 26 13:30:44.182694: | fa 5d fa 86 73 c8 66 25 77 cd f0 58 4b c9 b6 9e Aug 26 13:30:44.182697: | 00 00 00 1c 00 00 40 05 6b c0 4f b4 73 a4 b5 e0 Aug 26 13:30:44.182699: | 3e 41 a8 ad e0 84 89 4d 95 11 6f 5c Aug 26 13:30:44.182799: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:44.182805: | libevent_free: release ptr-libevent@0x5562414eae28 Aug 26 13:30:44.182808: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55624153ed28 Aug 26 13:30:44.182811: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:44.182815: | event_schedule: new EVENT_RETRANSMIT-pe@0x55624153ed28 Aug 26 13:30:44.182819: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:30:44.182822: | libevent_malloc: new ptr-libevent@0x5562414eae28 size 128 Aug 26 13:30:44.182828: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.925281 Aug 26 13:30:44.182832: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:30:44.182837: | #1 spent 1.71 milliseconds in resume sending helper answer Aug 26 13:30:44.182843: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:44.182846: | libevent_free: release ptr-libevent@0x7fb894002888 Aug 26 13:30:44.185242: | spent 0.00203 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:44.185261: | *received 432 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:30:44.185265: | ff 33 a9 82 41 3c bd 50 c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.185270: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:30:44.185272: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:30:44.185275: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:30:44.185277: | 04 00 00 0e 28 00 01 08 00 0e 00 00 3d c7 10 24 Aug 26 13:30:44.185280: | 19 3c f3 ba ff 46 b2 22 c2 ca a6 25 e8 f9 ca 3e Aug 26 13:30:44.185282: | 1b c5 f4 07 89 8d 04 3f 0f 7e 69 f7 a0 ff bc 41 Aug 26 13:30:44.185284: | d3 10 18 2d 27 48 f3 8c c0 12 ad 96 39 cb 19 69 Aug 26 13:30:44.185287: | 7f 39 43 52 c6 b9 92 28 e7 b4 08 1b a9 c0 e0 88 Aug 26 13:30:44.185303: | 6f ed ff 4c 59 8c 04 f7 12 af 1a 93 98 4e 10 a2 Aug 26 13:30:44.185305: | 61 fe f3 5f ea 29 e5 32 8e 0e 12 fb 38 0d 9e 69 Aug 26 13:30:44.185308: | 20 4e 9d 0f 6b ae de f0 c3 b7 3e f2 db 71 6c b1 Aug 26 13:30:44.185310: | 68 ac 2c 06 03 06 62 ef 4b 23 b5 eb 9c 45 d9 81 Aug 26 13:30:44.185313: | 9e 0d f7 02 f8 83 6b 81 11 e7 48 98 aa e4 fa b9 Aug 26 13:30:44.185315: | 09 bb 6a 5f 05 56 2d 14 95 8f 65 b2 3e 8f 8e de Aug 26 13:30:44.185317: | c2 77 d3 86 86 d5 45 e8 87 7f 33 ce ca 51 5c 60 Aug 26 13:30:44.185320: | 3d f4 9b 93 36 6e 26 c5 94 4b 1c d6 f8 e1 8b 71 Aug 26 13:30:44.185322: | 81 8c 99 eb cb 55 56 de f7 39 f3 08 a0 ba 80 3d Aug 26 13:30:44.185325: | bb 3a 2d a6 2b bb e0 3a e0 9d 72 79 cd 2f fc 03 Aug 26 13:30:44.185327: | 99 3d b0 fa fa 50 d1 f4 4b 2f cb 79 f4 dc a5 9e Aug 26 13:30:44.185329: | bb 73 24 52 4d 67 02 37 06 2b ee f0 29 00 00 24 Aug 26 13:30:44.185332: | 5e 35 0a de f8 3f 41 2d cc 31 ec 35 71 83 ee e7 Aug 26 13:30:44.185334: | 56 40 63 d1 20 3e 53 c1 bb b5 a9 7a 30 8b 72 fe Aug 26 13:30:44.185337: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:30:44.185339: | 13 56 de 43 6e ba e5 84 c2 7e 70 cc 79 e6 24 f4 Aug 26 13:30:44.185341: | 0c 38 f6 23 00 00 00 1c 00 00 40 05 fe 61 97 1a Aug 26 13:30:44.185344: | 4c 15 4b 61 c4 e8 c9 8c 48 4f 32 e3 18 66 aa 20 Aug 26 13:30:44.185348: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:30:44.185352: | **parse ISAKMP Message: Aug 26 13:30:44.185355: | initiator cookie: Aug 26 13:30:44.185357: | ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.185359: | responder cookie: Aug 26 13:30:44.185362: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.185365: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:44.185367: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:44.185370: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:30:44.185373: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:44.185376: | Message ID: 0 (0x0) Aug 26 13:30:44.185378: | length: 432 (0x1b0) Aug 26 13:30:44.185381: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:30:44.185384: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:30:44.185388: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:30:44.185395: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:44.185400: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:44.185403: | #1 is idle Aug 26 13:30:44.185405: | #1 idle Aug 26 13:30:44.185408: | unpacking clear payload Aug 26 13:30:44.185411: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:44.185413: | ***parse IKEv2 Security Association Payload: Aug 26 13:30:44.185416: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:30:44.185419: | flags: none (0x0) Aug 26 13:30:44.185421: | length: 40 (0x28) Aug 26 13:30:44.185424: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:30:44.185426: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:30:44.185429: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:30:44.185433: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:30:44.185436: | flags: none (0x0) Aug 26 13:30:44.185438: | length: 264 (0x108) Aug 26 13:30:44.185441: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.185443: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:30:44.185446: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:30:44.185448: | ***parse IKEv2 Nonce Payload: Aug 26 13:30:44.185451: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:44.185453: | flags: none (0x0) Aug 26 13:30:44.185456: | length: 36 (0x24) Aug 26 13:30:44.185458: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:30:44.185461: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:44.185463: | ***parse IKEv2 Notify Payload: Aug 26 13:30:44.185466: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:44.185468: | flags: none (0x0) Aug 26 13:30:44.185471: | length: 8 (0x8) Aug 26 13:30:44.185473: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.185476: | SPI size: 0 (0x0) Aug 26 13:30:44.185478: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:30:44.185481: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:44.185483: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:44.185486: | ***parse IKEv2 Notify Payload: Aug 26 13:30:44.185489: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:44.185491: | flags: none (0x0) Aug 26 13:30:44.185494: | length: 28 (0x1c) Aug 26 13:30:44.185496: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.185498: | SPI size: 0 (0x0) Aug 26 13:30:44.185501: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:30:44.185504: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:44.185506: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:44.185509: | ***parse IKEv2 Notify Payload: Aug 26 13:30:44.185511: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.185514: | flags: none (0x0) Aug 26 13:30:44.185516: | length: 28 (0x1c) Aug 26 13:30:44.185518: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.185521: | SPI size: 0 (0x0) Aug 26 13:30:44.185523: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:30:44.185526: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:30:44.185529: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:30:44.185533: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:30:44.185537: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:44.185539: | Now let's proceed with state specific processing Aug 26 13:30:44.185542: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:30:44.185545: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:30:44.185560: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:30:44.185564: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:30:44.185568: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:44.185570: | local proposal 1 type PRF has 2 transforms Aug 26 13:30:44.185573: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:44.185576: | local proposal 1 type DH has 8 transforms Aug 26 13:30:44.185578: | local proposal 1 type ESN has 0 transforms Aug 26 13:30:44.185583: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:44.185587: | local proposal 2 type ENCR has 1 transforms Aug 26 13:30:44.185589: | local proposal 2 type PRF has 2 transforms Aug 26 13:30:44.185592: | local proposal 2 type INTEG has 1 transforms Aug 26 13:30:44.185594: | local proposal 2 type DH has 8 transforms Aug 26 13:30:44.185597: | local proposal 2 type ESN has 0 transforms Aug 26 13:30:44.185600: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:30:44.185603: | local proposal 3 type ENCR has 1 transforms Aug 26 13:30:44.185605: | local proposal 3 type PRF has 2 transforms Aug 26 13:30:44.185608: | local proposal 3 type INTEG has 2 transforms Aug 26 13:30:44.185610: | local proposal 3 type DH has 8 transforms Aug 26 13:30:44.185613: | local proposal 3 type ESN has 0 transforms Aug 26 13:30:44.185616: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:44.185618: | local proposal 4 type ENCR has 1 transforms Aug 26 13:30:44.185621: | local proposal 4 type PRF has 2 transforms Aug 26 13:30:44.185623: | local proposal 4 type INTEG has 2 transforms Aug 26 13:30:44.185626: | local proposal 4 type DH has 8 transforms Aug 26 13:30:44.185629: | local proposal 4 type ESN has 0 transforms Aug 26 13:30:44.185631: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:30:44.185634: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.185637: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:44.185640: | length: 36 (0x24) Aug 26 13:30:44.185642: | prop #: 1 (0x1) Aug 26 13:30:44.185645: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:30:44.185647: | spi size: 0 (0x0) Aug 26 13:30:44.185650: | # transforms: 3 (0x3) Aug 26 13:30:44.185653: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:30:44.185656: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.185659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.185661: | length: 12 (0xc) Aug 26 13:30:44.185664: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.185666: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:30:44.185669: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.185672: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.185674: | length/value: 256 (0x100) Aug 26 13:30:44.185679: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:44.185681: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.185684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.185686: | length: 8 (0x8) Aug 26 13:30:44.185689: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:30:44.185691: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:30:44.185695: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:30:44.185698: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.185700: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.185703: | length: 8 (0x8) Aug 26 13:30:44.185705: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:30:44.185708: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:30:44.185711: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:30:44.185715: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:30:44.185719: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:30:44.185722: | remote proposal 1 matches local proposal 1 Aug 26 13:30:44.185725: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:30:44.185728: | converting proposal to internal trans attrs Aug 26 13:30:44.185742: | natd_hash: hasher=0x556241299800(20) Aug 26 13:30:44.185745: | natd_hash: icookie= ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.185747: | natd_hash: rcookie= c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.185750: | natd_hash: ip= c0 01 03 d1 Aug 26 13:30:44.185752: | natd_hash: port=500 Aug 26 13:30:44.185755: | natd_hash: hash= 89 af be 6e bb a0 57 1a 96 ba 53 48 fc 29 7d 5b Aug 26 13:30:44.185757: | natd_hash: hash= 2c 40 83 d0 Aug 26 13:30:44.185763: | natd_hash: hasher=0x556241299800(20) Aug 26 13:30:44.185766: | natd_hash: icookie= ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.185768: | natd_hash: rcookie= c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.185771: | natd_hash: ip= c0 01 02 17 Aug 26 13:30:44.185773: | natd_hash: port=500 Aug 26 13:30:44.185776: | natd_hash: hash= 13 56 de 43 6e ba e5 84 c2 7e 70 cc 79 e6 24 f4 Aug 26 13:30:44.185778: | natd_hash: hash= 0c 38 f6 23 Aug 26 13:30:44.185781: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:30:44.185783: | NAT_TRAVERSAL this end is behind NAT Aug 26 13:30:44.185785: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:30:44.185789: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:30:44.185794: | NAT: #1 floating local endpoint from 192.1.3.209:500 to 192.1.3.209:4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Aug 26 13:30:44.185798: | NAT: #1 floating endpoint ended up on interface eth0 192.1.3.209:4500 Aug 26 13:30:44.185802: | NAT-T: #1 floating remote port from 500 to 4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Aug 26 13:30:44.185807: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:30:44.185810: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:30:44.185813: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:44.185816: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:30:44.185820: | libevent_free: release ptr-libevent@0x5562414eae28 Aug 26 13:30:44.185823: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55624153ed28 Aug 26 13:30:44.185826: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55624153ed28 Aug 26 13:30:44.185830: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:30:44.185833: | libevent_malloc: new ptr-libevent@0x55624153ea18 size 128 Aug 26 13:30:44.185842: | #1 spent 0.295 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:30:44.185848: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:44.185851: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:30:44.185854: | suspending state #1 and saving MD Aug 26 13:30:44.185857: | #1 is busy; has a suspended MD Aug 26 13:30:44.185862: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:30:44.185866: | "road-eastnet"[1] 192.1.2.23 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:30:44.185872: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:44.185876: | #1 spent 0.614 milliseconds in ikev2_process_packet() Aug 26 13:30:44.185877: | crypto helper 2 resuming Aug 26 13:30:44.185880: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:30:44.185889: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:30:44.185895: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:44.185901: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:30:44.185906: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:44.185916: | spent 0.647 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:44.186447: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:30:44.186724: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000823 seconds Aug 26 13:30:44.186730: | (#1) spent 0.824 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:30:44.186733: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:30:44.186735: | scheduling resume sending helper answer for #1 Aug 26 13:30:44.186737: | libevent_malloc: new ptr-libevent@0x7fb88c000f48 size 128 Aug 26 13:30:44.186742: | crypto helper 2 waiting (nothing to do) Aug 26 13:30:44.186749: | processing resume sending helper answer for #1 Aug 26 13:30:44.186756: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:30:44.186760: | crypto helper 2 replies to request ID 2 Aug 26 13:30:44.186763: | calling continuation function 0x5562411c4b50 Aug 26 13:30:44.186765: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:30:44.186772: | creating state object #2 at 0x5562415418f8 Aug 26 13:30:44.186776: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:30:44.186779: | pstats #2 ikev2.child started Aug 26 13:30:44.186783: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #2 for IPSEC SA Aug 26 13:30:44.186788: | #2 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:30:44.186794: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:30:44.186798: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:44.186803: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:30:44.186806: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:30:44.186809: | libevent_free: release ptr-libevent@0x55624153ea18 Aug 26 13:30:44.186812: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55624153ed28 Aug 26 13:30:44.186815: | event_schedule: new EVENT_SA_REPLACE-pe@0x55624153ed28 Aug 26 13:30:44.186819: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:30:44.186822: | libevent_malloc: new ptr-libevent@0x55624153ea18 size 128 Aug 26 13:30:44.186826: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:30:44.186831: | **emit ISAKMP Message: Aug 26 13:30:44.186834: | initiator cookie: Aug 26 13:30:44.186836: | ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.186839: | responder cookie: Aug 26 13:30:44.186841: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.186844: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:30:44.186847: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:44.186849: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:44.186852: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:30:44.186855: | Message ID: 1 (0x1) Aug 26 13:30:44.186858: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:30:44.186861: | ***emit IKEv2 Encryption Payload: Aug 26 13:30:44.186863: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.186866: | flags: none (0x0) Aug 26 13:30:44.186869: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:30:44.186872: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.186875: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:30:44.186882: | IKEv2 CERT: send a certificate? Aug 26 13:30:44.186885: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:30:44.186888: | IDr payload will NOT be sent Aug 26 13:30:44.186904: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:30:44.186907: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.186910: | flags: none (0x0) Aug 26 13:30:44.186913: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:44.186916: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:30:44.186919: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.186922: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:30:44.186925: | my identity c0 01 03 d1 Aug 26 13:30:44.186927: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:30:44.186936: | not sending INITIAL_CONTACT Aug 26 13:30:44.186939: | ****emit IKEv2 Authentication Payload: Aug 26 13:30:44.186942: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.186944: | flags: none (0x0) Aug 26 13:30:44.186947: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:44.186950: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:30:44.186953: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.186957: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:30:44.186962: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:44.186966: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:44.186970: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 13:30:44.186974: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:44.186978: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:44.186980: | line 1: match=002 Aug 26 13:30:44.186983: | match 002 beats previous best_match 000 match=0x556241449c48 (line=1) Aug 26 13:30:44.186986: | concluding with best_match=002 best=0x556241449c48 (lineno=1) Aug 26 13:30:44.187042: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:30:44.187046: | PSK auth 75 0f 46 96 d1 dc 4d 15 df 78 61 47 8c ca b1 4e Aug 26 13:30:44.187048: | PSK auth 39 5f 51 69 d9 2b 2b f4 e2 4c cf 5c 98 be c2 cd Aug 26 13:30:44.187051: | PSK auth c4 eb f3 02 fd 41 9f 9b 58 9f 87 87 f4 75 97 dc Aug 26 13:30:44.187053: | PSK auth fe 0b ae 61 d6 aa a7 bb 43 4c 19 61 36 9a 40 0f Aug 26 13:30:44.187056: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:30:44.187059: | Send Configuration Payload request Aug 26 13:30:44.187062: | ****emit IKEv2 Configuration Payload: Aug 26 13:30:44.187065: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:44.187067: | flags: none (0x0) Aug 26 13:30:44.187070: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 13:30:44.187073: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:30:44.187076: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 13:30:44.187079: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.187082: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.187085: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:30:44.187088: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:44.187090: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.187093: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) Aug 26 13:30:44.187096: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:44.187099: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.187103: | Attribute Type: IKEv2_INTERNAL_IP6_ADDRESS (0x8) Aug 26 13:30:44.187106: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:44.187109: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.187111: | Attribute Type: IKEv2_INTERNAL_IP6_DNS (0xa) Aug 26 13:30:44.187114: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:44.187116: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.187119: | Attribute Type: IKEv2_INTERNAL_DNS_DOMAIN (0x19) Aug 26 13:30:44.187122: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 13:30:44.187124: | emitting length of IKEv2 Configuration Payload: 28 Aug 26 13:30:44.187127: | getting first pending from state #1 Aug 26 13:30:44.187147: | netlink_get_spi: allocated 0x7af1bfd5 for esp.0@192.1.3.209 Aug 26 13:30:44.187151: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:30:44.187157: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:30:44.187162: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:44.187168: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:44.187175: | Emitting ikev2_proposals ... Aug 26 13:30:44.187179: | ****emit IKEv2 Security Association Payload: Aug 26 13:30:44.187181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.187184: | flags: none (0x0) Aug 26 13:30:44.187187: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:30:44.187190: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.187193: | discarding DH=NONE Aug 26 13:30:44.187196: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.187198: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:44.187201: | prop #: 1 (0x1) Aug 26 13:30:44.187204: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:44.187206: | spi size: 4 (0x4) Aug 26 13:30:44.187209: | # transforms: 3 (0x3) Aug 26 13:30:44.187212: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:30:44.187215: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:30:44.187217: | our spi 7a f1 bf d5 Aug 26 13:30:44.187220: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.187223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.187225: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.187228: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:44.187231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.187234: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.187237: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.187239: | length/value: 256 (0x100) Aug 26 13:30:44.187242: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:30:44.187245: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.187247: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.187250: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.187253: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:44.187256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.187259: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.187262: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.187265: | discarding DH=NONE Aug 26 13:30:44.187268: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:30:44.187271: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.187273: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:44.187276: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:44.187279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.187282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:30:44.187284: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:30:44.187287: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:30:44.187300: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:30:44.187303: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:30:44.187306: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:30:44.187310: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:44.187312: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.187315: | flags: none (0x0) Aug 26 13:30:44.187317: | number of TS: 1 (0x1) Aug 26 13:30:44.187321: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:30:44.187324: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.187326: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:44.187329: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:44.187331: | IP Protocol ID: 0 (0x0) Aug 26 13:30:44.187334: | start port: 0 (0x0) Aug 26 13:30:44.187336: | end port: 65535 (0xffff) Aug 26 13:30:44.187340: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:44.187342: | ipv4 start c0 01 03 d1 Aug 26 13:30:44.187345: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:44.187348: | ipv4 end c0 01 03 d1 Aug 26 13:30:44.187351: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:44.187353: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:30:44.187356: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:44.187359: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.187361: | flags: none (0x0) Aug 26 13:30:44.187363: | number of TS: 1 (0x1) Aug 26 13:30:44.187366: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:30:44.187369: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.187372: | *****emit IKEv2 Traffic Selector: Aug 26 13:30:44.187374: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:44.187377: | IP Protocol ID: 0 (0x0) Aug 26 13:30:44.187379: | start port: 0 (0x0) Aug 26 13:30:44.187382: | end port: 65535 (0xffff) Aug 26 13:30:44.187385: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:30:44.187388: | ipv4 start 00 00 00 00 Aug 26 13:30:44.187390: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:30:44.187392: | ipv4 end ff ff ff ff Aug 26 13:30:44.187395: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:30:44.187398: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:30:44.187400: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:30:44.187403: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:30:44.187409: | Adding a v2N Payload Aug 26 13:30:44.187412: | ****emit IKEv2 Notify Payload: Aug 26 13:30:44.187415: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.187417: | flags: none (0x0) Aug 26 13:30:44.187420: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.187422: | SPI size: 0 (0x0) Aug 26 13:30:44.187425: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:44.187429: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:30:44.187432: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:30:44.187435: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:30:44.187438: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:30:44.187441: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:30:44.187444: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:30:44.187447: | emitting length of IKEv2 Encryption Payload: 241 Aug 26 13:30:44.187450: | emitting length of ISAKMP Message: 269 Aug 26 13:30:44.187464: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:44.187471: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:44.187475: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:30:44.187479: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:30:44.187482: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:30:44.187485: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:30:44.187491: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:30:44.187496: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:30:44.187501: "road-eastnet"[1] 192.1.2.23 #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:30:44.187511: | sending V2 reply packet to 192.1.2.23:4500 (from 192.1.3.209:4500) Aug 26 13:30:44.187516: | sending 273 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 13:30:44.187519: | 00 00 00 00 ff 33 a9 82 41 3c bd 50 c8 a1 0c bd Aug 26 13:30:44.187521: | f9 5a ab 7a 2e 20 23 08 00 00 00 01 00 00 01 0d Aug 26 13:30:44.187523: | 23 00 00 f1 e4 c6 37 e1 b5 0a 39 15 7b 5c 04 68 Aug 26 13:30:44.187526: | e9 3e 38 9d 9a ad b1 4d 53 6d a1 67 06 63 a3 96 Aug 26 13:30:44.187528: | 37 a6 1f 89 f4 07 1d f7 4c 25 8d 31 2b 4e 0a b7 Aug 26 13:30:44.187530: | 51 78 97 94 ac 7d 8e 62 7b f3 9f 17 9f a0 4a 03 Aug 26 13:30:44.187532: | 5b 3c df c1 e4 7f d9 2b fe d3 1d ef 6f d0 1a 6b Aug 26 13:30:44.187534: | d1 10 52 64 99 aa 4e d4 be 8a ac f8 c7 7d f2 b2 Aug 26 13:30:44.187536: | 22 af e9 50 d1 b1 d0 3a 10 ff ba 15 af ca 26 67 Aug 26 13:30:44.187538: | 01 5b 8c 10 6e 03 ac c0 2f 78 c4 5c f1 b3 82 c9 Aug 26 13:30:44.187541: | ca f9 46 96 7a 95 86 a5 b6 5d af 81 86 9b 75 34 Aug 26 13:30:44.187543: | 26 0a 12 3d 94 6c 2a 5b cf 5e 7f 8e e4 ee c1 d8 Aug 26 13:30:44.187546: | 90 81 c5 a7 3a 8d a7 b8 88 88 5b 5e 58 3f 52 6e Aug 26 13:30:44.187548: | b5 c9 4c 3f 69 c8 3c 4d 01 03 03 70 f4 7e 88 10 Aug 26 13:30:44.187551: | f9 9c a2 e5 48 a1 56 3d ed 22 64 4e 9c d3 f2 d4 Aug 26 13:30:44.187553: | a7 03 05 0c 12 f3 32 8b a6 3f b0 8e f0 ae 20 bd Aug 26 13:30:44.187556: | 00 62 82 45 c4 28 2c dc f1 40 d5 25 76 62 03 3d Aug 26 13:30:44.187560: | ba Aug 26 13:30:44.187597: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:30:44.187603: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb894002b78 Aug 26 13:30:44.187607: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:30:44.187610: | libevent_malloc: new ptr-libevent@0x55624153ebc8 size 128 Aug 26 13:30:44.187615: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11529.930069 Aug 26 13:30:44.187619: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:30:44.187625: | #1 spent 0.834 milliseconds in resume sending helper answer Aug 26 13:30:44.187632: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:30:44.187635: | libevent_free: release ptr-libevent@0x7fb88c000f48 Aug 26 13:30:44.218832: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:30:44.218852: | *received 257 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 13:30:44.218855: | ff 33 a9 82 41 3c bd 50 c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.218858: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Aug 26 13:30:44.218859: | dd 23 f4 34 72 ee 8c 6a f9 2d 71 54 27 fe f0 3b Aug 26 13:30:44.218861: | f9 ee 4c 77 e4 f9 63 4c cb 1b 24 e5 f0 19 bc fa Aug 26 13:30:44.218863: | ea d2 d5 25 3f fa ab 54 b8 0f 26 18 8a 2f b0 c3 Aug 26 13:30:44.218865: | d0 dc ab 81 f3 05 16 44 55 f4 fa 5c 02 d1 7b 90 Aug 26 13:30:44.218866: | 68 58 fc 03 f5 a3 b4 80 ee e0 38 36 d7 85 bc 38 Aug 26 13:30:44.218868: | da 01 1b 94 e8 cd 98 4a cc 55 de 94 4d 18 a0 0a Aug 26 13:30:44.218870: | 51 ed 47 e2 d9 ef ac 88 f9 e3 8a 38 d2 95 5c 08 Aug 26 13:30:44.218871: | 8a 91 7a 31 23 80 66 4f 71 53 f7 e6 df e3 79 30 Aug 26 13:30:44.218873: | 7b 5c 3b 71 0d 14 ec 80 87 cf b5 54 74 50 a2 a0 Aug 26 13:30:44.218875: | 7f 5f 47 dc d0 75 24 ab b9 da 62 e2 c6 ee 4e 74 Aug 26 13:30:44.218876: | 4b 4c 21 f6 e1 39 74 e6 03 5e d5 13 86 45 9b dd Aug 26 13:30:44.218878: | 8e e8 1a 05 77 32 8a 6b b3 b2 c6 b9 f5 07 24 85 Aug 26 13:30:44.218880: | 6e 10 b2 5b 5f da 04 13 a0 b8 c5 f1 ed ae c3 ae Aug 26 13:30:44.218881: | b5 e4 36 03 d0 03 fb bd 92 bb 0f 97 ee 39 04 e3 Aug 26 13:30:44.218883: | 2a Aug 26 13:30:44.218886: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 13:30:44.218889: | **parse ISAKMP Message: Aug 26 13:30:44.218891: | initiator cookie: Aug 26 13:30:44.218893: | ff 33 a9 82 41 3c bd 50 Aug 26 13:30:44.218895: | responder cookie: Aug 26 13:30:44.218896: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:30:44.218898: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:30:44.218900: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:30:44.218902: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:30:44.218904: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:30:44.218906: | Message ID: 1 (0x1) Aug 26 13:30:44.218908: | length: 257 (0x101) Aug 26 13:30:44.218910: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:30:44.218913: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:30:44.218916: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:30:44.218921: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:30:44.218923: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:30:44.218927: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:44.218931: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:30:44.218935: | #2 is idle Aug 26 13:30:44.218937: | #2 idle Aug 26 13:30:44.218938: | unpacking clear payload Aug 26 13:30:44.218940: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:30:44.218942: | ***parse IKEv2 Encryption Payload: Aug 26 13:30:44.218944: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:30:44.218946: | flags: none (0x0) Aug 26 13:30:44.218948: | length: 229 (0xe5) Aug 26 13:30:44.218950: | processing payload: ISAKMP_NEXT_v2SK (len=225) Aug 26 13:30:44.218952: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:30:44.218963: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:30:44.218965: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:30:44.218967: | **parse IKEv2 Notify Payload: Aug 26 13:30:44.218969: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:30:44.218971: | flags: none (0x0) Aug 26 13:30:44.218973: | length: 8 (0x8) Aug 26 13:30:44.218975: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:30:44.218976: | SPI size: 0 (0x0) Aug 26 13:30:44.218979: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 13:30:44.218980: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:30:44.218982: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:30:44.218984: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:30:44.218986: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:30:44.218988: | flags: none (0x0) Aug 26 13:30:44.218989: | length: 12 (0xc) Aug 26 13:30:44.218991: | ID type: ID_IPV4_ADDR (0x1) Aug 26 13:30:44.218993: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:30:44.218995: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:30:44.218997: | **parse IKEv2 Authentication Payload: Aug 26 13:30:44.218999: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:30:44.219000: | flags: none (0x0) Aug 26 13:30:44.219002: | length: 72 (0x48) Aug 26 13:30:44.219004: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:30:44.219006: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:30:44.219007: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 13:30:44.219009: | **parse IKEv2 Configuration Payload: Aug 26 13:30:44.219011: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:30:44.219013: | flags: none (0x0) Aug 26 13:30:44.219014: | length: 16 (0x10) Aug 26 13:30:44.219016: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 13:30:44.219018: | processing payload: ISAKMP_NEXT_v2CP (len=8) Aug 26 13:30:44.219019: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:30:44.219021: | **parse IKEv2 Security Association Payload: Aug 26 13:30:44.219023: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:30:44.219025: | flags: none (0x0) Aug 26 13:30:44.219026: | length: 44 (0x2c) Aug 26 13:30:44.219028: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:30:44.219030: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:30:44.219032: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:30:44.219034: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:30:44.219035: | flags: none (0x0) Aug 26 13:30:44.219037: | length: 24 (0x18) Aug 26 13:30:44.219038: | number of TS: 1 (0x1) Aug 26 13:30:44.219040: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:30:44.219042: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:30:44.219044: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:30:44.219046: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:30:44.219047: | flags: none (0x0) Aug 26 13:30:44.219049: | length: 24 (0x18) Aug 26 13:30:44.219050: | number of TS: 1 (0x1) Aug 26 13:30:44.219052: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:30:44.219054: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:30:44.219056: | Now let's proceed with state specific processing Aug 26 13:30:44.219058: | calling processor Initiator: process IKE_AUTH response Aug 26 13:30:44.219061: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 13:30:44.219064: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 13:30:44.219066: | peer ID c0 01 02 17 Aug 26 13:30:44.219069: | offered CA: '%none' Aug 26 13:30:44.219073: "road-eastnet"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 13:30:44.219101: | verifying AUTH payload Aug 26 13:30:44.219105: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:30:44.219108: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:44.219111: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 13:30:44.219114: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 13:30:44.219117: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:44.219119: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 13:30:44.219121: | line 1: match=002 Aug 26 13:30:44.219123: | match 002 beats previous best_match 000 match=0x556241449c48 (line=1) Aug 26 13:30:44.219125: | concluding with best_match=002 best=0x556241449c48 (lineno=1) Aug 26 13:30:44.219168: "road-eastnet"[1] 192.1.2.23 #2: Authenticated using authby=secret Aug 26 13:30:44.219175: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:30:44.219179: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:30:44.219181: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:30:44.219184: | libevent_free: release ptr-libevent@0x55624153ea18 Aug 26 13:30:44.219186: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55624153ed28 Aug 26 13:30:44.219188: | event_schedule: new EVENT_SA_REKEY-pe@0x55624153ed28 Aug 26 13:30:44.219191: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:30:44.219193: | libevent_malloc: new ptr-libevent@0x7fb88c000f48 size 128 Aug 26 13:30:44.219254: | pstats #1 ikev2.ike established Aug 26 13:30:44.219259: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:30:44.219264: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:44.219267: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.219270: | resume processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.219273: | suspend processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:44.219276: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:44.219279: | NAT-T: keepalive packet not required as recent DPD event used the IKE SA on conn road-eastnet Aug 26 13:30:44.219282: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.219285: | resume processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.219299: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:30:44.219305: | #2 road-eastnet[1] parsing ISAKMP_NEXT_v2CP payload Aug 26 13:30:44.219307: | ***parse IKEv2 Configuration Payload Attribute: Aug 26 13:30:44.219309: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:30:44.219311: | length/value: 4 (0x4) Aug 26 13:30:44.219313: | parsing 4 raw bytes of IKEv2 Configuration Payload Attribute into INTERNAL_IP_ADDRESS Aug 26 13:30:44.219315: | INTERNAL_IP_ADDRESS c0 00 03 0a Aug 26 13:30:44.219318: "road-eastnet"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.3.10 Aug 26 13:30:44.219323: | setting host source IP address to 192.0.3.10 Aug 26 13:30:44.219326: | TSi: parsing 1 traffic selectors Aug 26 13:30:44.219328: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:44.219331: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:44.219333: | IP Protocol ID: 0 (0x0) Aug 26 13:30:44.219335: | length: 16 (0x10) Aug 26 13:30:44.219336: | start port: 0 (0x0) Aug 26 13:30:44.219338: | end port: 65535 (0xffff) Aug 26 13:30:44.219340: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:44.219341: | TS low c0 00 03 0a Aug 26 13:30:44.219343: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:44.219345: | TS high c0 00 03 0a Aug 26 13:30:44.219346: | TSi: parsed 1 traffic selectors Aug 26 13:30:44.219348: | TSr: parsing 1 traffic selectors Aug 26 13:30:44.219350: | ***parse IKEv2 Traffic Selector: Aug 26 13:30:44.219351: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:30:44.219353: | IP Protocol ID: 0 (0x0) Aug 26 13:30:44.219355: | length: 16 (0x10) Aug 26 13:30:44.219356: | start port: 0 (0x0) Aug 26 13:30:44.219358: | end port: 65535 (0xffff) Aug 26 13:30:44.219359: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:30:44.219361: | TS low 00 00 00 00 Aug 26 13:30:44.219363: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:30:44.219364: | TS high ff ff ff ff Aug 26 13:30:44.219366: | TSr: parsed 1 traffic selectors Aug 26 13:30:44.219370: | evaluating our conn="road-eastnet"[1] 192.1.2.23 I=192.0.3.10/32:0/0 R=0.0.0.0/0:0/0 to their: Aug 26 13:30:44.219373: | TSi[0] .net=192.0.3.10-192.0.3.10 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:44.219377: | match address end->client=192.0.3.10/32 >= TSi[0]net=192.0.3.10-192.0.3.10: YES fitness 32 Aug 26 13:30:44.219380: | narrow port end=0..65535 >= TSi[0]=0..65535: 0 Aug 26 13:30:44.219381: | TSi[0] port match: YES fitness 65536 Aug 26 13:30:44.219383: | narrow protocol end=*0 >= TSi[0]=*0: 0 Aug 26 13:30:44.219386: | match end->protocol=*0 >= TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:44.219388: | TSr[0] .net=0.0.0.0-255.255.255.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:30:44.219392: | match address end->client=0.0.0.0/0 >= TSr[0]net=0.0.0.0-255.255.255.255: YES fitness 32 Aug 26 13:30:44.219394: | narrow port end=0..65535 >= TSr[0]=0..65535: 0 Aug 26 13:30:44.219395: | TSr[0] port match: YES fitness 65536 Aug 26 13:30:44.219397: | narrow protocol end=*0 >= TSr[0]=*0: 0 Aug 26 13:30:44.219399: | match end->protocol=*0 >= TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:30:44.219401: | best fit so far: TSi[0] TSr[0] Aug 26 13:30:44.219402: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:30:44.219404: | printing contents struct traffic_selector Aug 26 13:30:44.219405: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:44.219407: | ipprotoid: 0 Aug 26 13:30:44.219409: | port range: 0-65535 Aug 26 13:30:44.219411: | ip range: 192.0.3.10-192.0.3.10 Aug 26 13:30:44.219412: | printing contents struct traffic_selector Aug 26 13:30:44.219414: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:30:44.219415: | ipprotoid: 0 Aug 26 13:30:44.219417: | port range: 0-65535 Aug 26 13:30:44.219419: | ip range: 0.0.0.0-255.255.255.255 Aug 26 13:30:44.219425: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:30:44.219427: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:30:44.219430: | local proposal 1 type ENCR has 1 transforms Aug 26 13:30:44.219432: | local proposal 1 type PRF has 0 transforms Aug 26 13:30:44.219434: | local proposal 1 type INTEG has 1 transforms Aug 26 13:30:44.219435: | local proposal 1 type DH has 1 transforms Aug 26 13:30:44.219437: | local proposal 1 type ESN has 1 transforms Aug 26 13:30:44.219439: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:30:44.219441: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:30:44.219443: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:30:44.219446: | length: 40 (0x28) Aug 26 13:30:44.219448: | prop #: 1 (0x1) Aug 26 13:30:44.219449: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:30:44.219451: | spi size: 4 (0x4) Aug 26 13:30:44.219453: | # transforms: 3 (0x3) Aug 26 13:30:44.219455: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:30:44.219457: | remote SPI 7a 31 60 2f Aug 26 13:30:44.219459: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:30:44.219461: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.219462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.219464: | length: 12 (0xc) Aug 26 13:30:44.219466: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:30:44.219467: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:30:44.219469: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:30:44.219471: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:30:44.219473: | length/value: 256 (0x100) Aug 26 13:30:44.219476: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:30:44.219477: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.219479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:30:44.219481: | length: 8 (0x8) Aug 26 13:30:44.219482: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:30:44.219484: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:30:44.219486: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:30:44.219488: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:30:44.219490: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:30:44.219491: | length: 8 (0x8) Aug 26 13:30:44.219493: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:30:44.219495: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:30:44.219497: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:30:44.219499: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:30:44.219502: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:30:44.219504: | remote proposal 1 matches local proposal 1 Aug 26 13:30:44.219506: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 13:30:44.219510: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=7a31602f;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:30:44.219511: | converting proposal to internal trans attrs Aug 26 13:30:44.219515: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 13:30:44.219518: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 13:30:44.219620: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:30:44.219624: | could_route called for road-eastnet (kind=CK_INSTANCE) Aug 26 13:30:44.219626: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:44.219628: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:44.219630: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:44.219631: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:44.219633: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:44.219637: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 13:30:44.219639: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:44.219642: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:44.219644: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:44.219647: | setting IPsec SA replay-window to 32 Aug 26 13:30:44.219649: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 13:30:44.219652: | netlink: enabling tunnel mode Aug 26 13:30:44.219654: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:44.219656: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:44.219717: | netlink response for Add SA esp.7a31602f@192.1.2.23 included non-error error Aug 26 13:30:44.219722: | set up outgoing SA, ref=0/0 Aug 26 13:30:44.219725: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 13:30:44.219727: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 13:30:44.219728: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 13:30:44.219731: | setting IPsec SA replay-window to 32 Aug 26 13:30:44.219733: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 13:30:44.219735: | netlink: enabling tunnel mode Aug 26 13:30:44.219736: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:30:44.219738: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:30:44.219765: | netlink response for Add SA esp.7af1bfd5@192.1.3.209 included non-error error Aug 26 13:30:44.219769: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:30:44.219776: | add inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => tun.10000@192.1.3.209 (raw_eroute) Aug 26 13:30:44.219778: | IPsec Sa SPD priority set to 1040383 Aug 26 13:30:44.219797: | raw_eroute result=success Aug 26 13:30:44.219801: | set up incoming SA, ref=0/0 Aug 26 13:30:44.219804: | sr for #2: unrouted Aug 26 13:30:44.219807: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:30:44.219809: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:30:44.219811: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:44.219813: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:44.219815: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:30:44.219816: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:30:44.219819: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 13:30:44.219822: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:30:44.219824: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:30:44.219828: | eroute_connection add eroute 192.0.3.10/32:0 --0-> 0.0.0.0/0:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:30:44.219830: | IPsec Sa SPD priority set to 1040383 Aug 26 13:30:44.219839: | raw_eroute result=success Aug 26 13:30:44.219843: | running updown command "ipsec _updown" for verb up Aug 26 13:30:44.219846: | command executing up-client Aug 26 13:30:44.219865: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' V Aug 26 13:30:44.219868: | popen cmd is 1096 chars long Aug 26 13:30:44.219870: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Aug 26 13:30:44.219872: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_I: Aug 26 13:30:44.219876: | cmd( 160):D='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10': Aug 26 13:30:44.219877: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:30:44.219879: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:30:44.219881: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUT: Aug 26 13:30:44.219883: | cmd( 480):O_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 13:30:44.219884: | cmd( 560):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+: Aug 26 13:30:44.219886: | cmd( 640):TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 13:30:44.219888: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 13:30:44.219889: | cmd( 800):D=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=': Aug 26 13:30:44.219891: | cmd( 880):' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_: Aug 26 13:30:44.219893: | cmd( 960):CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no': Aug 26 13:30:44.219895: | cmd(1040): SPI_IN=0x7a31602f SPI_OUT=0x7af1bfd5 ipsec _updown 2>&1: Aug 26 13:30:44.249244: | route_and_eroute: firewall_notified: true Aug 26 13:30:44.249258: | running updown command "ipsec _updown" for verb prepare Aug 26 13:30:44.249261: | command executing prepare-client Aug 26 13:30:44.249285: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIG Aug 26 13:30:44.249295: | popen cmd is 1101 chars long Aug 26 13:30:44.249297: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 13:30:44.249299: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO: Aug 26 13:30:44.249301: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:30:44.249303: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 13:30:44.249305: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Aug 26 13:30:44.249306: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0': Aug 26 13:30:44.249308: | cmd( 480): PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:30:44.249310: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENC: Aug 26 13:30:44.249312: | cmd( 640):RYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+: Aug 26 13:30:44.249313: | cmd( 720):MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Aug 26 13:30:44.249315: | cmd( 800):FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_I: Aug 26 13:30:44.249317: | cmd( 880):NFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO: Aug 26 13:30:44.249323: | cmd( 960):_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED: Aug 26 13:30:44.249325: | cmd(1040):='no' SPI_IN=0x7a31602f SPI_OUT=0x7af1bfd5 ipsec _updown 2>&1: Aug 26 13:30:44.256348: | running updown command "ipsec _updown" for verb route Aug 26 13:30:44.256365: | command executing route-client Aug 26 13:30:44.256389: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED Aug 26 13:30:44.256392: | popen cmd is 1099 chars long Aug 26 13:30:44.256395: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Aug 26 13:30:44.256397: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Aug 26 13:30:44.256398: | cmd( 160):Y_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:30:44.256400: | cmd( 240):10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 13:30:44.256402: | cmd( 320):0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Aug 26 13:30:44.256404: | cmd( 400):_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' P: Aug 26 13:30:44.256405: | cmd( 480):LUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:30:44.256407: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Aug 26 13:30:44.256409: | cmd( 640):PT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MO: Aug 26 13:30:44.256410: | cmd( 720):BIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 13:30:44.256412: | cmd( 800):ILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 13:30:44.256414: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 13:30:44.256416: | cmd( 960):FG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 13:30:44.256417: | cmd(1040):no' SPI_IN=0x7a31602f SPI_OUT=0x7af1bfd5 ipsec _updown 2>&1: Aug 26 13:30:44.265581: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265608: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265613: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265617: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265621: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265624: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265630: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265644: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265655: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265667: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265678: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265693: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265703: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265714: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265726: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265737: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265749: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265760: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265771: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265781: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.265792: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 13:30:44.272195: | route_and_eroute: instance "road-eastnet"[1] 192.1.2.23, setting eroute_owner {spd=0x55624153c018,sr=0x55624153c018} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:30:44.272279: | #1 spent 1.55 milliseconds in install_ipsec_sa() Aug 26 13:30:44.272287: | inR2: instance road-eastnet[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:30:44.272299: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:30:44.272304: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:30:44.272316: | libevent_free: release ptr-libevent@0x55624153ebc8 Aug 26 13:30:44.272323: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb894002b78 Aug 26 13:30:44.272331: | #2 spent 2.15 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:30:44.272342: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:30:44.272346: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:30:44.272349: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:30:44.272352: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:30:44.272354: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:30:44.272358: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:30:44.272361: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:30:44.272363: | pstats #2 ikev2.child established Aug 26 13:30:44.272370: "road-eastnet"[1] 192.1.2.23 #2: negotiated connection [192.0.3.10-192.0.3.10:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0] Aug 26 13:30:44.272381: | NAT-T: NAT Traversal detected - their IKE port is '500' Aug 26 13:30:44.272383: | NAT-T: encaps is 'auto' Aug 26 13:30:44.272387: "road-eastnet"[1] 192.1.2.23 #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP/NAT=>0x7a31602f <0x7af1bfd5 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=192.1.2.23:4500 DPD=passive} Aug 26 13:30:44.272391: | releasing whack for #2 (sock=fd@23) Aug 26 13:30:44.272394: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 13:30:44.272395: | releasing whack and unpending for parent #1 Aug 26 13:30:44.272398: | unpending state #1 connection "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:44.272405: | delete from pending Child SA with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 Aug 26 13:30:44.272408: | removing pending policy for no connection {0x55624152d2d8} Aug 26 13:30:44.272414: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 13:30:44.272418: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:30:44.272421: | event_schedule: new EVENT_SA_REKEY-pe@0x7fb894002b78 Aug 26 13:30:44.272423: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:30:44.272426: | libevent_malloc: new ptr-libevent@0x556241541428 size 128 Aug 26 13:30:44.272431: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:30:44.272435: | #1 spent 2.47 milliseconds in ikev2_process_packet() Aug 26 13:30:44.272439: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 13:30:44.272442: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:30:44.272444: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:30:44.272447: | spent 2.49 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:30:44.272460: | kernel_process_msg_cb process netlink message Aug 26 13:30:44.272469: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:30:44.272472: | xfrm netlink address change RTM_NEWADDR msg len 76 Aug 26 13:30:44.272476: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Aug 26 13:30:44.272479: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:30:44.272484: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:44.272489: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.272494: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:30:44.272500: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:30:44.272502: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:30:44.272505: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:30:44.272507: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:30:44.272511: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:44.272515: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:44.272518: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:30:44.272524: | spent 0.0565 milliseconds in kernel message Aug 26 13:30:44.272532: | processing signal PLUTO_SIGCHLD Aug 26 13:30:44.272538: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:44.272542: | spent 0.00563 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.272545: | processing signal PLUTO_SIGCHLD Aug 26 13:30:44.272548: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:44.272551: | spent 0.00345 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:44.272554: | processing signal PLUTO_SIGCHLD Aug 26 13:30:44.272557: | waitpid returned ECHILD (no child processes left) Aug 26 13:30:44.272560: | spent 0.00323 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:30:45.446217: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:30:45.446473: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:30:45.446479: | FOR_EACH_STATE_... in sort_states Aug 26 13:30:45.446486: | get_sa_info esp.7af1bfd5@192.1.3.209 Aug 26 13:30:45.446706: | get_sa_info esp.7a31602f@192.1.2.23 Aug 26 13:30:45.446724: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:30:45.446730: | spent 0.52 milliseconds in whack Aug 26 13:30:50.831043: | kernel_process_msg_cb process netlink message Aug 26 13:30:50.831944: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:30:50.832006: | spent 0.866 milliseconds in kernel message Aug 26 13:31:04.001246: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:31:04.001263: | expiring aged bare shunts from shunt table Aug 26 13:31:04.001268: | spent 0.00423 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:31:04.220409: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:31:04.220467: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:31:04.220495: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:31:04.220514: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:31:04.220531: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:31:04.220544: | we are behind NAT: sending of NAT-T KEEP-ALIVE for conn road-eastnet (nat-keepalive=yes) Aug 26 13:31:04.220561: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:31:04.220572: | ka_event: send NAT-KA to 192.1.2.23:4500 (state=#1) Aug 26 13:31:04.220580: | sending NAT-T Keep Alive Aug 26 13:31:04.220610: | sending 1 bytes for NAT-T Keep Alive through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 13:31:04.220619: | ff Aug 26 13:31:04.220750: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:31:04.220766: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:31:04.220777: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:31:04.220797: | spent 0.266 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:31:12.433856: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:12.433930: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:31:12.433949: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:12.433975: | get_sa_info esp.7af1bfd5@192.1.3.209 Aug 26 13:31:12.434027: | get_sa_info esp.7a31602f@192.1.2.23 Aug 26 13:31:12.434102: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:12.434134: | spent 0.299 milliseconds in whack Aug 26 13:31:12.567149: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:12.567634: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:12.567654: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:31:12.567927: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:31:12.567937: | FOR_EACH_STATE_... in sort_states Aug 26 13:31:12.567972: | get_sa_info esp.7af1bfd5@192.1.3.209 Aug 26 13:31:12.568012: | get_sa_info esp.7a31602f@192.1.2.23 Aug 26 13:31:12.568068: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:31:12.568085: | spent 0.938 milliseconds in whack Aug 26 13:31:12.838612: | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:12.838632: | *received 69 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 13:31:12.838635: | ff 33 a9 82 41 3c bd 50 c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.838637: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:31:12.838639: | ae 39 a1 e9 25 d4 55 d1 a6 44 77 d9 34 5d 1e 2a Aug 26 13:31:12.838640: | cb 29 35 fd 19 a2 be 47 5d f9 4a 8d 59 89 2c ee Aug 26 13:31:12.838642: | e0 d0 a9 6c 9f Aug 26 13:31:12.838645: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 13:31:12.838648: | **parse ISAKMP Message: Aug 26 13:31:12.838650: | initiator cookie: Aug 26 13:31:12.838651: | ff 33 a9 82 41 3c bd 50 Aug 26 13:31:12.838653: | responder cookie: Aug 26 13:31:12.838654: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.838656: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:12.838658: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:12.838662: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:12.838665: | flags: none (0x0) Aug 26 13:31:12.838667: | Message ID: 0 (0x0) Aug 26 13:31:12.838669: | length: 69 (0x45) Aug 26 13:31:12.838671: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:12.838673: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:12.838677: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:12.838682: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:12.838684: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:12.838688: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:12.838690: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:31:12.838693: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:31:12.838695: | unpacking clear payload Aug 26 13:31:12.838697: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:12.838699: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:12.838701: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:12.838702: | flags: none (0x0) Aug 26 13:31:12.838704: | length: 41 (0x29) Aug 26 13:31:12.838706: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:31:12.838709: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:31:12.838711: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:12.838729: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:12.838731: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:12.838733: | **parse IKEv2 Delete Payload: Aug 26 13:31:12.838736: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:12.838737: | flags: none (0x0) Aug 26 13:31:12.838739: | length: 12 (0xc) Aug 26 13:31:12.838741: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:12.838742: | SPI size: 4 (0x4) Aug 26 13:31:12.838744: | number of SPIs: 1 (0x1) Aug 26 13:31:12.838746: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:31:12.838748: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:12.838749: | Now let's proceed with state specific processing Aug 26 13:31:12.838751: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:12.838754: | an informational request should send a response Aug 26 13:31:12.838773: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:12.838775: | **emit ISAKMP Message: Aug 26 13:31:12.838777: | initiator cookie: Aug 26 13:31:12.838779: | ff 33 a9 82 41 3c bd 50 Aug 26 13:31:12.838780: | responder cookie: Aug 26 13:31:12.838782: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.838784: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:12.838785: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:12.838787: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:12.838789: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:12.838791: | Message ID: 0 (0x0) Aug 26 13:31:12.838793: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:12.838795: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:12.838797: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:12.838798: | flags: none (0x0) Aug 26 13:31:12.838800: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:12.838802: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:12.838806: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:12.838815: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:31:12.838817: | SPI 7a 31 60 2f Aug 26 13:31:12.838819: | delete PROTO_v2_ESP SA(0x7a31602f) Aug 26 13:31:12.838821: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:31:12.838823: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:31:12.838825: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x7a31602f) Aug 26 13:31:12.838828: "road-eastnet"[1] 192.1.2.23 #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:31:12.838831: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:12.838833: | libevent_free: release ptr-libevent@0x556241541428 Aug 26 13:31:12.838836: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fb894002b78 Aug 26 13:31:12.838838: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fb894002b78 Aug 26 13:31:12.838840: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:31:12.838842: | libevent_malloc: new ptr-libevent@0x55624153ebc8 size 128 Aug 26 13:31:12.838845: | ****emit IKEv2 Delete Payload: Aug 26 13:31:12.838847: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:12.838848: | flags: none (0x0) Aug 26 13:31:12.838850: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:31:12.838852: | SPI size: 4 (0x4) Aug 26 13:31:12.838853: | number of SPIs: 1 (0x1) Aug 26 13:31:12.838855: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:31:12.838857: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:12.838859: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:31:12.838861: | local SPIs 7a f1 bf d5 Aug 26 13:31:12.838863: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:31:12.838865: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:12.838867: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:12.838869: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:12.838870: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:31:12.838872: | emitting length of ISAKMP Message: 69 Aug 26 13:31:12.838885: | sending 73 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 13:31:12.838887: | 00 00 00 00 ff 33 a9 82 41 3c bd 50 c8 a1 0c bd Aug 26 13:31:12.838889: | f9 5a ab 7a 2e 20 25 28 00 00 00 00 00 00 00 45 Aug 26 13:31:12.838890: | 2a 00 00 29 11 16 3a 36 ba b3 05 89 1a 57 b0 f1 Aug 26 13:31:12.838892: | 8d 51 dd be 5c 99 66 46 1b 05 89 96 8a 72 41 79 Aug 26 13:31:12.838893: | 7f 4a 56 fa 71 41 17 ef 90 Aug 26 13:31:12.838922: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:12.838926: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:31:12.838931: | #1 spent 0.16 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:31:12.838935: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:12.838937: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:31:12.838940: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:31:12.838943: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:31:12.838947: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:31:12.838950: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:31:12.838953: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:12.838957: | #1 spent 0.316 milliseconds in ikev2_process_packet() Aug 26 13:31:12.838959: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 13:31:12.838961: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:12.838963: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:12.838966: | spent 0.326 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:12.838972: | timer_event_cb: processing event@0x7fb894002b78 Aug 26 13:31:12.838974: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:31:12.838978: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:12.838981: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:12.838982: | replacing stale CHILD SA Aug 26 13:31:12.838985: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:31:12.838987: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:31:12.838989: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:31:12.838992: | creating state object #3 at 0x556241546088 Aug 26 13:31:12.838994: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:31:12.839001: | pstats #3 ikev2.child started Aug 26 13:31:12.839004: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #3 for IPSEC SA Aug 26 13:31:12.839008: | #3 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:31:12.839014: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:31:12.839018: | suspend processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:12.839021: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:31:12.839024: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:31:12.839026: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:31:12.839029: | constructing ESP/AH proposals with default DH MODP2048 for road-eastnet (ESP/AH initiator emitting proposals) Aug 26 13:31:12.839032: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:31:12.839036: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:12.839040: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:31:12.839044: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:31:12.839046: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55624153ede8 Aug 26 13:31:12.839049: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:31:12.839050: | libevent_malloc: new ptr-libevent@0x556241541428 size 128 Aug 26 13:31:12.839054: | RESET processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:31:12.839056: | event_schedule: new EVENT_SA_EXPIRE-pe@0x556241540e78 Aug 26 13:31:12.839059: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:31:12.839060: | libevent_malloc: new ptr-libevent@0x7fb894002888 size 128 Aug 26 13:31:12.839063: | libevent_realloc: release ptr-libevent@0x5562414eb128 Aug 26 13:31:12.839065: | libevent_realloc: new ptr-libevent@0x55624153f188 size 128 Aug 26 13:31:12.839068: | libevent_free: release ptr-libevent@0x55624153ebc8 Aug 26 13:31:12.839069: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fb894002b78 Aug 26 13:31:12.839072: | #2 spent 0.1 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:31:12.839074: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:12.839078: | timer_event_cb: processing event@0x55624153ede8 Aug 26 13:31:12.839079: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:31:12.839083: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:12.839086: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:31:12.839088: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb894002b78 Aug 26 13:31:12.839090: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:31:12.839092: | libevent_malloc: new ptr-libevent@0x55624153ebc8 size 128 Aug 26 13:31:12.839098: | libevent_free: release ptr-libevent@0x556241541428 Aug 26 13:31:12.839100: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55624153ede8 Aug 26 13:31:12.839103: | #3 spent 0.0244 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:31:12.839106: | stop processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:31:12.839108: | timer_event_cb: processing event@0x556241540e78 Aug 26 13:31:12.839110: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:31:12.839113: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:31:12.839115: | picked newest_ipsec_sa #2 for #2 Aug 26 13:31:12.839117: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:31:12.839119: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:31:12.839121: | pstats #2 ikev2.child deleted completed Aug 26 13:31:12.839123: | #2 spent 2.25 milliseconds in total Aug 26 13:31:12.839126: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:12.839129: "road-eastnet"[1] 192.1.2.23 #2: deleting state (STATE_V2_IPSEC_I) aged 28.652s and NOT sending notification Aug 26 13:31:12.839131: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:31:12.839132: | crypto helper 1 resuming Aug 26 13:31:12.839134: | get_sa_info esp.7a31602f@192.1.2.23 Aug 26 13:31:12.839146: | crypto helper 1 starting work-order 3 for state #3 Aug 26 13:31:12.839150: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:31:12.839157: | get_sa_info esp.7af1bfd5@192.1.3.209 Aug 26 13:31:12.839163: "road-eastnet"[1] 192.1.2.23 #2: ESP traffic information: in=840B out=840B Aug 26 13:31:12.839166: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:31:12.839198: | running updown command "ipsec _updown" for verb down Aug 26 13:31:12.839201: | command executing down-client Aug 26 13:31:12.839220: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826244' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON Aug 26 13:31:12.839225: | popen cmd is 1107 chars long Aug 26 13:31:12.839227: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Aug 26 13:31:12.839229: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY: Aug 26 13:31:12.839231: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Aug 26 13:31:12.839233: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 13:31:12.839235: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 13:31:12.839236: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PL: Aug 26 13:31:12.839238: | cmd( 480):UTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 13:31:12.839240: | cmd( 560):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826244' PLUTO_CONN_POLICY='P: Aug 26 13:31:12.839241: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_: Aug 26 13:31:12.839243: | cmd( 720):ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' : Aug 26 13:31:12.839245: | cmd( 800):XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Aug 26 13:31:12.839246: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Aug 26 13:31:12.839248: | cmd( 960): PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Aug 26 13:31:12.839250: | cmd(1040):SHARED='no' SPI_IN=0x7a31602f SPI_OUT=0x7af1bfd5 ipsec _updown 2>&1: Aug 26 13:31:12.839756: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000605 seconds Aug 26 13:31:12.839769: | (#3) spent 0.613 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:31:12.839772: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Aug 26 13:31:12.839774: | scheduling resume sending helper answer for #3 Aug 26 13:31:12.839776: | libevent_malloc: new ptr-libevent@0x7fb890002888 size 128 Aug 26 13:31:12.839787: | crypto helper 1 waiting (nothing to do) Aug 26 13:31:12.862135: "road-eastnet"[1] 192.1.2.23 #2: down-client output: restoring resolvconf Aug 26 13:31:12.862152: "road-eastnet"[1] 192.1.2.23 #2: down-client output: Problem in restoring the resolv.conf, as there is no backup file Aug 26 13:31:12.862445: | shunt_eroute() called for connection 'road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:31:12.862454: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:12.862458: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:31:12.862461: | IPsec Sa SPD priority set to 1040383 Aug 26 13:31:12.862489: | delete esp.7a31602f@192.1.2.23 Aug 26 13:31:12.862501: | netlink response for Del SA esp.7a31602f@192.1.2.23 included non-error error Aug 26 13:31:12.862505: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:31:12.862510: | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 13:31:12.862537: | raw_eroute result=success Aug 26 13:31:12.862540: | delete esp.7af1bfd5@192.1.3.209 Aug 26 13:31:12.862547: | netlink response for Del SA esp.7af1bfd5@192.1.3.209 included non-error error Aug 26 13:31:12.862556: | in connection_discard for connection road-eastnet Aug 26 13:31:12.862558: | connection is instance Aug 26 13:31:12.862560: | not in pending use Aug 26 13:31:12.862562: | State DB: found state #3 in V2_REKEY_CHILD_I0 (connection_discard) Aug 26 13:31:12.862564: | states still using this connection instance, retaining Aug 26 13:31:12.862569: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:31:12.862572: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:12.862578: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:12.862591: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:31:12.862593: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:31:12.862597: | libevent_free: release ptr-libevent@0x7fb894002888 Aug 26 13:31:12.862600: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x556241540e78 Aug 26 13:31:12.862602: | in statetime_stop() and could not find #2 Aug 26 13:31:12.862604: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:31:12.862621: | spent 0.00195 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:12.862634: | *received 65 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 13:31:12.862636: | ff 33 a9 82 41 3c bd 50 c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.862638: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:31:12.862639: | 8d 08 89 7b 99 71 e0 11 bc 04 be 4d 04 ca fd 5d Aug 26 13:31:12.862641: | 92 9f 2f 99 98 c2 66 4f 1b 8e 0c 3e d9 65 63 03 Aug 26 13:31:12.862642: | aa Aug 26 13:31:12.862646: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 13:31:12.862649: | **parse ISAKMP Message: Aug 26 13:31:12.862664: | initiator cookie: Aug 26 13:31:12.862666: | ff 33 a9 82 41 3c bd 50 Aug 26 13:31:12.862668: | responder cookie: Aug 26 13:31:12.862669: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.862671: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:31:12.862673: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:12.862675: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:12.862677: | flags: none (0x0) Aug 26 13:31:12.862679: | Message ID: 1 (0x1) Aug 26 13:31:12.862681: | length: 65 (0x41) Aug 26 13:31:12.862683: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:31:12.862685: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:31:12.862687: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:31:12.862692: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:31:12.862694: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:31:12.862697: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:31:12.862699: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:31:12.862702: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:31:12.862704: | unpacking clear payload Aug 26 13:31:12.862706: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:31:12.862708: | ***parse IKEv2 Encryption Payload: Aug 26 13:31:12.862709: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:31:12.862711: | flags: none (0x0) Aug 26 13:31:12.862712: | length: 37 (0x25) Aug 26 13:31:12.862714: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:31:12.862717: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:31:12.862719: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:31:12.862734: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:31:12.862736: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:31:12.862738: | **parse IKEv2 Delete Payload: Aug 26 13:31:12.862740: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:12.862741: | flags: none (0x0) Aug 26 13:31:12.862743: | length: 8 (0x8) Aug 26 13:31:12.862745: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:31:12.862748: | SPI size: 0 (0x0) Aug 26 13:31:12.862749: | number of SPIs: 0 (0x0) Aug 26 13:31:12.862751: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:31:12.862753: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:31:12.862755: | Now let's proceed with state specific processing Aug 26 13:31:12.862756: | calling processor I3: INFORMATIONAL Request Aug 26 13:31:12.862759: | an informational request should send a response Aug 26 13:31:12.862778: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:31:12.862780: | **emit ISAKMP Message: Aug 26 13:31:12.862782: | initiator cookie: Aug 26 13:31:12.862783: | ff 33 a9 82 41 3c bd 50 Aug 26 13:31:12.862785: | responder cookie: Aug 26 13:31:12.862786: | c8 a1 0c bd f9 5a ab 7a Aug 26 13:31:12.862788: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:31:12.862790: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:31:12.862792: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:31:12.862794: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:31:12.862795: | Message ID: 1 (0x1) Aug 26 13:31:12.862797: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:31:12.862799: | ***emit IKEv2 Encryption Payload: Aug 26 13:31:12.862801: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:31:12.862803: | flags: none (0x0) Aug 26 13:31:12.862805: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:31:12.862807: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:31:12.862809: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:31:12.862816: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:31:12.862819: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:31:12.862820: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:31:12.862822: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:31:12.862824: | emitting length of ISAKMP Message: 57 Aug 26 13:31:12.862836: | sending 61 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 13:31:12.862838: | 00 00 00 00 ff 33 a9 82 41 3c bd 50 c8 a1 0c bd Aug 26 13:31:12.862840: | f9 5a ab 7a 2e 20 25 28 00 00 00 01 00 00 00 39 Aug 26 13:31:12.862842: | 00 00 00 1d f8 18 11 29 04 e3 36 3f 25 6a 8b 95 Aug 26 13:31:12.862843: | af fd f7 a2 94 ca 03 d3 81 2c 47 04 b7 Aug 26 13:31:12.862902: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:12.862908: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:31:12.862911: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:31:12.862913: | pstats #3 ikev2.child deleted other Aug 26 13:31:12.862916: | #3 spent 0.0244 milliseconds in total Aug 26 13:31:12.862919: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:12.862923: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:12.862926: "road-eastnet"[1] 192.1.2.23 #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.023s and NOT sending notification Aug 26 13:31:12.862928: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:31:12.862930: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:31:12.862934: | libevent_free: release ptr-libevent@0x55624153ebc8 Aug 26 13:31:12.862936: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb894002b78 Aug 26 13:31:12.862938: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:31:12.862942: | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 13:31:12.862951: | raw_eroute result=success Aug 26 13:31:12.862955: | in connection_discard for connection road-eastnet Aug 26 13:31:12.862956: | connection is instance Aug 26 13:31:12.862958: | not in pending use Aug 26 13:31:12.862959: | State DB: found state #1 in PARENT_I3 (connection_discard) Aug 26 13:31:12.862961: | states still using this connection instance, retaining Aug 26 13:31:12.862963: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:31:12.862968: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:31:12.862971: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:12.862974: | resume processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:12.862977: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:31:12.862979: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:31:12.862980: | pstats #1 ikev2.ike deleted completed Aug 26 13:31:12.862983: | #1 spent 7.63 milliseconds in total Aug 26 13:31:12.862986: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:31:12.862989: "road-eastnet"[1] 192.1.2.23 #1: deleting state (STATE_IKESA_DEL) aged 28.682s and NOT sending notification Aug 26 13:31:12.862991: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:31:12.863025: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:31:12.863028: | libevent_free: release ptr-libevent@0x7fb88c000f48 Aug 26 13:31:12.863031: | free_event_entry: release EVENT_SA_REKEY-pe@0x55624153ed28 Aug 26 13:31:12.863033: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:31:12.863035: | picked newest_isakmp_sa #0 for #1 Aug 26 13:31:12.863038: "road-eastnet"[1] 192.1.2.23 #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:31:12.863040: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Aug 26 13:31:12.863042: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:31:12.863045: | in connection_discard for connection road-eastnet Aug 26 13:31:12.863046: | connection is instance Aug 26 13:31:12.863048: | not in pending use Aug 26 13:31:12.863049: | State DB: state not found (connection_discard) Aug 26 13:31:12.863051: | no states use this connection instance, deleting Aug 26 13:31:12.863054: | start processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in delete_connection() at connections.c:189) Aug 26 13:31:12.863057: packet from 192.1.2.23:4500: deleting connection "road-eastnet"[1] 192.1.2.23 instance with peer 192.1.2.23 {isakmp=#0/ipsec=#0} Aug 26 13:31:12.863059: | Deleting states for connection - not including other IPsec SA's Aug 26 13:31:12.863061: | pass 0 Aug 26 13:31:12.863062: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:12.863064: | state #1 Aug 26 13:31:12.863066: | pass 1 Aug 26 13:31:12.863067: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:12.863069: | state #1 Aug 26 13:31:12.863071: | shunt_eroute() called for connection 'road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:31:12.863073: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:31:12.863075: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:31:12.863085: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 13:31:12.863092: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:31:12.863095: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:12.863097: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:12.863099: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 13:31:12.863101: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 13:31:12.863103: | route owner of "road-eastnet" unrouted: NULL Aug 26 13:31:12.863105: | running updown command "ipsec _updown" for verb unroute Aug 26 13:31:12.863107: | command executing unroute-client Aug 26 13:31:12.863125: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON Aug 26 13:31:12.863128: | popen cmd is 1090 chars long Aug 26 13:31:12.863130: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 13:31:12.863131: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO: Aug 26 13:31:12.863133: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 13:31:12.863135: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 13:31:12.863137: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 13:31:12.863138: | cmd( 400):EER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0: Aug 26 13:31:12.863140: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 13:31:12.863142: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Aug 26 13:31:12.863143: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW: Aug 26 13:31:12.863145: | cmd( 720):+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Aug 26 13:31:12.863147: | cmd( 800):TH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Aug 26 13:31:12.863148: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Aug 26 13:31:12.863150: | cmd( 960):UTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Aug 26 13:31:12.863151: | cmd(1040):RED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:31:12.871074: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871095: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871098: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871101: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871103: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871105: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871107: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871109: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.871114: packet from 192.1.2.23:4500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:31:12.879992: | flush revival: connection 'road-eastnet' revival flushed Aug 26 13:31:12.880008: | stop processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in discard_connection() at connections.c:249) Aug 26 13:31:12.880018: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:31:12.880026: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:31:12.880067: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:31:12.880096: | in statetime_stop() and could not find #1 Aug 26 13:31:12.880099: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:31:12.880103: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:31:12.880105: | STF_OK but no state object remains Aug 26 13:31:12.880108: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:31:12.880110: | in statetime_stop() and could not find #1 Aug 26 13:31:12.880113: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 13:31:12.880117: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:31:12.880119: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:31:12.880125: | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:31:12.880137: | processing resume sending helper answer for #3 Aug 26 13:31:12.880140: | crypto helper 1 replies to request ID 3 Aug 26 13:31:12.880142: | calling continuation function 0x5562411c4b50 Aug 26 13:31:12.880143: | work-order 3 state #3 crypto result suppressed Aug 26 13:31:12.880161: | (#3) spent 0.0203 milliseconds in resume sending helper answer Aug 26 13:31:12.880165: | libevent_free: release ptr-libevent@0x7fb890002888 Aug 26 13:31:12.880167: | processing signal PLUTO_SIGCHLD Aug 26 13:31:12.880171: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:12.880173: | spent 0.00403 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:12.880175: | processing signal PLUTO_SIGCHLD Aug 26 13:31:12.880177: | waitpid returned ECHILD (no child processes left) Aug 26 13:31:12.880180: | spent 0.00239 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:31:12.880193: recvmsg: received truncated IKE packet (MSG_TRUNC) Aug 26 13:31:12.880196: | **parse ISAKMP Message (raw): Aug 26 13:31:12.880199: | initiator cookie: Aug 26 13:31:12.880201: | 00 00 00 00 ff 33 a9 82 Aug 26 13:31:12.880203: | responder cookie: Aug 26 13:31:12.880204: | 41 3c bd 50 c8 a1 0c bd Aug 26 13:31:12.880206: | next payload type: 249 (0xf9) Aug 26 13:31:12.880208: | ISAKMP version: 90 (0x5a) Aug 26 13:31:12.880209: | exchange type: 171 (0xab) Aug 26 13:31:12.880211: | flags: 122 (0x7a) Aug 26 13:31:12.880213: | Message ID: 773858600 (0x2e202528) Aug 26 13:31:12.880214: | length: 1 (0x1) Aug 26 13:31:12.880216: | MSG_ERRQUEUE packet IKE header version unknown Aug 26 13:31:12.880218: | rejected packet: Aug 26 13:31:12.880219: | 00 00 00 00 ff 33 a9 82 41 3c bd 50 c8 a1 0c bd Aug 26 13:31:12.880221: | f9 5a ab 7a 2e 20 25 28 00 00 00 01 00 00 00 39 Aug 26 13:31:12.880222: | 00 00 00 1d f8 18 11 29 04 e3 36 3f 25 6a 8b 95 Aug 26 13:31:12.880224: | af fd f7 a2 94 ca 03 d3 Aug 26 13:31:12.880225: | control: Aug 26 13:31:12.880227: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 Aug 26 13:31:12.880228: | 7f 57 00 00 00 00 00 00 c0 01 03 d1 62 55 00 00 Aug 26 13:31:12.880230: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Aug 26 13:31:12.880231: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Aug 26 13:31:12.880233: | 02 00 00 00 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 13:31:12.880234: | name: Aug 26 13:31:12.880236: | 02 00 11 94 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 13:31:12.880244: | ERROR: asynchronous network error report on eth0 (192.1.3.209:4500) for message to 192.1.2.23 port 4500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Aug 26 13:31:12.880249: | spent 0.0594 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:31:12.880251: | kernel_process_msg_cb process netlink message Aug 26 13:31:12.880257: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:12.880260: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:12.880262: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 13:31:12.880264: | xfrm netlink address change RTM_DELADDR msg len 76 Aug 26 13:31:12.880267: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Aug 26 13:31:12.880269: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 13:31:12.880271: | IKEv2 received address RTM_DELADDR type 3 Aug 26 13:31:12.880272: | IKEv2 received address RTM_DELADDR type 8 Aug 26 13:31:12.880274: | IKEv2 received address RTM_DELADDR type 6 Aug 26 13:31:12.880276: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:31:12.880279: | spent 0.0258 milliseconds in kernel message Aug 26 13:31:12.880281: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:31:12.880284: | spent 0.000544 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:31:13.516016: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:31:13.516036: shutting down Aug 26 13:31:13.516042: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:31:13.516046: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:31:13.516048: forgetting secrets Aug 26 13:31:13.516053: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:31:13.516057: | start processing: connection "road-eastnet" (in delete_connection() at connections.c:189) Aug 26 13:31:13.516059: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:31:13.516061: | pass 0 Aug 26 13:31:13.516062: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:13.516064: | pass 1 Aug 26 13:31:13.516065: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:31:13.516069: | free hp@0x55624153bde8 Aug 26 13:31:13.516071: | flush revival: connection 'road-eastnet' wasn't on the list Aug 26 13:31:13.516074: | stop processing: connection "road-eastnet" (in discard_connection() at connections.c:249) Aug 26 13:31:13.516082: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:31:13.516084: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:31:13.516091: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:31:13.516093: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:31:13.516095: shutting down interface eth0/eth0 192.1.3.209:4500 Aug 26 13:31:13.516097: shutting down interface eth0/eth0 192.1.3.209:500 Aug 26 13:31:13.516100: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:31:13.516106: | libevent_free: release ptr-libevent@0x55624152df58 Aug 26 13:31:13.516108: | free_event_entry: release EVENT_NULL-pe@0x556241539c88 Aug 26 13:31:13.516117: | libevent_free: release ptr-libevent@0x5562414f00f8 Aug 26 13:31:13.516119: | free_event_entry: release EVENT_NULL-pe@0x556241539d38 Aug 26 13:31:13.516123: | libevent_free: release ptr-libevent@0x5562414f1328 Aug 26 13:31:13.516125: | free_event_entry: release EVENT_NULL-pe@0x556241539de8 Aug 26 13:31:13.516130: | libevent_free: release ptr-libevent@0x5562414ead28 Aug 26 13:31:13.516132: | free_event_entry: release EVENT_NULL-pe@0x556241539e98 Aug 26 13:31:13.516136: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:31:13.516503: | libevent_free: release ptr-libevent@0x55624152e008 Aug 26 13:31:13.516509: | free_event_entry: release EVENT_NULL-pe@0x556241522128 Aug 26 13:31:13.516513: | libevent_free: release ptr-libevent@0x5562414f0048 Aug 26 13:31:13.516515: | free_event_entry: release EVENT_NULL-pe@0x556241521c88 Aug 26 13:31:13.516518: | libevent_free: release ptr-libevent@0x55624151a728 Aug 26 13:31:13.516522: | free_event_entry: release EVENT_NULL-pe@0x55624151bf18 Aug 26 13:31:13.516524: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:31:13.516526: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:31:13.516528: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:31:13.516529: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:31:13.516531: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:31:13.516532: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:31:13.516534: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:31:13.516536: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:31:13.516537: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:31:13.516542: | libevent_free: release ptr-libevent@0x55624147d8e8 Aug 26 13:31:13.516543: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:31:13.516545: | libevent_free: release ptr-libevent@0x5562415395c8 Aug 26 13:31:13.516547: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:31:13.516549: | libevent_free: release ptr-libevent@0x5562415396d8 Aug 26 13:31:13.516551: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:31:13.516553: | libevent_free: release ptr-libevent@0x556241539918 Aug 26 13:31:13.516555: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:31:13.516556: | releasing event base Aug 26 13:31:13.516566: | libevent_free: release ptr-libevent@0x5562415397e8 Aug 26 13:31:13.516568: | libevent_free: release ptr-libevent@0x55624151c548 Aug 26 13:31:13.516570: | libevent_free: release ptr-libevent@0x55624151c4f8 Aug 26 13:31:13.516572: | libevent_free: release ptr-libevent@0x55624153f188 Aug 26 13:31:13.516574: | libevent_free: release ptr-libevent@0x55624151c4b8 Aug 26 13:31:13.516576: | libevent_free: release ptr-libevent@0x5562415392d8 Aug 26 13:31:13.516577: | libevent_free: release ptr-libevent@0x556241539548 Aug 26 13:31:13.516579: | libevent_free: release ptr-libevent@0x55624151c6f8 Aug 26 13:31:13.516581: | libevent_free: release ptr-libevent@0x556241521918 Aug 26 13:31:13.516582: | libevent_free: release ptr-libevent@0x556241522238 Aug 26 13:31:13.516584: | libevent_free: release ptr-libevent@0x556241539f08 Aug 26 13:31:13.516585: | libevent_free: release ptr-libevent@0x556241539e58 Aug 26 13:31:13.516587: | libevent_free: release ptr-libevent@0x556241539da8 Aug 26 13:31:13.516589: | libevent_free: release ptr-libevent@0x556241539cf8 Aug 26 13:31:13.516590: | libevent_free: release ptr-libevent@0x55624147cc08 Aug 26 13:31:13.516592: | libevent_free: release ptr-libevent@0x556241539698 Aug 26 13:31:13.516593: | libevent_free: release ptr-libevent@0x556241539588 Aug 26 13:31:13.516595: | libevent_free: release ptr-libevent@0x556241539448 Aug 26 13:31:13.516597: | libevent_free: release ptr-libevent@0x5562415397a8 Aug 26 13:31:13.516598: | libevent_free: release ptr-libevent@0x556241539318 Aug 26 13:31:13.516600: | libevent_free: release ptr-libevent@0x5562414ec2a8 Aug 26 13:31:13.516602: | libevent_free: release ptr-libevent@0x5562414ec228 Aug 26 13:31:13.516603: | libevent_free: release ptr-libevent@0x55624147cf78 Aug 26 13:31:13.516605: | releasing global libevent data Aug 26 13:31:13.516607: | libevent_free: release ptr-libevent@0x5562414ea958 Aug 26 13:31:13.516609: | libevent_free: release ptr-libevent@0x5562414ec3a8 Aug 26 13:31:13.516610: | libevent_free: release ptr-libevent@0x5562414ec328 Aug 26 13:31:13.516645: leak detective found no leaks