Aug 26 13:15:16.835586: FIPS Product: YES Aug 26 13:15:16.835710: FIPS Kernel: NO Aug 26 13:15:16.835714: FIPS Mode: NO Aug 26 13:15:16.835717: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:15:16.835861: Initializing NSS Aug 26 13:15:16.835871: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:15:16.865093: NSS initialized Aug 26 13:15:16.865113: NSS crypto library initialized Aug 26 13:15:16.865116: FIPS HMAC integrity support [enabled] Aug 26 13:15:16.865119: FIPS mode disabled for pluto daemon Aug 26 13:15:16.895757: FIPS HMAC integrity verification self-test FAILED Aug 26 13:15:16.895870: libcap-ng support [enabled] Aug 26 13:15:16.895879: Linux audit support [enabled] Aug 26 13:15:16.895908: Linux audit activated Aug 26 13:15:16.895916: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8307 Aug 26 13:15:16.895920: core dump dir: /tmp Aug 26 13:15:16.895922: secrets file: /etc/ipsec.secrets Aug 26 13:15:16.895925: leak-detective enabled Aug 26 13:15:16.895927: NSS crypto [enabled] Aug 26 13:15:16.895930: XAUTH PAM support [enabled] Aug 26 13:15:16.896007: | libevent is using pluto's memory allocator Aug 26 13:15:16.896018: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:15:16.896034: | libevent_malloc: new ptr-libevent@0x563ea91d67f8 size 40 Aug 26 13:15:16.896038: | libevent_malloc: new ptr-libevent@0x563ea91d6cd8 size 40 Aug 26 13:15:16.896041: | libevent_malloc: new ptr-libevent@0x563ea91d6dd8 size 40 Aug 26 13:15:16.896044: | creating event base Aug 26 13:15:16.896048: | libevent_malloc: new ptr-libevent@0x563ea925b768 size 56 Aug 26 13:15:16.896053: | libevent_malloc: new ptr-libevent@0x563ea91ff338 size 664 Aug 26 13:15:16.896065: | libevent_malloc: new ptr-libevent@0x563ea925b7d8 size 24 Aug 26 13:15:16.896069: | libevent_malloc: new ptr-libevent@0x563ea925b828 size 384 Aug 26 13:15:16.896080: | libevent_malloc: new ptr-libevent@0x563ea925b728 size 16 Aug 26 13:15:16.896083: | libevent_malloc: new ptr-libevent@0x563ea91d6908 size 40 Aug 26 13:15:16.896086: | libevent_malloc: new ptr-libevent@0x563ea91d6d38 size 48 Aug 26 13:15:16.896093: | libevent_realloc: new ptr-libevent@0x563ea91fefc8 size 256 Aug 26 13:15:16.896096: | libevent_malloc: new ptr-libevent@0x563ea925b9d8 size 16 Aug 26 13:15:16.896102: | libevent_free: release ptr-libevent@0x563ea925b768 Aug 26 13:15:16.896106: | libevent initialized Aug 26 13:15:16.896110: | libevent_realloc: new ptr-libevent@0x563ea925b768 size 64 Aug 26 13:15:16.896116: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:15:16.896130: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:15:16.896133: NAT-Traversal support [enabled] Aug 26 13:15:16.896135: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:15:16.896142: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:15:16.896146: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:15:16.896176: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:15:16.896179: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:15:16.896181: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:15:16.896216: Encryption algorithms: Aug 26 13:15:16.896221: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:15:16.896223: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:15:16.896226: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:15:16.896228: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:15:16.896230: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:15:16.896238: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:15:16.896241: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:15:16.896243: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:15:16.896245: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:15:16.896247: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:15:16.896250: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:15:16.896252: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:15:16.896254: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:15:16.896257: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:15:16.896259: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:15:16.896261: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:15:16.896263: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:15:16.896268: Hash algorithms: Aug 26 13:15:16.896270: MD5 IKEv1: IKE IKEv2: Aug 26 13:15:16.896272: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:15:16.896274: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:15:16.896276: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:15:16.896278: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:15:16.896304: PRF algorithms: Aug 26 13:15:16.896310: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:15:16.896313: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:15:16.896317: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:15:16.896319: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:15:16.896321: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:15:16.896323: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:15:16.896339: Integrity algorithms: Aug 26 13:15:16.896342: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:15:16.896344: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:15:16.896346: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:15:16.896349: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:15:16.896351: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:15:16.896353: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:15:16.896356: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:15:16.896358: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:15:16.896359: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:15:16.896367: DH algorithms: Aug 26 13:15:16.896369: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:15:16.896371: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:15:16.896373: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:15:16.896377: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:15:16.896379: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:15:16.896381: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:15:16.896383: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:15:16.896385: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:15:16.896387: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:15:16.896389: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:15:16.896391: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:15:16.896393: testing CAMELLIA_CBC: Aug 26 13:15:16.896395: Camellia: 16 bytes with 128-bit key Aug 26 13:15:16.896513: Camellia: 16 bytes with 128-bit key Aug 26 13:15:16.896540: Camellia: 16 bytes with 256-bit key Aug 26 13:15:16.896567: Camellia: 16 bytes with 256-bit key Aug 26 13:15:16.896592: testing AES_GCM_16: Aug 26 13:15:16.896595: empty string Aug 26 13:15:16.896621: one block Aug 26 13:15:16.896641: two blocks Aug 26 13:15:16.896663: two blocks with associated data Aug 26 13:15:16.896681: testing AES_CTR: Aug 26 13:15:16.896683: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:15:16.896699: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:15:16.896717: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:15:16.896734: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:15:16.896751: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:15:16.896767: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:15:16.896786: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:15:16.896802: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:15:16.896819: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:15:16.896836: testing AES_CBC: Aug 26 13:15:16.896838: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:15:16.896855: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:15:16.896872: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:15:16.896890: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:15:16.896910: testing AES_XCBC: Aug 26 13:15:16.896912: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:15:16.896987: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:15:16.897069: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:15:16.897144: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:15:16.897220: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:15:16.897302: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:15:16.897385: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:15:16.897556: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:15:16.897635: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:15:16.897718: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:15:16.897863: testing HMAC_MD5: Aug 26 13:15:16.897866: RFC 2104: MD5_HMAC test 1 Aug 26 13:15:16.897974: RFC 2104: MD5_HMAC test 2 Aug 26 13:15:16.898071: RFC 2104: MD5_HMAC test 3 Aug 26 13:15:16.898193: 8 CPU cores online Aug 26 13:15:16.898197: starting up 7 crypto helpers Aug 26 13:15:16.898222: started thread for crypto helper 0 Aug 26 13:15:16.898227: | starting up helper thread 0 Aug 26 13:15:16.898239: started thread for crypto helper 1 Aug 26 13:15:16.898241: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:15:16.898245: | crypto helper 0 waiting (nothing to do) Aug 26 13:15:16.898254: started thread for crypto helper 2 Aug 26 13:15:16.898258: | starting up helper thread 2 Aug 26 13:15:16.898267: | starting up helper thread 1 Aug 26 13:15:16.898276: started thread for crypto helper 3 Aug 26 13:15:16.898272: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:15:16.898278: | starting up helper thread 3 Aug 26 13:15:16.898293: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:15:16.898279: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:15:16.898282: | crypto helper 2 waiting (nothing to do) Aug 26 13:15:16.898324: | crypto helper 3 waiting (nothing to do) Aug 26 13:15:16.898327: started thread for crypto helper 4 Aug 26 13:15:16.898343: started thread for crypto helper 5 Aug 26 13:15:16.898357: started thread for crypto helper 6 Aug 26 13:15:16.898360: | checking IKEv1 state table Aug 26 13:15:16.898361: | starting up helper thread 4 Aug 26 13:15:16.898366: | starting up helper thread 6 Aug 26 13:15:16.898383: | starting up helper thread 5 Aug 26 13:15:16.898379: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:15:16.898386: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:15:16.898391: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:15:16.898366: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898361: | crypto helper 1 waiting (nothing to do) Aug 26 13:15:16.898432: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:15:16.898438: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898439: | crypto helper 4 waiting (nothing to do) Aug 26 13:15:16.898440: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:15:16.898449: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:15:16.898451: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:15:16.898453: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:15:16.898454: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:15:16.898456: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:15:16.898457: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:15:16.898459: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:15:16.898460: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:15:16.898462: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:15:16.898464: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:15:16.898465: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:15:16.898467: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:15:16.898468: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:15:16.898470: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:15:16.898471: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:15:16.898473: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:15:16.898475: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:15:16.898476: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898478: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:15:16.898483: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898486: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898477: | crypto helper 6 waiting (nothing to do) Aug 26 13:15:16.898488: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:15:16.898498: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898499: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:15:16.898501: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:15:16.898499: | crypto helper 5 waiting (nothing to do) Aug 26 13:15:16.898504: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:15:16.898512: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:15:16.898513: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:15:16.898515: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:15:16.898516: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898518: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:15:16.898520: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898521: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:15:16.898523: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:15:16.898528: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:15:16.898530: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:15:16.898531: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:15:16.898533: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:15:16.898535: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:15:16.898536: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898538: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:15:16.898539: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898541: | INFO: category: informational flags: 0: Aug 26 13:15:16.898543: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898544: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:15:16.898546: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898548: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:15:16.898549: | -> XAUTH_R1 EVENT_NULL Aug 26 13:15:16.898551: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:15:16.898552: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:15:16.898554: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:15:16.898556: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:15:16.898557: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:15:16.898559: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:15:16.898561: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:15:16.898562: | -> UNDEFINED EVENT_NULL Aug 26 13:15:16.898564: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:15:16.898566: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:15:16.898567: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:15:16.898569: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:15:16.898570: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:15:16.898572: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:15:16.898578: | checking IKEv2 state table Aug 26 13:15:16.898582: | PARENT_I0: category: ignore flags: 0: Aug 26 13:15:16.898584: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:15:16.898586: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898588: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:15:16.898590: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:15:16.898592: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:15:16.898594: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:15:16.898596: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:15:16.898597: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:15:16.898599: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:15:16.898601: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:15:16.898603: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:15:16.898604: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:15:16.898606: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:15:16.898608: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:15:16.898609: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:15:16.898611: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898613: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:15:16.898615: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:15:16.898616: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:15:16.898618: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:15:16.898620: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:15:16.898622: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:15:16.898625: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:15:16.898627: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:15:16.898628: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:15:16.898630: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:15:16.898632: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:15:16.898634: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:15:16.898635: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:15:16.898637: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:15:16.898639: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:15:16.898641: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:15:16.898643: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:15:16.898645: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:15:16.898646: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:15:16.898648: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:15:16.898650: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:15:16.898652: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:15:16.898654: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:15:16.898655: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:15:16.898657: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:15:16.898659: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:15:16.898661: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:15:16.898663: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:15:16.898664: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:15:16.898666: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:15:16.898677: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:15:16.898715: | Hard-wiring algorithms Aug 26 13:15:16.898717: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:15:16.898720: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:15:16.898722: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:15:16.898723: | adding 3DES_CBC to kernel algorithm db Aug 26 13:15:16.898725: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:15:16.898727: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:15:16.898728: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:15:16.898730: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:15:16.898731: | adding AES_CTR to kernel algorithm db Aug 26 13:15:16.898733: | adding AES_CBC to kernel algorithm db Aug 26 13:15:16.898735: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:15:16.898736: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:15:16.898738: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:15:16.898740: | adding NULL to kernel algorithm db Aug 26 13:15:16.898742: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:15:16.898743: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:15:16.898745: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:15:16.898747: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:15:16.898748: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:15:16.898750: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:15:16.898752: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:15:16.898753: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:15:16.898755: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:15:16.898756: | adding NONE to kernel algorithm db Aug 26 13:15:16.898774: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:15:16.898778: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:15:16.898780: | setup kernel fd callback Aug 26 13:15:16.898782: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563ea9260318 Aug 26 13:15:16.898786: | libevent_malloc: new ptr-libevent@0x563ea9244898 size 128 Aug 26 13:15:16.898788: | libevent_malloc: new ptr-libevent@0x563ea9260428 size 16 Aug 26 13:15:16.898792: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563ea9260e58 Aug 26 13:15:16.898794: | libevent_malloc: new ptr-libevent@0x563ea91ffce8 size 128 Aug 26 13:15:16.898795: | libevent_malloc: new ptr-libevent@0x563ea9260e18 size 16 Aug 26 13:15:16.898936: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:15:16.898941: selinux support is enabled. Aug 26 13:15:16.899411: | unbound context created - setting debug level to 5 Aug 26 13:15:16.899436: | /etc/hosts lookups activated Aug 26 13:15:16.899447: | /etc/resolv.conf usage activated Aug 26 13:15:16.899483: | outgoing-port-avoid set 0-65535 Aug 26 13:15:16.899500: | outgoing-port-permit set 32768-60999 Aug 26 13:15:16.899502: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:15:16.899505: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:15:16.899507: | Setting up events, loop start Aug 26 13:15:16.899509: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563ea9260ec8 Aug 26 13:15:16.899511: | libevent_malloc: new ptr-libevent@0x563ea926d048 size 128 Aug 26 13:15:16.899514: | libevent_malloc: new ptr-libevent@0x563ea9278318 size 16 Aug 26 13:15:16.899518: | libevent_realloc: new ptr-libevent@0x563ea9278358 size 256 Aug 26 13:15:16.899520: | libevent_malloc: new ptr-libevent@0x563ea9278488 size 8 Aug 26 13:15:16.899523: | libevent_realloc: new ptr-libevent@0x563ea91ff878 size 144 Aug 26 13:15:16.899524: | libevent_malloc: new ptr-libevent@0x563ea9208b78 size 152 Aug 26 13:15:16.899527: | libevent_malloc: new ptr-libevent@0x563ea92784c8 size 16 Aug 26 13:15:16.899530: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:15:16.899532: | libevent_malloc: new ptr-libevent@0x563ea9278508 size 8 Aug 26 13:15:16.899533: | libevent_malloc: new ptr-libevent@0x563ea9278548 size 152 Aug 26 13:15:16.899535: | signal event handler PLUTO_SIGTERM installed Aug 26 13:15:16.899537: | libevent_malloc: new ptr-libevent@0x563ea9278618 size 8 Aug 26 13:15:16.899539: | libevent_malloc: new ptr-libevent@0x563ea9278658 size 152 Aug 26 13:15:16.899541: | signal event handler PLUTO_SIGHUP installed Aug 26 13:15:16.899543: | libevent_malloc: new ptr-libevent@0x563ea9278728 size 8 Aug 26 13:15:16.899544: | libevent_realloc: release ptr-libevent@0x563ea91ff878 Aug 26 13:15:16.899546: | libevent_realloc: new ptr-libevent@0x563ea9278768 size 256 Aug 26 13:15:16.899548: | libevent_malloc: new ptr-libevent@0x563ea9278898 size 152 Aug 26 13:15:16.899550: | signal event handler PLUTO_SIGSYS installed Aug 26 13:15:16.899794: | created addconn helper (pid:8419) using fork+execve Aug 26 13:15:16.899809: | forked child 8419 Aug 26 13:15:16.899842: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:16.899857: listening for IKE messages Aug 26 13:15:16.904531: | Inspecting interface lo Aug 26 13:15:16.904552: | found lo with address 127.0.0.1 Aug 26 13:15:16.904558: | Inspecting interface eth1 Aug 26 13:15:16.904563: | found eth1 with address 192.1.2.45 Aug 26 13:15:16.904633: Kernel supports NIC esp-hw-offload Aug 26 13:15:16.904649: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:15:16.904722: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:15:16.904728: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:15:16.904732: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:15:16.904757: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:15:16.904783: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:15:16.904788: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:15:16.904791: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:15:16.904873: | no interfaces to sort Aug 26 13:15:16.904879: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:15:16.904887: | add_fd_read_event_handler: new ethX-pe@0x563ea9278c08 Aug 26 13:15:16.904892: | libevent_malloc: new ptr-libevent@0x563ea926cf98 size 128 Aug 26 13:15:16.904897: | libevent_malloc: new ptr-libevent@0x563ea9278c78 size 16 Aug 26 13:15:16.904905: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:15:16.904909: | add_fd_read_event_handler: new ethX-pe@0x563ea9278cb8 Aug 26 13:15:16.904912: | libevent_malloc: new ptr-libevent@0x563ea91ffe98 size 128 Aug 26 13:15:16.904915: | libevent_malloc: new ptr-libevent@0x563ea9278d28 size 16 Aug 26 13:15:16.904920: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:15:16.904923: | add_fd_read_event_handler: new ethX-pe@0x563ea9278d68 Aug 26 13:15:16.904926: | libevent_malloc: new ptr-libevent@0x563ea91ffde8 size 128 Aug 26 13:15:16.904929: | libevent_malloc: new ptr-libevent@0x563ea9278dd8 size 16 Aug 26 13:15:16.904934: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:15:16.904937: | add_fd_read_event_handler: new ethX-pe@0x563ea9278e18 Aug 26 13:15:16.904940: | libevent_malloc: new ptr-libevent@0x563ea91ff778 size 128 Aug 26 13:15:16.904943: | libevent_malloc: new ptr-libevent@0x563ea9278e88 size 16 Aug 26 13:15:16.904948: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:15:16.904953: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:15:16.904955: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:15:16.904977: loading secrets from "/etc/ipsec.secrets" Aug 26 13:15:16.904995: | saving Modulus Aug 26 13:15:16.905001: | saving PublicExponent Aug 26 13:15:16.905006: | ignoring PrivateExponent Aug 26 13:15:16.905009: | ignoring Prime1 Aug 26 13:15:16.905013: | ignoring Prime2 Aug 26 13:15:16.905016: | ignoring Exponent1 Aug 26 13:15:16.905020: | ignoring Exponent2 Aug 26 13:15:16.905023: | ignoring Coefficient Aug 26 13:15:16.905027: | ignoring CKAIDNSS Aug 26 13:15:16.905069: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:15:16.905073: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:15:16.905078: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 13:15:16.905086: | certs and keys locked by 'process_secret' Aug 26 13:15:16.905090: | certs and keys unlocked by 'process_secret' Aug 26 13:15:16.905102: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:16.905110: | spent 0.695 milliseconds in whack Aug 26 13:15:16.919204: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:16.919225: listening for IKE messages Aug 26 13:15:16.919253: | Inspecting interface lo Aug 26 13:15:16.919259: | found lo with address 127.0.0.1 Aug 26 13:15:16.919261: | Inspecting interface eth1 Aug 26 13:15:16.919264: | found eth1 with address 192.1.2.45 Aug 26 13:15:16.919321: | no interfaces to sort Aug 26 13:15:16.919330: | libevent_free: release ptr-libevent@0x563ea926cf98 Aug 26 13:15:16.919333: | free_event_entry: release EVENT_NULL-pe@0x563ea9278c08 Aug 26 13:15:16.919335: | add_fd_read_event_handler: new ethX-pe@0x563ea9278c08 Aug 26 13:15:16.919337: | libevent_malloc: new ptr-libevent@0x563ea926cf98 size 128 Aug 26 13:15:16.919342: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:15:16.919345: | libevent_free: release ptr-libevent@0x563ea91ffe98 Aug 26 13:15:16.919347: | free_event_entry: release EVENT_NULL-pe@0x563ea9278cb8 Aug 26 13:15:16.919349: | add_fd_read_event_handler: new ethX-pe@0x563ea9278cb8 Aug 26 13:15:16.919351: | libevent_malloc: new ptr-libevent@0x563ea91ffe98 size 128 Aug 26 13:15:16.919354: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:15:16.919356: | libevent_free: release ptr-libevent@0x563ea91ffde8 Aug 26 13:15:16.919362: | free_event_entry: release EVENT_NULL-pe@0x563ea9278d68 Aug 26 13:15:16.919364: | add_fd_read_event_handler: new ethX-pe@0x563ea9278d68 Aug 26 13:15:16.919366: | libevent_malloc: new ptr-libevent@0x563ea91ffde8 size 128 Aug 26 13:15:16.919369: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:15:16.919371: | libevent_free: release ptr-libevent@0x563ea91ff778 Aug 26 13:15:16.919373: | free_event_entry: release EVENT_NULL-pe@0x563ea9278e18 Aug 26 13:15:16.919375: | add_fd_read_event_handler: new ethX-pe@0x563ea9278e18 Aug 26 13:15:16.919377: | libevent_malloc: new ptr-libevent@0x563ea91ff778 size 128 Aug 26 13:15:16.919380: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:15:16.919382: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:15:16.919384: forgetting secrets Aug 26 13:15:16.919392: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:15:16.919404: loading secrets from "/etc/ipsec.secrets" Aug 26 13:15:16.919417: | saving Modulus Aug 26 13:15:16.919420: | saving PublicExponent Aug 26 13:15:16.919422: | ignoring PrivateExponent Aug 26 13:15:16.919424: | ignoring Prime1 Aug 26 13:15:16.919426: | ignoring Prime2 Aug 26 13:15:16.919428: | ignoring Exponent1 Aug 26 13:15:16.919430: | ignoring Exponent2 Aug 26 13:15:16.919433: | ignoring Coefficient Aug 26 13:15:16.919435: | ignoring CKAIDNSS Aug 26 13:15:16.919454: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:15:16.919456: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:15:16.919459: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 13:15:16.919464: | certs and keys locked by 'process_secret' Aug 26 13:15:16.919467: | certs and keys unlocked by 'process_secret' Aug 26 13:15:16.919475: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:16.919482: | spent 0.275 milliseconds in whack Aug 26 13:15:16.919840: | processing signal PLUTO_SIGCHLD Aug 26 13:15:16.919849: | waitpid returned pid 8419 (exited with status 0) Aug 26 13:15:16.919852: | reaped addconn helper child (status 0) Aug 26 13:15:16.919856: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:16.919860: | spent 0.0134 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:16.986310: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:16.986328: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:16.986331: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:15:16.986333: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:16.986334: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:15:16.986338: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:16.986343: | Added new connection westnet-eastnet-vti-01 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:15:16.986345: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:15:16.986382: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:15:16.986385: | from whack: got --esp= Aug 26 13:15:16.986410: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:15:16.986415: | counting wild cards for @west is 0 Aug 26 13:15:16.986417: | counting wild cards for @east is 0 Aug 26 13:15:16.986425: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:15:16.986427: | new hp@0x563ea927b4d8 Aug 26 13:15:16.986430: added connection description "westnet-eastnet-vti-01" Aug 26 13:15:16.986438: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:15:16.986449: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:15:16.986455: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:16.986460: | spent 0.158 milliseconds in whack Aug 26 13:15:16.986524: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:16.986537: add keyid @west Aug 26 13:15:16.986540: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:15:16.986542: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:15:16.986544: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:15:16.986545: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:15:16.986547: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:15:16.986548: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:15:16.986550: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:15:16.986551: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:15:16.986553: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:15:16.986555: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:15:16.986556: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:15:16.986558: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:15:16.986559: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:15:16.986561: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:15:16.986562: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:15:16.986564: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:15:16.986565: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:15:16.986567: | add pubkey 15 04 37 f9 Aug 26 13:15:16.986587: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:15:16.986589: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:15:16.986597: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:16.986601: | spent 0.0834 milliseconds in whack Aug 26 13:15:16.986660: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:16.986672: add keyid @east Aug 26 13:15:16.986676: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:15:16.986677: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:15:16.986679: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:15:16.986680: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:15:16.986682: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:15:16.986684: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:15:16.986685: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:15:16.986687: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:15:16.986688: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:15:16.986690: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:15:16.986691: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:15:16.986693: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:15:16.986695: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:15:16.986696: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:15:16.986698: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:15:16.986699: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:15:16.986703: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:15:16.986705: | add pubkey 51 51 48 ef Aug 26 13:15:16.986713: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:15:16.986715: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:15:16.986723: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:16.986727: | spent 0.0721 milliseconds in whack Aug 26 13:15:17.066077: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:17.066104: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:17.066108: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:15:17.066111: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:17.066114: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:15:17.066122: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:17.066130: | Added new connection westnet-eastnet-vti-02 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:15:17.066133: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:15:17.066190: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:15:17.066194: | from whack: got --esp= Aug 26 13:15:17.066232: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:15:17.066238: | counting wild cards for @west is 0 Aug 26 13:15:17.066242: | counting wild cards for @east is 0 Aug 26 13:15:17.066251: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:15:17.066256: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x563ea927b4d8: westnet-eastnet-vti-01 Aug 26 13:15:17.066260: added connection description "westnet-eastnet-vti-02" Aug 26 13:15:17.066270: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:15:17.066282: | 10.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===10.0.2.0/24 Aug 26 13:15:17.066312: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:17.066323: | spent 0.236 milliseconds in whack Aug 26 13:15:17.066335: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:17.066343: add keyid @west Aug 26 13:15:17.066348: | unreference key: 0x563ea927b5b8 @west cnt 1-- Aug 26 13:15:17.066355: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:15:17.066357: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:15:17.066360: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:15:17.066363: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:15:17.066365: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:15:17.066368: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:15:17.066370: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:15:17.066373: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:15:17.066375: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:15:17.066378: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:15:17.066381: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:15:17.066383: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:15:17.066386: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:15:17.066394: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:15:17.066397: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:15:17.066399: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:15:17.066402: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:15:17.066404: | add pubkey 15 04 37 f9 Aug 26 13:15:17.066425: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:15:17.066428: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:15:17.066438: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:17.066444: | spent 0.112 milliseconds in whack Aug 26 13:15:17.066469: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:17.066479: add keyid @east Aug 26 13:15:17.066483: | unreference key: 0x563ea927b888 @east cnt 1-- Aug 26 13:15:17.066487: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:15:17.066490: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:15:17.066493: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:15:17.066495: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:15:17.066498: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:15:17.066500: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:15:17.066503: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:15:17.066506: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:15:17.066508: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:15:17.066511: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:15:17.066513: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:15:17.066516: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:15:17.066518: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:15:17.066521: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:15:17.066524: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:15:17.066526: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:15:17.066529: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:15:17.066531: | add pubkey 51 51 48 ef Aug 26 13:15:17.066540: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:15:17.066543: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:15:17.066552: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:17.066557: | spent 0.0911 milliseconds in whack Aug 26 13:15:17.171045: | kernel_process_msg_cb process netlink message Aug 26 13:15:17.171429: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:15:17.171443: | spent 0.367 milliseconds in kernel message Aug 26 13:15:17.282482: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:17.282510: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 13:15:17.282515: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:17.282521: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Aug 26 13:15:17.282524: | connection 'westnet-eastnet-vti-01' +POLICY_UP Aug 26 13:15:17.282528: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 13:15:17.282531: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:15:17.282549: | creating state object #1 at 0x563ea927d8b8 Aug 26 13:15:17.282553: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:15:17.282560: | pstats #1 ikev2.ike started Aug 26 13:15:17.282564: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:15:17.282568: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:15:17.282578: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:17.282586: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:15:17.282592: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:15:17.282596: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:15:17.282601: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #1 "westnet-eastnet-vti-01" Aug 26 13:15:17.282605: "westnet-eastnet-vti-01" #1: initiating v2 parent SA Aug 26 13:15:17.282616: | constructing local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE) Aug 26 13:15:17.282625: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:15:17.282633: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.282637: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:15:17.282643: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.282647: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:15:17.282653: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.282657: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:15:17.282662: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.282674: "westnet-eastnet-vti-01": constructed local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.282682: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:15:17.282686: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea927b6a8 Aug 26 13:15:17.282690: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:15:17.282693: | libevent_malloc: new ptr-libevent@0x563ea927b718 size 128 Aug 26 13:15:17.282706: | #1 spent 0.183 milliseconds in ikev2_parent_outI1() Aug 26 13:15:17.282709: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:15:17.282714: | RESET processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:15:17.282717: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:15:17.282721: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:15:17.282724: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 13:15:17.282730: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:17.282734: | spent 0.263 milliseconds in whack Aug 26 13:15:17.282731: | crypto helper 0 resuming Aug 26 13:15:17.282749: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:15:17.282755: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:15:17.283398: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000643 seconds Aug 26 13:15:17.283408: | (#1) spent 0.65 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:15:17.283410: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:15:17.283413: | scheduling resume sending helper answer for #1 Aug 26 13:15:17.283415: | libevent_malloc: new ptr-libevent@0x7f61ec002888 size 128 Aug 26 13:15:17.283421: | crypto helper 0 waiting (nothing to do) Aug 26 13:15:17.283428: | processing resume sending helper answer for #1 Aug 26 13:15:17.283435: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:15:17.283440: | crypto helper 0 replies to request ID 1 Aug 26 13:15:17.283442: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:17.283445: | ikev2_parent_outI1_continue for #1 Aug 26 13:15:17.283474: | **emit ISAKMP Message: Aug 26 13:15:17.283478: | initiator cookie: Aug 26 13:15:17.283480: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.283483: | responder cookie: Aug 26 13:15:17.283485: | 00 00 00 00 00 00 00 00 Aug 26 13:15:17.283488: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:17.283491: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.283494: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:15:17.283498: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.283500: | Message ID: 0 (0x0) Aug 26 13:15:17.283503: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:17.283519: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.283522: | Emitting ikev2_proposals ... Aug 26 13:15:17.283525: | ***emit IKEv2 Security Association Payload: Aug 26 13:15:17.283528: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.283531: | flags: none (0x0) Aug 26 13:15:17.283534: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:15:17.283537: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.283540: | discarding INTEG=NONE Aug 26 13:15:17.283543: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.283546: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.283548: | prop #: 1 (0x1) Aug 26 13:15:17.283551: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:17.283554: | spi size: 0 (0x0) Aug 26 13:15:17.283556: | # transforms: 11 (0xb) Aug 26 13:15:17.283559: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.283562: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283571: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.283574: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.283577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283580: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.283583: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.283586: | length/value: 256 (0x100) Aug 26 13:15:17.283589: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.283592: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283597: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.283600: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:17.283603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283609: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283617: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.283620: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:17.283623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283632: | discarding INTEG=NONE Aug 26 13:15:17.283634: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283640: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283642: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.283646: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283649: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283651: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283654: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283659: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283662: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:17.283665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283668: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283671: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283674: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283679: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283682: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:17.283685: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283692: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283695: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283701: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283704: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:17.283707: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283710: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283713: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283715: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283723: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:17.283727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283732: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283735: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283743: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:17.283746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283755: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283760: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283763: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:17.283766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283772: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283775: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283778: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.283780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283783: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:17.283786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283789: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283792: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283795: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:15:17.283798: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.283801: | discarding INTEG=NONE Aug 26 13:15:17.283803: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.283806: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.283812: | prop #: 2 (0x2) Aug 26 13:15:17.283815: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:17.283817: | spi size: 0 (0x0) Aug 26 13:15:17.283820: | # transforms: 11 (0xb) Aug 26 13:15:17.283823: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.283826: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.283829: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283835: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.283838: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.283841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283844: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.283846: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.283849: | length/value: 128 (0x80) Aug 26 13:15:17.283852: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.283855: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283860: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.283863: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:17.283866: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283872: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283880: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.283883: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:17.283886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283892: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283894: | discarding INTEG=NONE Aug 26 13:15:17.283897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283905: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.283908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283914: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283917: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283922: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283925: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:17.283928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283935: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283938: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283946: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:17.283949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283955: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283966: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:17.283969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283972: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283975: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283978: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.283981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.283986: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:17.283989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.283992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.283995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.283998: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:17.284009: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284015: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284018: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:17.284029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284035: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284038: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284041: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.284043: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284046: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:17.284049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284056: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284059: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:15:17.284062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.284065: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.284068: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.284070: | prop #: 3 (0x3) Aug 26 13:15:17.284073: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:17.284075: | spi size: 0 (0x0) Aug 26 13:15:17.284078: | # transforms: 13 (0xd) Aug 26 13:15:17.284081: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.284084: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.284087: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284093: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.284096: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.284099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284101: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.284104: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.284107: | length/value: 256 (0x100) Aug 26 13:15:17.284110: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.284112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284118: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.284121: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:17.284124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284130: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284132: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284138: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.284140: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:17.284143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284150: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284153: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284158: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.284161: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.284164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284170: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284173: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284179: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.284182: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.284185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284191: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284193: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284196: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284199: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284201: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.284205: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284211: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284213: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284219: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284222: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:17.284225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284233: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284241: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:17.284245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284248: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284251: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284253: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284259: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284261: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:17.284264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284270: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284273: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284276: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284279: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284281: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:17.284285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284295: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284298: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284300: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284306: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:17.284309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284312: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284315: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284318: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284326: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:17.284329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284335: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284340: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284342: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.284345: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284348: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:17.284351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284357: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284360: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:15:17.284363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.284366: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.284369: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.284371: | prop #: 4 (0x4) Aug 26 13:15:17.284374: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:17.284376: | spi size: 0 (0x0) Aug 26 13:15:17.284379: | # transforms: 13 (0xd) Aug 26 13:15:17.284382: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.284385: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.284388: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284391: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284394: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.284396: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.284399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284402: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.284405: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.284407: | length/value: 128 (0x80) Aug 26 13:15:17.284411: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.284413: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284419: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.284423: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:17.284426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284435: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284440: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.284443: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:17.284446: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284449: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284452: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284455: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284460: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.284463: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.284466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284472: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284475: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284478: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284480: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.284483: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.284486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284492: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284495: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284500: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284503: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.284506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284512: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284515: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284523: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:17.284526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284536: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284544: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:17.284547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284553: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284556: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284561: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284564: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:17.284567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284573: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284576: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284584: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:17.284587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284593: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284604: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:17.284607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284610: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284613: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284616: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284621: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284624: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:17.284627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284633: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284635: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.284638: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.284641: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.284644: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:17.284647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.284650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.284654: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.284657: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:15:17.284659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.284662: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:15:17.284666: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:15:17.284669: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:15:17.284672: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.284674: | flags: none (0x0) Aug 26 13:15:17.284677: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.284681: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:15:17.284684: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.284687: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:15:17.284690: | ikev2 g^x bd 69 02 be 69 8f 61 83 32 6a 8e b4 1d 47 62 c9 Aug 26 13:15:17.284693: | ikev2 g^x bd d1 27 b0 c2 a4 e5 c3 b0 2b 5f 28 6e 9b 62 86 Aug 26 13:15:17.284695: | ikev2 g^x 27 a0 db 79 b8 f0 12 46 f5 e8 76 40 b1 11 20 c5 Aug 26 13:15:17.284698: | ikev2 g^x 3a d5 99 3f 52 f5 4e 78 37 40 37 f9 53 43 18 8b Aug 26 13:15:17.284701: | ikev2 g^x 5d 64 28 cf 83 d7 86 56 55 68 6e d5 64 90 52 55 Aug 26 13:15:17.284703: | ikev2 g^x ae 88 9a 28 0f 18 0f 0d 1c c8 46 b9 e9 6b 75 4b Aug 26 13:15:17.284706: | ikev2 g^x 70 ae 22 bc 05 78 a7 94 9a ec f2 be af 3a b4 d2 Aug 26 13:15:17.284708: | ikev2 g^x 37 de 31 4b 10 e3 37 98 63 97 ae 81 3d a0 cd 5a Aug 26 13:15:17.284711: | ikev2 g^x b4 b5 f7 b4 bf fe be ce 9c 65 e7 64 28 6c db 61 Aug 26 13:15:17.284714: | ikev2 g^x 82 31 3b 54 b2 98 b8 1d c0 81 0b 44 3b 90 68 84 Aug 26 13:15:17.284716: | ikev2 g^x c2 42 12 33 b3 92 36 cc a6 3f ad b2 1d ce 0d 2f Aug 26 13:15:17.284719: | ikev2 g^x eb 2f 76 8a 60 0b b0 2b 36 71 e8 1d 41 65 c1 8f Aug 26 13:15:17.284721: | ikev2 g^x 8d 43 bf 60 4b 84 7d 7c f0 b9 99 c4 4f ca e8 c5 Aug 26 13:15:17.284724: | ikev2 g^x a1 a9 30 bf f0 bd 81 bd b9 9b 38 21 cb e8 9d 9b Aug 26 13:15:17.284727: | ikev2 g^x fd 78 71 3f ac 3e b2 fb a5 98 9e d5 fd 16 e9 7b Aug 26 13:15:17.284729: | ikev2 g^x 6b d9 a6 fc 1f dc bc 49 75 54 07 81 6f 81 c4 b5 Aug 26 13:15:17.284732: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:15:17.284735: | ***emit IKEv2 Nonce Payload: Aug 26 13:15:17.284738: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:15:17.284740: | flags: none (0x0) Aug 26 13:15:17.284744: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:15:17.284747: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:15:17.284750: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.284753: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:15:17.284756: | IKEv2 nonce 7e 58 7b cb d9 32 98 51 d6 90 ef b1 e6 9f 8e b9 Aug 26 13:15:17.284758: | IKEv2 nonce 2d 71 f9 53 16 35 5f 77 05 17 90 3d 14 7a ec de Aug 26 13:15:17.284761: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:15:17.284764: | Adding a v2N Payload Aug 26 13:15:17.284766: | ***emit IKEv2 Notify Payload: Aug 26 13:15:17.284769: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.284772: | flags: none (0x0) Aug 26 13:15:17.284775: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.284777: | SPI size: 0 (0x0) Aug 26 13:15:17.284782: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:15:17.284786: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:17.284789: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.284792: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:15:17.284795: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:15:17.284798: | natd_hash: rcookie is zero Aug 26 13:15:17.284810: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:17.284814: | natd_hash: icookie= f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.284816: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:15:17.284819: | natd_hash: ip= c0 01 02 2d Aug 26 13:15:17.284821: | natd_hash: port=500 Aug 26 13:15:17.284824: | natd_hash: hash= 95 c4 87 74 79 59 45 6d d3 a1 43 96 0e f3 2d d9 Aug 26 13:15:17.284827: | natd_hash: hash= f6 a0 48 03 Aug 26 13:15:17.284829: | Adding a v2N Payload Aug 26 13:15:17.284832: | ***emit IKEv2 Notify Payload: Aug 26 13:15:17.284835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.284837: | flags: none (0x0) Aug 26 13:15:17.284840: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.284843: | SPI size: 0 (0x0) Aug 26 13:15:17.284845: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:15:17.284849: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:17.284852: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.284855: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:15:17.284858: | Notify data 95 c4 87 74 79 59 45 6d d3 a1 43 96 0e f3 2d d9 Aug 26 13:15:17.284860: | Notify data f6 a0 48 03 Aug 26 13:15:17.284863: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:15:17.284865: | natd_hash: rcookie is zero Aug 26 13:15:17.284872: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:17.284875: | natd_hash: icookie= f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.284878: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:15:17.284880: | natd_hash: ip= c0 01 02 17 Aug 26 13:15:17.284883: | natd_hash: port=500 Aug 26 13:15:17.284885: | natd_hash: hash= 4c 1d 4c 2a e8 36 1d 7b a9 f1 39 21 a2 44 d8 36 Aug 26 13:15:17.284888: | natd_hash: hash= 33 dc 4f f9 Aug 26 13:15:17.284890: | Adding a v2N Payload Aug 26 13:15:17.284893: | ***emit IKEv2 Notify Payload: Aug 26 13:15:17.284896: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.284898: | flags: none (0x0) Aug 26 13:15:17.284901: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.284903: | SPI size: 0 (0x0) Aug 26 13:15:17.284906: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:15:17.284909: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:17.284912: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.284915: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:15:17.284918: | Notify data 4c 1d 4c 2a e8 36 1d 7b a9 f1 39 21 a2 44 d8 36 Aug 26 13:15:17.284921: | Notify data 33 dc 4f f9 Aug 26 13:15:17.284923: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:15:17.284926: | emitting length of ISAKMP Message: 828 Aug 26 13:15:17.284933: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:15:17.284942: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.284946: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:15:17.284949: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:15:17.284954: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:15:17.284957: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:15:17.284960: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:15:17.284965: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:15:17.284968: "westnet-eastnet-vti-01" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:15:17.284977: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:15:17.284987: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:17.284991: | f1 ee aa 97 84 da cf 96 00 00 00 00 00 00 00 00 Aug 26 13:15:17.284994: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:15:17.284996: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:15:17.284999: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:15:17.285001: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:15:17.285004: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:15:17.285007: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:15:17.285009: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:15:17.285012: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:15:17.285014: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:15:17.285017: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:15:17.285019: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:15:17.285022: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:15:17.285024: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:15:17.285027: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:15:17.285030: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:15:17.285032: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:15:17.285035: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:15:17.285037: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:15:17.285040: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:15:17.285042: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:15:17.285045: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:15:17.285048: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:15:17.285050: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:15:17.285053: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:15:17.285055: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:15:17.285058: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:15:17.285060: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:15:17.285063: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:15:17.285066: | 28 00 01 08 00 0e 00 00 bd 69 02 be 69 8f 61 83 Aug 26 13:15:17.285068: | 32 6a 8e b4 1d 47 62 c9 bd d1 27 b0 c2 a4 e5 c3 Aug 26 13:15:17.285071: | b0 2b 5f 28 6e 9b 62 86 27 a0 db 79 b8 f0 12 46 Aug 26 13:15:17.285073: | f5 e8 76 40 b1 11 20 c5 3a d5 99 3f 52 f5 4e 78 Aug 26 13:15:17.285076: | 37 40 37 f9 53 43 18 8b 5d 64 28 cf 83 d7 86 56 Aug 26 13:15:17.285078: | 55 68 6e d5 64 90 52 55 ae 88 9a 28 0f 18 0f 0d Aug 26 13:15:17.285081: | 1c c8 46 b9 e9 6b 75 4b 70 ae 22 bc 05 78 a7 94 Aug 26 13:15:17.285083: | 9a ec f2 be af 3a b4 d2 37 de 31 4b 10 e3 37 98 Aug 26 13:15:17.285086: | 63 97 ae 81 3d a0 cd 5a b4 b5 f7 b4 bf fe be ce Aug 26 13:15:17.285088: | 9c 65 e7 64 28 6c db 61 82 31 3b 54 b2 98 b8 1d Aug 26 13:15:17.285091: | c0 81 0b 44 3b 90 68 84 c2 42 12 33 b3 92 36 cc Aug 26 13:15:17.285094: | a6 3f ad b2 1d ce 0d 2f eb 2f 76 8a 60 0b b0 2b Aug 26 13:15:17.285096: | 36 71 e8 1d 41 65 c1 8f 8d 43 bf 60 4b 84 7d 7c Aug 26 13:15:17.285100: | f0 b9 99 c4 4f ca e8 c5 a1 a9 30 bf f0 bd 81 bd Aug 26 13:15:17.285102: | b9 9b 38 21 cb e8 9d 9b fd 78 71 3f ac 3e b2 fb Aug 26 13:15:17.285105: | a5 98 9e d5 fd 16 e9 7b 6b d9 a6 fc 1f dc bc 49 Aug 26 13:15:17.285108: | 75 54 07 81 6f 81 c4 b5 29 00 00 24 7e 58 7b cb Aug 26 13:15:17.285110: | d9 32 98 51 d6 90 ef b1 e6 9f 8e b9 2d 71 f9 53 Aug 26 13:15:17.285113: | 16 35 5f 77 05 17 90 3d 14 7a ec de 29 00 00 08 Aug 26 13:15:17.285115: | 00 00 40 2e 29 00 00 1c 00 00 40 04 95 c4 87 74 Aug 26 13:15:17.285118: | 79 59 45 6d d3 a1 43 96 0e f3 2d d9 f6 a0 48 03 Aug 26 13:15:17.285121: | 00 00 00 1c 00 00 40 05 4c 1d 4c 2a e8 36 1d 7b Aug 26 13:15:17.285123: | a9 f1 39 21 a2 44 d8 36 33 dc 4f f9 Aug 26 13:15:17.285163: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:17.285168: | libevent_free: release ptr-libevent@0x563ea927b718 Aug 26 13:15:17.285172: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea927b6a8 Aug 26 13:15:17.285175: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:15:17.285179: | event_schedule: new EVENT_RETRANSMIT-pe@0x563ea927b6a8 Aug 26 13:15:17.285183: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:15:17.285186: | libevent_malloc: new ptr-libevent@0x563ea92800e8 size 128 Aug 26 13:15:17.285191: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10603.027645 Aug 26 13:15:17.285195: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:15:17.285200: | #1 spent 1.74 milliseconds in resume sending helper answer Aug 26 13:15:17.285205: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:15:17.285208: | libevent_free: release ptr-libevent@0x7f61ec002888 Aug 26 13:15:17.287245: | spent 0.00217 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:17.287263: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:17.287267: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.287270: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:15:17.287272: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:15:17.287275: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:15:17.287277: | 04 00 00 0e 28 00 01 08 00 0e 00 00 6c c2 48 69 Aug 26 13:15:17.287280: | d5 bf 55 ab 81 87 4a a9 bd cc 2a 38 f8 ab 32 2b Aug 26 13:15:17.287282: | 06 20 ae 8c ba a8 45 f9 d6 5c b1 fb 1a 3f 6f 97 Aug 26 13:15:17.287285: | 5c a7 4c bc ad 70 38 69 9a 80 36 96 83 a5 ce 8a Aug 26 13:15:17.287296: | d1 71 ac 6e e2 c6 92 df 15 c6 cb b1 0d 8e f9 47 Aug 26 13:15:17.287299: | 24 95 cc 73 d4 94 74 40 ad d3 4a 16 4e 9e 3f 09 Aug 26 13:15:17.287302: | 0f cb 1a c2 64 bd 5d cf 01 ff e2 44 41 89 d1 56 Aug 26 13:15:17.287304: | 07 1d 77 cb d1 5a 56 75 5b 1b 3b 67 1f e3 dc 73 Aug 26 13:15:17.287307: | 2d f9 e8 0b 55 90 0b 89 98 91 f4 eb b1 93 9d 40 Aug 26 13:15:17.287310: | 84 43 83 b6 b1 89 ff e6 c5 46 f8 91 8f 87 88 14 Aug 26 13:15:17.287312: | b0 0d e7 ed 62 29 e1 e8 12 1d 2c db 42 d2 8f 25 Aug 26 13:15:17.287315: | 2a 62 46 a8 bd ce af 33 d2 b1 24 49 8e b2 46 9b Aug 26 13:15:17.287317: | 85 38 83 b5 29 2b 4f 26 f1 49 a9 11 0c c2 d6 be Aug 26 13:15:17.287321: | c8 f6 0c 5a c3 88 38 63 25 be 36 30 bd 25 d6 56 Aug 26 13:15:17.287323: | bd b7 c8 6e 44 1f d4 bc c6 f8 cd 69 19 da be ce Aug 26 13:15:17.287326: | 5f 34 f6 52 d6 8e 0a 18 69 18 33 74 b3 51 8e e0 Aug 26 13:15:17.287328: | a0 e9 23 f8 58 3c 62 84 b3 0e 77 47 29 00 00 24 Aug 26 13:15:17.287331: | 9a 9a 1a 83 17 d3 67 c3 e1 99 a3 12 cc d9 95 22 Aug 26 13:15:17.287334: | f5 7d 01 05 1e c9 5f ad ef 72 11 13 08 78 36 e2 Aug 26 13:15:17.287337: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:15:17.287339: | 50 27 e3 3e fa 2a cc c4 c3 53 a8 2c aa c1 54 bd Aug 26 13:15:17.287344: | ef 7b be 71 00 00 00 1c 00 00 40 05 81 ea e3 b0 Aug 26 13:15:17.287346: | 82 dc 27 06 86 e2 80 f4 7a 44 ec f8 32 c8 37 be Aug 26 13:15:17.287351: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:17.287354: | **parse ISAKMP Message: Aug 26 13:15:17.287357: | initiator cookie: Aug 26 13:15:17.287360: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.287362: | responder cookie: Aug 26 13:15:17.287365: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.287368: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:15:17.287370: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.287373: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:15:17.287376: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:15:17.287379: | Message ID: 0 (0x0) Aug 26 13:15:17.287381: | length: 432 (0x1b0) Aug 26 13:15:17.287384: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:15:17.287388: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:15:17.287392: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:15:17.287398: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:17.287403: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:15:17.287406: | #1 is idle Aug 26 13:15:17.287408: | #1 idle Aug 26 13:15:17.287411: | unpacking clear payload Aug 26 13:15:17.287413: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:15:17.287416: | ***parse IKEv2 Security Association Payload: Aug 26 13:15:17.287419: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:15:17.287422: | flags: none (0x0) Aug 26 13:15:17.287424: | length: 40 (0x28) Aug 26 13:15:17.287427: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:15:17.287430: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:15:17.287433: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:15:17.287435: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:15:17.287438: | flags: none (0x0) Aug 26 13:15:17.287440: | length: 264 (0x108) Aug 26 13:15:17.287443: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.287446: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:15:17.287448: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:15:17.287451: | ***parse IKEv2 Nonce Payload: Aug 26 13:15:17.287454: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:15:17.287456: | flags: none (0x0) Aug 26 13:15:17.287459: | length: 36 (0x24) Aug 26 13:15:17.287462: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:15:17.287464: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:15:17.287467: | ***parse IKEv2 Notify Payload: Aug 26 13:15:17.287470: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:15:17.287472: | flags: none (0x0) Aug 26 13:15:17.287475: | length: 8 (0x8) Aug 26 13:15:17.287477: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.287480: | SPI size: 0 (0x0) Aug 26 13:15:17.287483: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:15:17.287486: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:15:17.287488: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:15:17.287491: | ***parse IKEv2 Notify Payload: Aug 26 13:15:17.287493: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:15:17.287496: | flags: none (0x0) Aug 26 13:15:17.287498: | length: 28 (0x1c) Aug 26 13:15:17.287501: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.287504: | SPI size: 0 (0x0) Aug 26 13:15:17.287506: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:15:17.287509: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:15:17.287511: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:15:17.287515: | ***parse IKEv2 Notify Payload: Aug 26 13:15:17.287518: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.287521: | flags: none (0x0) Aug 26 13:15:17.287523: | length: 28 (0x1c) Aug 26 13:15:17.287526: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:17.287528: | SPI size: 0 (0x0) Aug 26 13:15:17.287531: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:15:17.287534: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:15:17.287537: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:15:17.287540: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:15:17.287543: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:15:17.287546: | Now let's proceed with state specific processing Aug 26 13:15:17.287549: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:15:17.287552: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:15:17.287568: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:17.287572: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:15:17.287576: | local proposal 1 type ENCR has 1 transforms Aug 26 13:15:17.287578: | local proposal 1 type PRF has 2 transforms Aug 26 13:15:17.287581: | local proposal 1 type INTEG has 1 transforms Aug 26 13:15:17.287584: | local proposal 1 type DH has 8 transforms Aug 26 13:15:17.287587: | local proposal 1 type ESN has 0 transforms Aug 26 13:15:17.287590: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:15:17.287593: | local proposal 2 type ENCR has 1 transforms Aug 26 13:15:17.287596: | local proposal 2 type PRF has 2 transforms Aug 26 13:15:17.287598: | local proposal 2 type INTEG has 1 transforms Aug 26 13:15:17.287601: | local proposal 2 type DH has 8 transforms Aug 26 13:15:17.287604: | local proposal 2 type ESN has 0 transforms Aug 26 13:15:17.287607: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:15:17.287610: | local proposal 3 type ENCR has 1 transforms Aug 26 13:15:17.287612: | local proposal 3 type PRF has 2 transforms Aug 26 13:15:17.287615: | local proposal 3 type INTEG has 2 transforms Aug 26 13:15:17.287618: | local proposal 3 type DH has 8 transforms Aug 26 13:15:17.287620: | local proposal 3 type ESN has 0 transforms Aug 26 13:15:17.287624: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:15:17.287626: | local proposal 4 type ENCR has 1 transforms Aug 26 13:15:17.287629: | local proposal 4 type PRF has 2 transforms Aug 26 13:15:17.287632: | local proposal 4 type INTEG has 2 transforms Aug 26 13:15:17.287634: | local proposal 4 type DH has 8 transforms Aug 26 13:15:17.287637: | local proposal 4 type ESN has 0 transforms Aug 26 13:15:17.287640: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:15:17.287643: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.287646: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.287648: | length: 36 (0x24) Aug 26 13:15:17.287651: | prop #: 1 (0x1) Aug 26 13:15:17.287654: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:17.287656: | spi size: 0 (0x0) Aug 26 13:15:17.287659: | # transforms: 3 (0x3) Aug 26 13:15:17.287663: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:15:17.287667: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.287669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.287672: | length: 12 (0xc) Aug 26 13:15:17.287675: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.287677: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.287680: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.287683: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.287685: | length/value: 256 (0x100) Aug 26 13:15:17.287690: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:15:17.287693: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.287695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.287698: | length: 8 (0x8) Aug 26 13:15:17.287700: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:17.287703: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:17.287707: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:15:17.287710: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.287712: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.287715: | length: 8 (0x8) Aug 26 13:15:17.287718: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.287720: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.287724: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:15:17.287728: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:15:17.287733: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:15:17.287735: | remote proposal 1 matches local proposal 1 Aug 26 13:15:17.287739: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:15:17.287741: | converting proposal to internal trans attrs Aug 26 13:15:17.287751: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:17.287754: | natd_hash: icookie= f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.287757: | natd_hash: rcookie= 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.287760: | natd_hash: ip= c0 01 02 2d Aug 26 13:15:17.287762: | natd_hash: port=500 Aug 26 13:15:17.287765: | natd_hash: hash= 81 ea e3 b0 82 dc 27 06 86 e2 80 f4 7a 44 ec f8 Aug 26 13:15:17.287768: | natd_hash: hash= 32 c8 37 be Aug 26 13:15:17.287774: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:17.287776: | natd_hash: icookie= f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.287779: | natd_hash: rcookie= 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.287782: | natd_hash: ip= c0 01 02 17 Aug 26 13:15:17.287784: | natd_hash: port=500 Aug 26 13:15:17.287787: | natd_hash: hash= 50 27 e3 3e fa 2a cc c4 c3 53 a8 2c aa c1 54 bd Aug 26 13:15:17.287789: | natd_hash: hash= ef 7b be 71 Aug 26 13:15:17.287792: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:15:17.287795: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:15:17.287797: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:15:17.287801: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:15:17.287807: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:15:17.287811: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:15:17.287814: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:15:17.287817: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:15:17.287820: | libevent_free: release ptr-libevent@0x563ea92800e8 Aug 26 13:15:17.287823: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563ea927b6a8 Aug 26 13:15:17.287826: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea927b6a8 Aug 26 13:15:17.287830: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:15:17.287835: | libevent_malloc: new ptr-libevent@0x7f61ec002888 size 128 Aug 26 13:15:17.287844: | #1 spent 0.29 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:15:17.287849: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.287853: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:15:17.287856: | suspending state #1 and saving MD Aug 26 13:15:17.287858: | #1 is busy; has a suspended MD Aug 26 13:15:17.287863: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:15:17.287867: | "westnet-eastnet-vti-01" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:15:17.287871: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:17.287875: | #1 spent 0.614 milliseconds in ikev2_process_packet() Aug 26 13:15:17.287880: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:17.287878: | crypto helper 2 resuming Aug 26 13:15:17.287886: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:17.287900: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:17.287894: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:15:17.287905: | spent 0.638 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:17.287909: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:15:17.288443: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:15:17.288717: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000809 seconds Aug 26 13:15:17.288723: | (#1) spent 0.811 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:15:17.288725: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:15:17.288727: | scheduling resume sending helper answer for #1 Aug 26 13:15:17.288730: | libevent_malloc: new ptr-libevent@0x7f61e4000f48 size 128 Aug 26 13:15:17.288735: | crypto helper 2 waiting (nothing to do) Aug 26 13:15:17.288742: | processing resume sending helper answer for #1 Aug 26 13:15:17.288751: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:15:17.288756: | crypto helper 2 replies to request ID 2 Aug 26 13:15:17.288759: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:17.288761: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:15:17.288769: | creating state object #2 at 0x563ea9282958 Aug 26 13:15:17.288772: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:15:17.288776: | pstats #2 ikev2.child started Aug 26 13:15:17.288779: | duplicating state object #1 "westnet-eastnet-vti-01" as #2 for IPSEC SA Aug 26 13:15:17.288784: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:15:17.288790: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:17.288795: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:15:17.288800: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:15:17.288803: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:17.288806: | libevent_free: release ptr-libevent@0x7f61ec002888 Aug 26 13:15:17.288810: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea927b6a8 Aug 26 13:15:17.288815: | event_schedule: new EVENT_SA_REPLACE-pe@0x563ea927b6a8 Aug 26 13:15:17.288819: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:15:17.288823: | libevent_malloc: new ptr-libevent@0x7f61ec002888 size 128 Aug 26 13:15:17.288827: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:15:17.288832: | **emit ISAKMP Message: Aug 26 13:15:17.288835: | initiator cookie: Aug 26 13:15:17.288837: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.288840: | responder cookie: Aug 26 13:15:17.288843: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.288846: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:17.288848: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.288851: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:15:17.288854: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.288857: | Message ID: 1 (0x1) Aug 26 13:15:17.288860: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:17.288863: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:17.288866: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.288869: | flags: none (0x0) Aug 26 13:15:17.288872: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:17.288876: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.288879: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:17.288886: | IKEv2 CERT: send a certificate? Aug 26 13:15:17.288889: | IKEv2 CERT: no certificate to send Aug 26 13:15:17.288892: | IDr payload will be sent Aug 26 13:15:17.288906: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:15:17.288910: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.288912: | flags: none (0x0) Aug 26 13:15:17.288915: | ID type: ID_FQDN (0x2) Aug 26 13:15:17.288919: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:15:17.288922: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.288926: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:15:17.288929: | my identity 77 65 73 74 Aug 26 13:15:17.288932: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:15:17.288941: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:15:17.288944: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:15:17.288947: | flags: none (0x0) Aug 26 13:15:17.288950: | ID type: ID_FQDN (0x2) Aug 26 13:15:17.288953: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:15:17.288957: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:15:17.288960: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.288963: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:15:17.288966: | IDr 65 61 73 74 Aug 26 13:15:17.288969: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:15:17.288971: | not sending INITIAL_CONTACT Aug 26 13:15:17.288975: | ****emit IKEv2 Authentication Payload: Aug 26 13:15:17.288978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.288980: | flags: none (0x0) Aug 26 13:15:17.288983: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:15:17.288987: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:15:17.288994: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.288999: | started looking for secret for @west->@east of kind PKK_RSA Aug 26 13:15:17.289002: | actually looking for secret for @west->@east of kind PKK_RSA Aug 26 13:15:17.289006: | line 1: key type PKK_RSA(@west) to type PKK_RSA Aug 26 13:15:17.289010: | 1: compared key (none) to @west / @east -> 002 Aug 26 13:15:17.289013: | 2: compared key (none) to @west / @east -> 002 Aug 26 13:15:17.289016: | line 1: match=002 Aug 26 13:15:17.289019: | match 002 beats previous best_match 000 match=0x563ea91d2c48 (line=1) Aug 26 13:15:17.289022: | concluding with best_match=002 best=0x563ea91d2c48 (lineno=1) Aug 26 13:15:17.293118: | #1 spent 4.06 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:15:17.293131: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:15:17.293135: | rsa signature 80 f4 a6 f0 09 b6 c6 c6 b7 ef 2c ad cb 80 83 0a Aug 26 13:15:17.293138: | rsa signature 7d 43 72 10 d8 27 85 81 a5 26 6a 67 d4 26 46 4d Aug 26 13:15:17.293141: | rsa signature 16 bb 36 67 6d ec 36 be ed c6 13 42 58 3e b1 74 Aug 26 13:15:17.293143: | rsa signature 8e 56 b0 7c 4f 73 b1 61 46 d7 2a b3 64 09 47 b4 Aug 26 13:15:17.293146: | rsa signature 47 4d 4c c2 a7 d5 e6 d5 e3 38 76 99 7d b7 e8 cc Aug 26 13:15:17.293148: | rsa signature 3e a8 76 c8 64 9f 52 ab a9 36 f2 a1 ef 5d 22 ad Aug 26 13:15:17.293151: | rsa signature fb f0 a2 db 84 dc ee ee 94 d6 d2 26 95 0d df 0b Aug 26 13:15:17.293153: | rsa signature 35 c5 88 99 85 17 b1 77 d4 eb 90 52 a2 74 35 f8 Aug 26 13:15:17.293156: | rsa signature 48 7e b9 9a 47 81 d3 e9 77 7b bd 91 20 17 14 68 Aug 26 13:15:17.293159: | rsa signature e7 51 45 17 e7 77 b6 b9 d0 46 27 fa 46 1d 57 0b Aug 26 13:15:17.293161: | rsa signature 49 a8 9c 4d 1a 82 31 4a 8b d4 b6 cc ae 95 ff 6d Aug 26 13:15:17.293164: | rsa signature 1d 66 26 57 80 d4 38 72 9c 01 1a 9c ac fe fb 36 Aug 26 13:15:17.293166: | rsa signature 44 7c 34 75 b6 22 54 6a fa 17 76 84 98 ba 92 e9 Aug 26 13:15:17.293169: | rsa signature d3 b0 4b 0b 8e 6c be df ce 38 78 6d 0a 63 48 98 Aug 26 13:15:17.293172: | rsa signature 90 d4 59 63 45 6c 34 26 72 20 af 24 b4 29 26 22 Aug 26 13:15:17.293174: | rsa signature b7 f1 68 65 52 9f 3d 66 5e 2e 56 75 0c e5 81 49 Aug 26 13:15:17.293177: | rsa signature 8b d3 9b 46 c3 eb ed 3c 9c 90 0d ae 19 4a d9 72 Aug 26 13:15:17.293180: | rsa signature fe a2 Aug 26 13:15:17.293185: | #1 spent 4.17 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:15:17.293188: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:15:17.293191: | getting first pending from state #1 Aug 26 13:15:17.293212: | netlink_get_spi: allocated 0x8f45810e for esp.0@192.1.2.45 Aug 26 13:15:17.293218: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:15:17.293224: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:15:17.293231: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:15:17.293235: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:15:17.293239: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:15:17.293243: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:17.293248: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:15:17.293251: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:17.293255: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:15:17.293264: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:15:17.293280: | Emitting ikev2_proposals ... Aug 26 13:15:17.293300: | ****emit IKEv2 Security Association Payload: Aug 26 13:15:17.293306: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.293309: | flags: none (0x0) Aug 26 13:15:17.293313: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:15:17.293317: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.293333: | discarding INTEG=NONE Aug 26 13:15:17.293336: | discarding DH=NONE Aug 26 13:15:17.293338: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.293341: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293359: | prop #: 1 (0x1) Aug 26 13:15:17.293362: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.293364: | spi size: 4 (0x4) Aug 26 13:15:17.293367: | # transforms: 2 (0x2) Aug 26 13:15:17.293370: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.293373: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.293376: | our spi 8f 45 81 0e Aug 26 13:15:17.293392: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293397: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.293400: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.293403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293406: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.293409: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.293411: | length/value: 256 (0x100) Aug 26 13:15:17.293414: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.293417: | discarding INTEG=NONE Aug 26 13:15:17.293419: | discarding DH=NONE Aug 26 13:15:17.293422: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293424: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.293427: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.293429: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.293432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293438: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293441: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:15:17.293444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.293446: | discarding INTEG=NONE Aug 26 13:15:17.293448: | discarding DH=NONE Aug 26 13:15:17.293451: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.293454: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293456: | prop #: 2 (0x2) Aug 26 13:15:17.293459: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.293461: | spi size: 4 (0x4) Aug 26 13:15:17.293464: | # transforms: 2 (0x2) Aug 26 13:15:17.293467: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293471: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.293476: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.293479: | our spi 8f 45 81 0e Aug 26 13:15:17.293482: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293487: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.293490: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.293493: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293495: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.293498: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.293501: | length/value: 128 (0x80) Aug 26 13:15:17.293503: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.293506: | discarding INTEG=NONE Aug 26 13:15:17.293508: | discarding DH=NONE Aug 26 13:15:17.293510: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293513: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.293516: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.293518: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.293521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293527: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293529: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:15:17.293532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.293534: | discarding DH=NONE Aug 26 13:15:17.293537: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.293539: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293542: | prop #: 3 (0x3) Aug 26 13:15:17.293544: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.293547: | spi size: 4 (0x4) Aug 26 13:15:17.293549: | # transforms: 4 (0x4) Aug 26 13:15:17.293553: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293556: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.293559: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.293561: | our spi 8f 45 81 0e Aug 26 13:15:17.293563: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293569: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.293571: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.293574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293577: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.293580: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.293582: | length/value: 256 (0x100) Aug 26 13:15:17.293585: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.293588: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293593: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.293595: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.293598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293606: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293609: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293614: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.293616: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.293619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293625: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293627: | discarding DH=NONE Aug 26 13:15:17.293629: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293632: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.293634: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.293637: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.293640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293646: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293648: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:15:17.293651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.293654: | discarding DH=NONE Aug 26 13:15:17.293657: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.293660: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.293662: | prop #: 4 (0x4) Aug 26 13:15:17.293665: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.293667: | spi size: 4 (0x4) Aug 26 13:15:17.293670: | # transforms: 4 (0x4) Aug 26 13:15:17.293673: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.293676: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.293679: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.293682: | our spi 8f 45 81 0e Aug 26 13:15:17.293684: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293689: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.293692: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.293695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293698: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.293701: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.293704: | length/value: 128 (0x80) Aug 26 13:15:17.293707: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.293709: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293715: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.293718: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.293721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293734: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293740: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.293743: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.293746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293755: | discarding DH=NONE Aug 26 13:15:17.293757: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.293760: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.293763: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.293766: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.293769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.293772: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.293775: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.293778: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:15:17.293781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.293784: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:15:17.293787: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:15:17.293791: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:15:17.293794: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.293797: | flags: none (0x0) Aug 26 13:15:17.293800: | number of TS: 1 (0x1) Aug 26 13:15:17.293803: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:15:17.293806: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.293809: | *****emit IKEv2 Traffic Selector: Aug 26 13:15:17.293812: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.293815: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.293818: | start port: 0 (0x0) Aug 26 13:15:17.293821: | end port: 65535 (0xffff) Aug 26 13:15:17.293824: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:15:17.293827: | ipv4 start c0 00 01 00 Aug 26 13:15:17.293830: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:15:17.293833: | ipv4 end c0 00 01 ff Aug 26 13:15:17.293835: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:15:17.293838: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:15:17.293841: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:15:17.293844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.293847: | flags: none (0x0) Aug 26 13:15:17.293849: | number of TS: 1 (0x1) Aug 26 13:15:17.293853: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:15:17.293856: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.293859: | *****emit IKEv2 Traffic Selector: Aug 26 13:15:17.293862: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.293865: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.293869: | start port: 0 (0x0) Aug 26 13:15:17.293872: | end port: 65535 (0xffff) Aug 26 13:15:17.293875: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:15:17.293877: | ipv4 start c0 00 02 00 Aug 26 13:15:17.293880: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:15:17.293883: | ipv4 end c0 00 02 ff Aug 26 13:15:17.293885: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:15:17.293888: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:15:17.293890: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:15:17.293893: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:15:17.293896: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:17.293899: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:15:17.293902: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:15:17.293906: | emitting length of IKEv2 Encryption Payload: 547 Aug 26 13:15:17.293909: | emitting length of ISAKMP Message: 575 Aug 26 13:15:17.293913: | **parse ISAKMP Message: Aug 26 13:15:17.293917: | initiator cookie: Aug 26 13:15:17.293919: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.293922: | responder cookie: Aug 26 13:15:17.293924: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.293927: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:17.293930: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.293933: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:15:17.293936: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.293938: | Message ID: 1 (0x1) Aug 26 13:15:17.293940: | length: 575 (0x23f) Aug 26 13:15:17.293943: | **parse IKEv2 Encryption Payload: Aug 26 13:15:17.293946: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:15:17.293949: | flags: none (0x0) Aug 26 13:15:17.293951: | length: 547 (0x223) Aug 26 13:15:17.293954: | **emit ISAKMP Message: Aug 26 13:15:17.293957: | initiator cookie: Aug 26 13:15:17.293959: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.293962: | responder cookie: Aug 26 13:15:17.293964: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.293967: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:17.293970: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.293972: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:15:17.293975: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.293978: | Message ID: 1 (0x1) Aug 26 13:15:17.293981: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:17.293984: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:15:17.293987: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:15:17.293989: | flags: none (0x0) Aug 26 13:15:17.293992: | fragment number: 1 (0x1) Aug 26 13:15:17.293994: | total fragments: 2 (0x2) Aug 26 13:15:17.293997: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:15:17.294000: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:15:17.294003: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:15:17.294006: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:15:17.294014: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:15:17.294018: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Aug 26 13:15:17.294020: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Aug 26 13:15:17.294023: | cleartext fragment 80 f4 a6 f0 09 b6 c6 c6 b7 ef 2c ad cb 80 83 0a Aug 26 13:15:17.294026: | cleartext fragment 7d 43 72 10 d8 27 85 81 a5 26 6a 67 d4 26 46 4d Aug 26 13:15:17.294028: | cleartext fragment 16 bb 36 67 6d ec 36 be ed c6 13 42 58 3e b1 74 Aug 26 13:15:17.294032: | cleartext fragment 8e 56 b0 7c 4f 73 b1 61 46 d7 2a b3 64 09 47 b4 Aug 26 13:15:17.294035: | cleartext fragment 47 4d 4c c2 a7 d5 e6 d5 e3 38 76 99 7d b7 e8 cc Aug 26 13:15:17.294037: | cleartext fragment 3e a8 76 c8 64 9f 52 ab a9 36 f2 a1 ef 5d 22 ad Aug 26 13:15:17.294040: | cleartext fragment fb f0 a2 db 84 dc ee ee 94 d6 d2 26 95 0d df 0b Aug 26 13:15:17.294042: | cleartext fragment 35 c5 88 99 85 17 b1 77 d4 eb 90 52 a2 74 35 f8 Aug 26 13:15:17.294045: | cleartext fragment 48 7e b9 9a 47 81 d3 e9 77 7b bd 91 20 17 14 68 Aug 26 13:15:17.294048: | cleartext fragment e7 51 45 17 e7 77 b6 b9 d0 46 27 fa 46 1d 57 0b Aug 26 13:15:17.294050: | cleartext fragment 49 a8 9c 4d 1a 82 31 4a 8b d4 b6 cc ae 95 ff 6d Aug 26 13:15:17.294053: | cleartext fragment 1d 66 26 57 80 d4 38 72 9c 01 1a 9c ac fe fb 36 Aug 26 13:15:17.294056: | cleartext fragment 44 7c 34 75 b6 22 54 6a fa 17 76 84 98 ba 92 e9 Aug 26 13:15:17.294058: | cleartext fragment d3 b0 4b 0b 8e 6c be df ce 38 78 6d 0a 63 48 98 Aug 26 13:15:17.294060: | cleartext fragment 90 d4 59 63 45 6c 34 26 72 20 af 24 b4 29 26 22 Aug 26 13:15:17.294063: | cleartext fragment b7 f1 68 65 52 9f 3d 66 5e 2e 56 75 0c e5 81 49 Aug 26 13:15:17.294066: | cleartext fragment 8b d3 9b 46 c3 eb ed 3c 9c 90 0d ae 19 4a d9 72 Aug 26 13:15:17.294068: | cleartext fragment fe a2 2c 00 00 a4 02 00 00 20 01 03 04 02 8f 45 Aug 26 13:15:17.294071: | cleartext fragment 81 0e 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Aug 26 13:15:17.294074: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 8f 45 Aug 26 13:15:17.294076: | cleartext fragment 81 0e 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Aug 26 13:15:17.294079: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 8f 45 Aug 26 13:15:17.294081: | cleartext fragment 81 0e 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Aug 26 13:15:17.294084: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 13:15:17.294086: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 8f 45 Aug 26 13:15:17.294089: | cleartext fragment 81 0e 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Aug 26 13:15:17.294091: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 13:15:17.294094: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Aug 26 13:15:17.294096: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:17.294100: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:15:17.294103: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:15:17.294106: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:15:17.294109: | emitting length of ISAKMP Message: 539 Aug 26 13:15:17.294123: | **emit ISAKMP Message: Aug 26 13:15:17.294127: | initiator cookie: Aug 26 13:15:17.294129: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.294132: | responder cookie: Aug 26 13:15:17.294134: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.294137: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:17.294140: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.294142: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:15:17.294145: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.294147: | Message ID: 1 (0x1) Aug 26 13:15:17.294150: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:17.294153: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:15:17.294155: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.294158: | flags: none (0x0) Aug 26 13:15:17.294160: | fragment number: 2 (0x2) Aug 26 13:15:17.294163: | total fragments: 2 (0x2) Aug 26 13:15:17.294166: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:15:17.294169: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:15:17.294173: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:15:17.294177: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:15:17.294184: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:15:17.294187: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Aug 26 13:15:17.294190: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Aug 26 13:15:17.294192: | cleartext fragment c0 00 02 00 c0 00 02 ff Aug 26 13:15:17.294195: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:17.294198: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:15:17.294200: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:15:17.294203: | emitting length of IKEv2 Encrypted Fragment: 73 Aug 26 13:15:17.294206: | emitting length of ISAKMP Message: 101 Aug 26 13:15:17.294216: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.294222: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.294226: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:15:17.294230: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:15:17.294234: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:15:17.294237: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:15:17.294243: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:15:17.294248: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:15:17.294253: "westnet-eastnet-vti-01" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:15:17.294264: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:15:17.294267: | sending fragments ... Aug 26 13:15:17.294273: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:17.294276: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.294279: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:15:17.294281: | 00 01 00 02 34 47 84 7e f7 83 7c 02 ee fc b5 8c Aug 26 13:15:17.294284: | 6a ad 1a b9 63 70 9b 9d 91 d3 84 f0 52 28 2a 2c Aug 26 13:15:17.294287: | 23 8a c7 88 00 e6 38 67 35 d0 7b 24 4f 55 0f 78 Aug 26 13:15:17.294293: | ff b8 73 68 58 53 06 c0 80 c8 18 9c b7 83 a7 bf Aug 26 13:15:17.294296: | ab 72 0d d4 04 48 5d a9 0e c2 49 39 75 ba f2 e7 Aug 26 13:15:17.294298: | 08 07 fd bd c1 2b 09 0a b0 f1 69 e0 0e f3 62 cd Aug 26 13:15:17.294301: | 0b ff a7 b2 fd b4 93 2c 3b a2 e1 e4 aa ea c7 99 Aug 26 13:15:17.294303: | d6 b1 de d1 fb aa 74 76 8b 62 90 d4 25 17 da 9b Aug 26 13:15:17.294325: | d0 69 f2 87 15 06 57 33 82 42 01 80 3b 9b 31 3b Aug 26 13:15:17.294327: | 49 ea 92 f9 71 67 1f c9 b5 fb a6 43 80 c3 1c e0 Aug 26 13:15:17.294330: | 8d 0a 96 de 1d b7 ee c5 4f c7 ef 3f 81 92 e3 40 Aug 26 13:15:17.294347: | 5b 1c 0d 9e fd 4f d6 86 ab 25 b1 cb 28 7a da 86 Aug 26 13:15:17.294350: | b7 c5 05 85 3d 2c 5c 84 3c e5 64 b1 25 d7 d3 a3 Aug 26 13:15:17.294353: | 91 26 6f f0 74 85 30 68 62 20 3c 54 e4 ab 75 34 Aug 26 13:15:17.294355: | f9 4a bf c2 a2 29 61 09 73 e7 9a 18 b3 05 9e 75 Aug 26 13:15:17.294358: | 62 1b ef a2 b0 60 d1 8a 37 20 a2 48 b1 d5 38 da Aug 26 13:15:17.294362: | a3 ed 5a f6 d5 82 54 ce d1 91 55 15 c1 e0 70 67 Aug 26 13:15:17.294365: | a0 10 77 32 0c 8e 0d bb 09 eb 0a 9c 72 0e e3 a2 Aug 26 13:15:17.294367: | 56 3d 28 47 6a 40 ae e7 30 fe 45 4e aa 46 c0 0c Aug 26 13:15:17.294370: | a1 64 00 9d cb 82 31 09 69 32 fa f5 b5 b3 88 77 Aug 26 13:15:17.294372: | 14 39 be c7 d1 08 50 59 2c c0 7d 4c 4a f5 f3 a1 Aug 26 13:15:17.294375: | 1f eb a6 2d ac 1a 06 6b 3c d1 74 ba b2 17 24 ec Aug 26 13:15:17.294377: | 6b ab 1e 5d 19 2b e8 b5 40 08 af f3 f0 13 0f 3a Aug 26 13:15:17.294379: | e8 01 46 71 76 a9 2e 2b bd a2 26 71 96 3e ca 6a Aug 26 13:15:17.294382: | 0a 17 39 a0 f5 48 f5 48 a4 f0 db 44 9b f6 22 b6 Aug 26 13:15:17.294384: | ea 95 45 0c f5 68 12 11 e6 75 69 55 bd a4 f3 14 Aug 26 13:15:17.294387: | 99 a8 01 97 cf 6e b0 fb e0 4e ed da 66 08 33 f6 Aug 26 13:15:17.294389: | 07 91 8c 09 71 18 a4 59 62 69 44 0a 71 ff 5a a4 Aug 26 13:15:17.294391: | 24 7f b2 ea 00 4d 01 32 0d 8a b2 da 09 93 a9 13 Aug 26 13:15:17.294394: | df 1d 12 ae 7e b9 f6 24 f6 b5 79 27 96 d4 09 71 Aug 26 13:15:17.294396: | 83 a8 3d c8 45 6a a7 a7 de a3 b5 a7 38 b2 04 f3 Aug 26 13:15:17.294399: | 85 f4 3e 06 56 e2 51 5c 27 ae 9e Aug 26 13:15:17.294439: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:17.294443: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.294446: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Aug 26 13:15:17.294448: | 00 02 00 02 c7 c3 f7 8d 67 e4 c8 c9 98 0e f9 4b Aug 26 13:15:17.294451: | 5b 4a 81 10 c0 2a c8 9e 1d da 93 21 ed b3 92 25 Aug 26 13:15:17.294453: | f4 b8 c0 f5 f8 3e e3 b3 33 47 3a 1d d4 85 c7 be Aug 26 13:15:17.294456: | 23 f1 a3 f4 b4 e9 63 c8 82 fb 58 78 89 cd f3 cc Aug 26 13:15:17.294458: | cb ca 16 98 c1 Aug 26 13:15:17.294470: | sent 2 fragments Aug 26 13:15:17.294474: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:15:17.294478: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f61ec002b78 Aug 26 13:15:17.294483: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:15:17.294486: | libevent_malloc: new ptr-libevent@0x563ea92800e8 size 128 Aug 26 13:15:17.294492: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10603.036944 Aug 26 13:15:17.294497: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:15:17.294502: | #1 spent 1.29 milliseconds Aug 26 13:15:17.294506: | #1 spent 5.7 milliseconds in resume sending helper answer Aug 26 13:15:17.294511: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:15:17.294515: | libevent_free: release ptr-libevent@0x7f61e4000f48 Aug 26 13:15:17.326141: | spent 0.00255 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:17.326168: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:17.326174: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.326177: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 13:15:17.326179: | a4 91 ac 40 70 cb 3d a6 64 87 c1 ef 10 f1 85 aa Aug 26 13:15:17.326182: | 1b 55 6e 83 b6 92 96 39 7a 70 a5 db e9 47 16 04 Aug 26 13:15:17.326184: | d4 95 1c 11 07 d0 ef 31 b2 b4 a1 11 b3 84 6e 58 Aug 26 13:15:17.326187: | 79 31 df a4 89 8b b5 70 1b d9 a1 c9 25 91 cb 67 Aug 26 13:15:17.326189: | 93 25 9e 3b 09 1c 2a 1c d7 0e ba b5 ee b4 65 0a Aug 26 13:15:17.326192: | 9d 27 87 72 58 27 c4 1f 37 d0 17 20 0b 15 e7 12 Aug 26 13:15:17.326195: | 3f ac 84 d0 94 a5 b8 c8 6f ac 06 46 a3 96 21 96 Aug 26 13:15:17.326198: | 46 9b 36 21 4c c3 d3 51 7f 9e 94 a6 64 4d 74 32 Aug 26 13:15:17.326200: | 99 d9 0d da 65 2d 70 bf 6f 48 f1 39 7c 83 cb 86 Aug 26 13:15:17.326203: | 74 a5 a2 43 8b 6c 39 db 72 8c ed 9b 2e bf 61 52 Aug 26 13:15:17.326206: | 3e 27 56 6a ae 1b 34 d1 c5 16 24 bb ca af b0 19 Aug 26 13:15:17.326211: | db 19 b7 77 a5 38 b2 21 3f 59 da 75 a1 29 ab 53 Aug 26 13:15:17.326214: | b7 9d 8f 78 1c 36 b7 38 ee dc 73 44 3a 9e b2 f9 Aug 26 13:15:17.326215: | 4e 76 0f 2f cf e8 e9 69 49 2e 3f 97 4a 91 85 85 Aug 26 13:15:17.326217: | e1 89 75 05 88 98 06 6f fb ed 77 e3 5b a1 2e 74 Aug 26 13:15:17.326219: | 61 f3 a9 b1 c9 32 b3 e1 96 06 92 c2 00 5d 67 3b Aug 26 13:15:17.326220: | 22 34 66 85 95 e9 e8 7e 6c e4 a3 ce 51 17 7a 9b Aug 26 13:15:17.326222: | 12 53 ed 97 04 51 3f 36 ea 72 49 13 02 7e 7e f7 Aug 26 13:15:17.326223: | 83 79 ad 12 70 b0 13 50 db 7f c3 77 9d 7c ef dc Aug 26 13:15:17.326225: | d0 ce 47 74 0f 2e 1a be 9c 17 df 08 2d 2c 55 42 Aug 26 13:15:17.326226: | 24 31 3c e3 68 58 c2 9b 46 27 2d 40 b0 2d 3c 92 Aug 26 13:15:17.326228: | fa f3 be c1 d6 2a d5 f5 be ac 6b f6 46 e2 dd 01 Aug 26 13:15:17.326229: | ca 95 15 f1 f7 3c 6d 59 b6 e9 fe 56 2c cb 7e dd Aug 26 13:15:17.326231: | 03 9c c6 a3 6a 97 6a aa f2 76 97 80 be 4e d7 24 Aug 26 13:15:17.326232: | 29 e1 2f 96 79 99 24 33 c9 77 50 c1 9f b7 ad 21 Aug 26 13:15:17.326234: | 93 1d f5 Aug 26 13:15:17.326237: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:17.326241: | **parse ISAKMP Message: Aug 26 13:15:17.326243: | initiator cookie: Aug 26 13:15:17.326244: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.326246: | responder cookie: Aug 26 13:15:17.326247: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.326249: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:17.326251: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.326253: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:15:17.326255: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:15:17.326257: | Message ID: 1 (0x1) Aug 26 13:15:17.326258: | length: 435 (0x1b3) Aug 26 13:15:17.326260: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:15:17.326263: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:15:17.326266: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:15:17.326270: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:17.326272: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:15:17.326275: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:15:17.326277: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:15:17.326279: | #2 is idle Aug 26 13:15:17.326281: | #2 idle Aug 26 13:15:17.326283: | unpacking clear payload Aug 26 13:15:17.326284: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:15:17.326286: | ***parse IKEv2 Encryption Payload: Aug 26 13:15:17.326304: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:15:17.326308: | flags: none (0x0) Aug 26 13:15:17.326310: | length: 407 (0x197) Aug 26 13:15:17.326312: | processing payload: ISAKMP_NEXT_v2SK (len=403) Aug 26 13:15:17.326314: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:15:17.326326: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:15:17.326328: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:15:17.326331: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:15:17.326332: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:15:17.326334: | flags: none (0x0) Aug 26 13:15:17.326336: | length: 12 (0xc) Aug 26 13:15:17.326337: | ID type: ID_FQDN (0x2) Aug 26 13:15:17.326339: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:15:17.326341: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:15:17.326343: | **parse IKEv2 Authentication Payload: Aug 26 13:15:17.326344: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:15:17.326347: | flags: none (0x0) Aug 26 13:15:17.326349: | length: 282 (0x11a) Aug 26 13:15:17.326350: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:15:17.326352: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:15:17.326354: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:15:17.326356: | **parse IKEv2 Security Association Payload: Aug 26 13:15:17.326357: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:15:17.326359: | flags: none (0x0) Aug 26 13:15:17.326360: | length: 36 (0x24) Aug 26 13:15:17.326362: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:15:17.326363: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:15:17.326365: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:15:17.326367: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:15:17.326368: | flags: none (0x0) Aug 26 13:15:17.326370: | length: 24 (0x18) Aug 26 13:15:17.326372: | number of TS: 1 (0x1) Aug 26 13:15:17.326373: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:15:17.326375: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:15:17.326376: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:15:17.326378: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.326380: | flags: none (0x0) Aug 26 13:15:17.326381: | length: 24 (0x18) Aug 26 13:15:17.326383: | number of TS: 1 (0x1) Aug 26 13:15:17.326384: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:15:17.326386: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:15:17.326388: | Now let's proceed with state specific processing Aug 26 13:15:17.326389: | calling processor Initiator: process IKE_AUTH response Aug 26 13:15:17.326394: | offered CA: '%none' Aug 26 13:15:17.326396: "westnet-eastnet-vti-01" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:15:17.326426: | verifying AUTH payload Aug 26 13:15:17.326438: | required RSA CA is '%any' Aug 26 13:15:17.326440: | checking RSA keyid '@east' for match with '@east' Aug 26 13:15:17.326442: | key issuer CA is '%any' Aug 26 13:15:17.326486: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 13:15:17.326491: | #1 spent 0.0448 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:15:17.326493: "westnet-eastnet-vti-01" #2: Authenticated using RSA Aug 26 13:15:17.326500: | #1 spent 0.0693 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:15:17.326503: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:15:17.326506: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:15:17.326508: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:15:17.326512: | libevent_free: release ptr-libevent@0x7f61ec002888 Aug 26 13:15:17.326516: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563ea927b6a8 Aug 26 13:15:17.326518: | event_schedule: new EVENT_SA_REKEY-pe@0x563ea927b6a8 Aug 26 13:15:17.326521: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:15:17.326523: | libevent_malloc: new ptr-libevent@0x7f61e4000f48 size 128 Aug 26 13:15:17.326646: | pstats #1 ikev2.ike established Aug 26 13:15:17.326654: | TSi: parsing 1 traffic selectors Aug 26 13:15:17.326658: | ***parse IKEv2 Traffic Selector: Aug 26 13:15:17.326662: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.326664: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.326667: | length: 16 (0x10) Aug 26 13:15:17.326670: | start port: 0 (0x0) Aug 26 13:15:17.326672: | end port: 65535 (0xffff) Aug 26 13:15:17.326676: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:15:17.326678: | TS low c0 00 01 00 Aug 26 13:15:17.326681: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:15:17.326684: | TS high c0 00 01 ff Aug 26 13:15:17.326687: | TSi: parsed 1 traffic selectors Aug 26 13:15:17.326689: | TSr: parsing 1 traffic selectors Aug 26 13:15:17.326692: | ***parse IKEv2 Traffic Selector: Aug 26 13:15:17.326695: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.326700: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.326702: | length: 16 (0x10) Aug 26 13:15:17.326705: | start port: 0 (0x0) Aug 26 13:15:17.326707: | end port: 65535 (0xffff) Aug 26 13:15:17.326710: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:15:17.326713: | TS low c0 00 02 00 Aug 26 13:15:17.326716: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:15:17.326718: | TS high c0 00 02 ff Aug 26 13:15:17.326721: | TSr: parsed 1 traffic selectors Aug 26 13:15:17.326727: | evaluating our conn="westnet-eastnet-vti-01" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:15:17.326732: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:15:17.326739: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:15:17.326743: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:15:17.326746: | TSi[0] port match: YES fitness 65536 Aug 26 13:15:17.326749: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:15:17.326756: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:15:17.326761: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:15:17.326767: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:15:17.326770: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:15:17.326773: | TSr[0] port match: YES fitness 65536 Aug 26 13:15:17.326776: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:15:17.326779: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:15:17.326782: | best fit so far: TSi[0] TSr[0] Aug 26 13:15:17.326785: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:15:17.326787: | printing contents struct traffic_selector Aug 26 13:15:17.326790: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:15:17.326792: | ipprotoid: 0 Aug 26 13:15:17.326795: | port range: 0-65535 Aug 26 13:15:17.326799: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:15:17.326802: | printing contents struct traffic_selector Aug 26 13:15:17.326804: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:15:17.326807: | ipprotoid: 0 Aug 26 13:15:17.326809: | port range: 0-65535 Aug 26 13:15:17.326813: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:15:17.326826: | using existing local ESP/AH proposals for westnet-eastnet-vti-01 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:15:17.326830: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:15:17.326835: | local proposal 1 type ENCR has 1 transforms Aug 26 13:15:17.326838: | local proposal 1 type PRF has 0 transforms Aug 26 13:15:17.326841: | local proposal 1 type INTEG has 1 transforms Aug 26 13:15:17.326844: | local proposal 1 type DH has 1 transforms Aug 26 13:15:17.326846: | local proposal 1 type ESN has 1 transforms Aug 26 13:15:17.326850: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:15:17.326853: | local proposal 2 type ENCR has 1 transforms Aug 26 13:15:17.326855: | local proposal 2 type PRF has 0 transforms Aug 26 13:15:17.326858: | local proposal 2 type INTEG has 1 transforms Aug 26 13:15:17.326861: | local proposal 2 type DH has 1 transforms Aug 26 13:15:17.326863: | local proposal 2 type ESN has 1 transforms Aug 26 13:15:17.326866: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:15:17.326869: | local proposal 3 type ENCR has 1 transforms Aug 26 13:15:17.326872: | local proposal 3 type PRF has 0 transforms Aug 26 13:15:17.326875: | local proposal 3 type INTEG has 2 transforms Aug 26 13:15:17.326879: | local proposal 3 type DH has 1 transforms Aug 26 13:15:17.326882: | local proposal 3 type ESN has 1 transforms Aug 26 13:15:17.326885: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:15:17.326888: | local proposal 4 type ENCR has 1 transforms Aug 26 13:15:17.326890: | local proposal 4 type PRF has 0 transforms Aug 26 13:15:17.326893: | local proposal 4 type INTEG has 2 transforms Aug 26 13:15:17.326895: | local proposal 4 type DH has 1 transforms Aug 26 13:15:17.326898: | local proposal 4 type ESN has 1 transforms Aug 26 13:15:17.326901: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:15:17.326905: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.326908: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.326910: | length: 32 (0x20) Aug 26 13:15:17.326913: | prop #: 1 (0x1) Aug 26 13:15:17.326916: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.326919: | spi size: 4 (0x4) Aug 26 13:15:17.326921: | # transforms: 2 (0x2) Aug 26 13:15:17.326925: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:15:17.326927: | remote SPI ee fc 67 f0 Aug 26 13:15:17.326931: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:15:17.326934: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.326936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.326939: | length: 12 (0xc) Aug 26 13:15:17.326942: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.326945: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.326948: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.326951: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.326953: | length/value: 256 (0x100) Aug 26 13:15:17.326958: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:15:17.326961: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.326963: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.326966: | length: 8 (0x8) Aug 26 13:15:17.326969: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.326971: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.326975: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:15:17.326979: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:15:17.326984: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:15:17.326986: | remote proposal 1 matches local proposal 1 Aug 26 13:15:17.326990: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:15:17.326995: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=eefc67f0;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:15:17.326998: | converting proposal to internal trans attrs Aug 26 13:15:17.327004: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:15:17.327125: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:15:17.327129: | could_route called for westnet-eastnet-vti-01 (kind=CK_PERMANENT) Aug 26 13:15:17.327131: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:17.327134: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.327135: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.327137: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.327139: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.327142: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Aug 26 13:15:17.327145: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:15:17.327147: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:15:17.327151: | AES_GCM_16 requires 4 salt bytes Aug 26 13:15:17.327153: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:15:17.327156: | setting IPsec SA replay-window to 32 Aug 26 13:15:17.327158: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Aug 26 13:15:17.327160: | netlink: enabling tunnel mode Aug 26 13:15:17.327162: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:15:17.327164: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:15:17.327220: | netlink response for Add SA esp.eefc67f0@192.1.2.23 included non-error error Aug 26 13:15:17.327223: | set up outgoing SA, ref=0/0 Aug 26 13:15:17.327225: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:15:17.327227: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:15:17.327228: | AES_GCM_16 requires 4 salt bytes Aug 26 13:15:17.327230: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:15:17.327232: | setting IPsec SA replay-window to 32 Aug 26 13:15:17.327234: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Aug 26 13:15:17.327236: | netlink: enabling tunnel mode Aug 26 13:15:17.327237: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:15:17.327239: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:15:17.327262: | netlink response for Add SA esp.8f45810e@192.1.2.45 included non-error error Aug 26 13:15:17.327265: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:17.327269: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:17.327272: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:17.327287: | raw_eroute result=success Aug 26 13:15:17.327297: | set up incoming SA, ref=0/0 Aug 26 13:15:17.327300: | sr for #2: unrouted Aug 26 13:15:17.327303: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:15:17.327304: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:17.327306: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.327308: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.327310: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.327312: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.327314: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Aug 26 13:15:17.327316: | route_and_eroute with c: westnet-eastnet-vti-01 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:15:17.327319: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:17.327323: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:15:17.327325: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:17.327334: | raw_eroute result=success Aug 26 13:15:17.327337: | running updown command "ipsec _updown" for verb up Aug 26 13:15:17.327339: | command executing up-client Aug 26 13:15:17.327358: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CON Aug 26 13:15:17.327362: | popen cmd is 1129 chars long Aug 26 13:15:17.327364: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Aug 26 13:15:17.327366: | cmd( 80):-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Aug 26 13:15:17.327368: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0': Aug 26 13:15:17.327369: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' : Aug 26 13:15:17.327371: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Aug 26 13:15:17.327373: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIEN: Aug 26 13:15:17.327374: | cmd( 480):T_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Aug 26 13:15:17.327376: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Aug 26 13:15:17.327378: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Aug 26 13:15:17.327379: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 13:15:17.327381: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Aug 26 13:15:17.327383: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Aug 26 13:15:17.327385: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Aug 26 13:15:17.327386: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xeefc67f0 SPI_OUT=0x8f45810e ipsec _up: Aug 26 13:15:17.327388: | cmd(1120):down 2>&1: Aug 26 13:15:17.344334: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.disable_policy = 1 Aug 26 13:15:17.357112: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.rp_filter = 0 Aug 26 13:15:17.369175: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.forwarding = 1 Aug 26 13:15:17.375462: "westnet-eastnet-vti-01" #2: up-client output: done ip route Aug 26 13:15:17.375701: | route_and_eroute: firewall_notified: true Aug 26 13:15:17.375708: | running updown command "ipsec _updown" for verb prepare Aug 26 13:15:17.375711: | command executing prepare-client Aug 26 13:15:17.375735: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xff Aug 26 13:15:17.375738: | popen cmd is 1134 chars long Aug 26 13:15:17.375740: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:15:17.375742: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 13:15:17.375744: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 13:15:17.375745: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Aug 26 13:15:17.375750: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER: Aug 26 13:15:17.375752: | cmd( 400):='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_: Aug 26 13:15:17.375753: | cmd( 480):CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0: Aug 26 13:15:17.375755: | cmd( 560):' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0: Aug 26 13:15:17.375757: | cmd( 640):' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FR: Aug 26 13:15:17.375758: | cmd( 720):AG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Aug 26 13:15:17.375760: | cmd( 800):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Aug 26 13:15:17.375762: | cmd( 880):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Aug 26 13:15:17.375763: | cmd( 960):FIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipse: Aug 26 13:15:17.375765: | cmd(1040):c0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xeefc67f0 SPI_OUT=0x8f45810e ipse: Aug 26 13:15:17.375767: | cmd(1120):c _updown 2>&1: Aug 26 13:15:17.384715: "westnet-eastnet-vti-01" #2: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 13:15:17.385054: "westnet-eastnet-vti-01" #2: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 13:15:17.385061: "westnet-eastnet-vti-01" #2: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 13:15:17.385077: | running updown command "ipsec _updown" for verb route Aug 26 13:15:17.385080: | command executing route-client Aug 26 13:15:17.385105: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Aug 26 13:15:17.385108: | popen cmd is 1132 chars long Aug 26 13:15:17.385110: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:15:17.385112: | cmd( 80):vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Aug 26 13:15:17.385114: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1: Aug 26 13:15:17.385115: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT=': Aug 26 13:15:17.385117: | cmd( 320):0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER=': Aug 26 13:15:17.385119: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CL: Aug 26 13:15:17.385121: | cmd( 480):IENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' : Aug 26 13:15:17.385122: | cmd( 560):PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' : Aug 26 13:15:17.385124: | cmd( 640):PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG: Aug 26 13:15:17.385126: | cmd( 720):_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: Aug 26 13:15:17.385132: | cmd( 800):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: Aug 26 13:15:17.385134: | cmd( 880):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: Aug 26 13:15:17.385135: | cmd( 960):GURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0: Aug 26 13:15:17.385137: | cmd(1040):' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xeefc67f0 SPI_OUT=0x8f45810e ipsec : Aug 26 13:15:17.385139: | cmd(1120):_updown 2>&1: Aug 26 13:15:17.404348: "westnet-eastnet-vti-01" #2: route-client output: done ip route Aug 26 13:15:17.408057: | route_and_eroute: instance "westnet-eastnet-vti-01", setting eroute_owner {spd=0x563ea9279888,sr=0x563ea9279888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:15:17.408152: | #1 spent 2.1 milliseconds in install_ipsec_sa() Aug 26 13:15:17.408159: | inR2: instance westnet-eastnet-vti-01[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:15:17.408162: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:15:17.408168: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:15:17.408178: | libevent_free: release ptr-libevent@0x563ea92800e8 Aug 26 13:15:17.408185: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f61ec002b78 Aug 26 13:15:17.408195: | #2 spent 2.86 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:15:17.408203: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.408208: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:15:17.408212: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:15:17.408216: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:15:17.408220: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:15:17.408225: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:15:17.408231: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:17.408234: | pstats #2 ikev2.child established Aug 26 13:15:17.408244: "westnet-eastnet-vti-01" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:15:17.408255: | NAT-T: encaps is 'auto' Aug 26 13:15:17.408260: "westnet-eastnet-vti-01" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xeefc67f0 <0x8f45810e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:15:17.408265: | releasing whack for #2 (sock=fd@23) Aug 26 13:15:17.408269: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 13:15:17.408272: | releasing whack and unpending for parent #1 Aug 26 13:15:17.408275: | unpending state #1 connection "westnet-eastnet-vti-01" Aug 26 13:15:17.408280: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-vti-01" Aug 26 13:15:17.408284: | removing pending policy for no connection {0x563ea926c428} Aug 26 13:15:17.408296: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 13:15:17.408304: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:15:17.408308: | event_schedule: new EVENT_SA_REKEY-pe@0x7f61ec002b78 Aug 26 13:15:17.408311: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:15:17.408316: | libevent_malloc: new ptr-libevent@0x563ea92885f8 size 128 Aug 26 13:15:17.408323: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:17.408330: | #1 spent 3.22 milliseconds in ikev2_process_packet() Aug 26 13:15:17.408334: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:17.408341: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:17.408343: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:17.408346: | spent 3.24 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:17.408354: | kernel_process_msg_cb process netlink message Aug 26 13:15:17.408359: | netlink_get: XFRM_MSG_NEWSA message Aug 26 13:15:17.408362: | netlink_get: XFRM_MSG_NEWSA message Aug 26 13:15:17.408365: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 13:15:17.408367: | xfrm netlink address change RTM_NEWADDR msg len 80 Aug 26 13:15:17.408370: | XFRM RTM_NEWADDR 192.0.1.254 IFA_LOCAL Aug 26 13:15:17.408373: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 13:15:17.408377: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:15:17.408381: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:15:17.408386: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:15:17.408390: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:15:17.408394: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 13:15:17.408396: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 13:15:17.408399: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 13:15:17.408403: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408407: | netlink_get: XFRM_MSG_NEWSA message Aug 26 13:15:17.408411: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408414: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408418: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408422: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408426: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.408431: | spent 0.0728 milliseconds in kernel message Aug 26 13:15:17.408439: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.408444: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.408448: | spent 0.00495 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:17.408451: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.408454: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.408458: | spent 0.00365 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:17.408461: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.408464: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.408467: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:17.467541: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:17.467565: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 13:15:17.467569: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:17.467573: | start processing: connection "westnet-eastnet-vti-02" (in initiate_a_connection() at initiate.c:186) Aug 26 13:15:17.467575: | connection 'westnet-eastnet-vti-02' +POLICY_UP Aug 26 13:15:17.467577: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 13:15:17.467579: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:15:17.467583: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:15:17.467587: | creating state object #3 at 0x563ea9281d88 Aug 26 13:15:17.467589: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:15:17.467596: | pstats #3 ikev2.child started Aug 26 13:15:17.467598: | duplicating state object #1 "westnet-eastnet-vti-01" as #3 for IPSEC SA Aug 26 13:15:17.467603: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:15:17.467611: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:17.467614: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:17.467619: | suspend processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:17.467623: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:17.467626: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 13:15:17.467628: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:15:17.467631: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals) Aug 26 13:15:17.467635: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:15:17.467639: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.467641: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:15:17.467644: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.467646: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:17.467649: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.467651: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:17.467653: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.467658: "westnet-eastnet-vti-02": constructed local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.467666: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 13:15:17.467669: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x563ea9280078 Aug 26 13:15:17.467672: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:15:17.467675: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:17.467678: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:15:17.467681: | RESET processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:15:17.467683: | RESET processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:15:17.467685: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:15:17.467688: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 13:15:17.467690: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:17.467694: | spent 0.161 milliseconds in whack Aug 26 13:15:17.467699: | timer_event_cb: processing event@0x563ea9280078 Aug 26 13:15:17.467701: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:15:17.467704: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:17.467710: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:15:17.467712: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:17.467729: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:15:17.467731: | libevent_malloc: new ptr-libevent@0x563ea927a748 size 128 Aug 26 13:15:17.467737: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:17.467752: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x563ea9280078 Aug 26 13:15:17.467755: | #3 spent 0.0547 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:15:17.467758: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:15:17.467759: | crypto helper 3 resuming Aug 26 13:15:17.467772: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:15:17.467777: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 13:15:17.468722: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000946 seconds Aug 26 13:15:17.468733: | (#3) spent 0.953 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 13:15:17.468736: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:15:17.468738: | scheduling resume sending helper answer for #3 Aug 26 13:15:17.468740: | libevent_malloc: new ptr-libevent@0x7f61e8002888 size 128 Aug 26 13:15:17.468742: | libevent_realloc: release ptr-libevent@0x563ea925b768 Aug 26 13:15:17.468744: | libevent_realloc: new ptr-libevent@0x7f61e80027d8 size 128 Aug 26 13:15:17.468750: | crypto helper 3 waiting (nothing to do) Aug 26 13:15:17.468786: | processing resume sending helper answer for #3 Aug 26 13:15:17.468795: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:15:17.468799: | crypto helper 3 replies to request ID 3 Aug 26 13:15:17.468801: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:17.468804: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 13:15:17.468806: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:17.468808: | libevent_free: release ptr-libevent@0x563ea927a748 Aug 26 13:15:17.468810: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:17.468813: | event_schedule: new EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:17.468815: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:15:17.468817: | libevent_malloc: new ptr-libevent@0x563ea927a748 size 128 Aug 26 13:15:17.468821: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:17.468823: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:15:17.468825: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:17.468828: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.468831: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 13:15:17.468833: | suspending state #3 and saving MD Aug 26 13:15:17.468835: | #3 is busy; has a suspended MD Aug 26 13:15:17.468837: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:15:17.468840: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:15:17.468842: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:15:17.468846: | #3 spent 0.0463 milliseconds in resume sending helper answer Aug 26 13:15:17.468849: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:15:17.468850: | libevent_free: release ptr-libevent@0x7f61e8002888 Aug 26 13:15:17.468854: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:15:17.468857: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:15:17.468860: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:17.468863: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:15:17.468868: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:15:17.468889: | **emit ISAKMP Message: Aug 26 13:15:17.468892: | initiator cookie: Aug 26 13:15:17.468893: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.468895: | responder cookie: Aug 26 13:15:17.468896: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.468898: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:17.468900: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.468902: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:15:17.468905: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:17.468907: | Message ID: 2 (0x2) Aug 26 13:15:17.468909: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:17.468911: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:17.468913: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.468915: | flags: none (0x0) Aug 26 13:15:17.468917: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:17.468919: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.468921: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:17.468941: | netlink_get_spi: allocated 0xf61acde7 for esp.0@192.1.2.45 Aug 26 13:15:17.468944: | Emitting ikev2_proposals ... Aug 26 13:15:17.468945: | ****emit IKEv2 Security Association Payload: Aug 26 13:15:17.468947: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.468949: | flags: none (0x0) Aug 26 13:15:17.468951: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:15:17.468953: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.468955: | discarding INTEG=NONE Aug 26 13:15:17.468956: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.468958: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.468960: | prop #: 1 (0x1) Aug 26 13:15:17.468962: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.468963: | spi size: 4 (0x4) Aug 26 13:15:17.468965: | # transforms: 3 (0x3) Aug 26 13:15:17.468967: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.468969: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.468970: | our spi f6 1a cd e7 Aug 26 13:15:17.468972: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.468974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.468976: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.468977: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.468979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.468981: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.468983: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.468985: | length/value: 256 (0x100) Aug 26 13:15:17.468987: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.468988: | discarding INTEG=NONE Aug 26 13:15:17.468990: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.468991: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.468993: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.468995: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.468997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.468998: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469002: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469003: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469005: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.469007: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.469008: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.469010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469014: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469015: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:15:17.469017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.469019: | discarding INTEG=NONE Aug 26 13:15:17.469020: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.469022: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.469023: | prop #: 2 (0x2) Aug 26 13:15:17.469025: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.469027: | spi size: 4 (0x4) Aug 26 13:15:17.469028: | # transforms: 3 (0x3) Aug 26 13:15:17.469030: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.469032: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.469034: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.469036: | our spi f6 1a cd e7 Aug 26 13:15:17.469037: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469040: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.469042: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.469044: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469045: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.469047: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.469049: | length/value: 128 (0x80) Aug 26 13:15:17.469050: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.469052: | discarding INTEG=NONE Aug 26 13:15:17.469053: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469056: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.469058: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.469060: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469063: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469065: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469066: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.469068: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.469070: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.469071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469075: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469077: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:15:17.469079: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.469081: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.469083: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.469084: | prop #: 3 (0x3) Aug 26 13:15:17.469086: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.469087: | spi size: 4 (0x4) Aug 26 13:15:17.469089: | # transforms: 5 (0x5) Aug 26 13:15:17.469091: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.469093: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.469094: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.469096: | our spi f6 1a cd e7 Aug 26 13:15:17.469098: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469101: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.469102: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.469104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469106: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.469107: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.469109: | length/value: 256 (0x100) Aug 26 13:15:17.469110: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.469112: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469115: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.469117: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.469119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469121: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469122: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469124: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469127: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.469128: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.469130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469135: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.469140: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.469142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469145: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469147: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469148: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.469151: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.469153: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.469155: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469158: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469160: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:15:17.469162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.469163: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.469165: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.469166: | prop #: 4 (0x4) Aug 26 13:15:17.469168: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.469169: | spi size: 4 (0x4) Aug 26 13:15:17.469171: | # transforms: 5 (0x5) Aug 26 13:15:17.469173: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:17.469175: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:17.469176: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:17.469178: | our spi f6 1a cd e7 Aug 26 13:15:17.469180: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469183: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.469184: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:17.469186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469188: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.469189: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.469191: | length/value: 128 (0x80) Aug 26 13:15:17.469192: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:17.469194: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469196: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469197: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.469199: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:17.469201: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469204: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469206: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469209: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:17.469210: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:17.469212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469218: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469221: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.469228: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.469233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469239: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469242: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:17.469244: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.469247: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.469250: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.469253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.469256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:17.469259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:17.469261: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:15:17.469264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:17.469267: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:15:17.469269: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:15:17.469272: | ****emit IKEv2 Nonce Payload: Aug 26 13:15:17.469275: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.469277: | flags: none (0x0) Aug 26 13:15:17.469281: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:15:17.469283: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.469287: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:15:17.469294: | IKEv2 nonce 2f cf 51 76 fa 11 34 90 7b ab 03 70 d2 cd 4f d3 Aug 26 13:15:17.469297: | IKEv2 nonce e2 84 ca cf 54 bc 25 d5 fe e9 1b 7b a6 d0 91 0d Aug 26 13:15:17.469299: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:15:17.469302: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:15:17.469305: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.469324: | flags: none (0x0) Aug 26 13:15:17.469326: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.469333: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:15:17.469336: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.469339: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:15:17.469342: | ikev2 g^x 03 db 24 f5 83 42 7c 82 70 4b 39 42 cf 00 44 aa Aug 26 13:15:17.469345: | ikev2 g^x 55 76 35 d3 8a 12 90 2f f8 8c 86 9a b5 47 c1 59 Aug 26 13:15:17.469360: | ikev2 g^x e7 04 2b f5 a0 31 24 da c5 c9 2b d0 a0 30 ae ec Aug 26 13:15:17.469363: | ikev2 g^x 7b 2e a2 ea 7d ca 06 f0 7f 59 30 58 bf 35 ef 17 Aug 26 13:15:17.469365: | ikev2 g^x 9d df 31 5b 62 c5 c5 7e 86 bb 15 86 8f 03 e6 8d Aug 26 13:15:17.469368: | ikev2 g^x 14 ee 71 fd eb 5b 22 79 d2 68 a9 07 8a de 11 9e Aug 26 13:15:17.469370: | ikev2 g^x 62 d5 4f 5f 4a 39 ff c7 0d 73 08 2a 79 74 ac 23 Aug 26 13:15:17.469373: | ikev2 g^x f5 93 98 eb 45 65 0d d6 cc 07 81 14 77 d2 5d 68 Aug 26 13:15:17.469375: | ikev2 g^x 8a 79 78 4b 71 4d 62 b3 15 69 b4 0c 36 cc 18 ea Aug 26 13:15:17.469377: | ikev2 g^x 40 c2 fb 1b 73 e3 19 49 72 61 31 dd 60 4e dd 68 Aug 26 13:15:17.469379: | ikev2 g^x 2b 41 52 2d 6e 6b 28 de ee 56 c9 c3 5f 67 ce 73 Aug 26 13:15:17.469381: | ikev2 g^x 1e e0 ed 8c 0b 5a 30 60 14 e6 3d b4 a3 6f b6 bb Aug 26 13:15:17.469385: | ikev2 g^x 4e f2 e4 b6 da 77 76 69 a2 ec 67 0d 87 10 ce 1d Aug 26 13:15:17.469387: | ikev2 g^x de 10 15 77 7c 5d d7 1d c8 6b 48 14 3b 97 78 f9 Aug 26 13:15:17.469390: | ikev2 g^x c0 62 c1 b6 9b ec 40 25 2e a9 22 15 97 d4 9d 41 Aug 26 13:15:17.469392: | ikev2 g^x 0e ce 7a 0a bf 0f cf 41 f9 83 7c 79 de 74 f2 60 Aug 26 13:15:17.469394: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:15:17.469397: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:15:17.469400: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.469402: | flags: none (0x0) Aug 26 13:15:17.469404: | number of TS: 1 (0x1) Aug 26 13:15:17.469407: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:15:17.469410: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.469413: | *****emit IKEv2 Traffic Selector: Aug 26 13:15:17.469416: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.469418: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.469420: | start port: 0 (0x0) Aug 26 13:15:17.469423: | end port: 65535 (0xffff) Aug 26 13:15:17.469425: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:15:17.469428: | ipv4 start 0a 00 01 00 Aug 26 13:15:17.469430: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:15:17.469432: | ipv4 end 0a 00 01 ff Aug 26 13:15:17.469435: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:15:17.469438: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:15:17.469440: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:15:17.469443: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.469445: | flags: none (0x0) Aug 26 13:15:17.469448: | number of TS: 1 (0x1) Aug 26 13:15:17.469451: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:15:17.469453: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:15:17.469456: | *****emit IKEv2 Traffic Selector: Aug 26 13:15:17.469458: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.469461: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.469463: | start port: 0 (0x0) Aug 26 13:15:17.469465: | end port: 65535 (0xffff) Aug 26 13:15:17.469468: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:15:17.469470: | ipv4 start 0a 00 02 00 Aug 26 13:15:17.469473: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:15:17.469475: | ipv4 end 0a 00 02 ff Aug 26 13:15:17.469477: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:15:17.469480: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:15:17.469483: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:15:17.469486: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:17.469489: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:15:17.469493: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:15:17.469495: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 13:15:17.469498: | emitting length of ISAKMP Message: 601 Aug 26 13:15:17.469521: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.469526: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 13:15:17.469529: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 13:15:17.469532: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 13:15:17.469537: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:15:17.469540: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:15:17.469545: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:15:17.469549: "westnet-eastnet-vti-02" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:15:17.469561: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:15:17.469571: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:17.469574: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.469577: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 13:15:17.469579: | 63 59 29 fd 5a 5d e4 3b f4 0b af db f7 be 7a 11 Aug 26 13:15:17.469582: | 31 e0 82 75 84 44 93 65 28 4a bb bf 9f 0b 98 0f Aug 26 13:15:17.469585: | 79 de ef db a3 1e 76 bc ed 70 e8 bb d3 e8 68 a3 Aug 26 13:15:17.469587: | 02 3e 3d 8f 65 8d 9a 73 3e dd c3 84 3d 58 8d 7b Aug 26 13:15:17.469589: | 75 51 9a 72 bd b8 f1 fb 3b 91 93 72 fb ab f7 04 Aug 26 13:15:17.469592: | 7e 9c f6 e0 3c 96 06 9b c0 6e 16 23 08 4d d6 c6 Aug 26 13:15:17.469594: | f5 c3 35 df 46 a1 2e 85 91 75 3a a6 68 da 17 6f Aug 26 13:15:17.469619: | f0 52 da 49 9c ed 71 14 f0 32 72 b8 3f 24 b2 53 Aug 26 13:15:17.469622: | f7 05 ba b7 49 e7 2e d3 be 19 27 59 ab d5 97 07 Aug 26 13:15:17.469624: | f7 7b 66 79 1e 6f 11 95 2c 0c df 46 dc 88 34 64 Aug 26 13:15:17.469627: | 9f 56 ce 29 cf 87 17 f1 bc 9a 2a 44 96 bd b7 27 Aug 26 13:15:17.469629: | 2e f8 9d 02 45 b5 92 c0 74 dc a4 a7 83 b4 d5 6f Aug 26 13:15:17.469632: | 4f 28 d7 b1 b5 96 5d f6 f6 d1 50 1e 01 b4 2d b8 Aug 26 13:15:17.469634: | b9 60 09 7f f0 77 08 5e 16 c6 c1 70 ad a3 dd a4 Aug 26 13:15:17.469637: | 85 f0 bc 92 f0 6b 63 75 7b ec bc f7 04 b1 60 07 Aug 26 13:15:17.469640: | 76 35 f5 e7 c1 2b 7a ce 91 36 76 2a ee ba b3 76 Aug 26 13:15:17.469642: | ce 3a 02 b5 de d5 22 ef f0 44 fe d0 13 60 e9 53 Aug 26 13:15:17.469645: | 3b d8 4a fc c7 c9 18 2f fb 4a f0 18 c9 8d 41 41 Aug 26 13:15:17.469660: | f0 67 c2 7c 18 12 9f cb e5 71 78 da 45 4b fa ae Aug 26 13:15:17.469663: | da aa dc d5 14 ad d2 94 de b4 85 8b 64 8b e2 c9 Aug 26 13:15:17.469666: | 0c b6 ea a1 c1 5b 5b 6f 5d 3e d7 bf ed 9e f1 15 Aug 26 13:15:17.469668: | e6 47 64 b2 26 8d 9c 07 77 80 df 06 aa b4 ba d8 Aug 26 13:15:17.469670: | 22 86 08 95 f5 ca ce f2 86 35 d0 f1 b7 d0 5d ed Aug 26 13:15:17.469673: | 27 e2 60 f5 e1 b7 f0 33 9b 88 3f a7 8c 8f 51 bd Aug 26 13:15:17.469675: | f5 22 ca 71 a5 f2 20 4e c3 46 7a 25 46 19 3e d4 Aug 26 13:15:17.469678: | c4 30 4b 2f 56 75 f4 c5 b2 f7 fd 8b 42 65 c5 21 Aug 26 13:15:17.469680: | 72 d6 50 6d 8d b0 f6 bf 51 03 77 74 9a 57 c7 51 Aug 26 13:15:17.469683: | f1 f5 8f a4 8e f1 9b d3 33 5a 00 e1 15 15 fe 6b Aug 26 13:15:17.469686: | 59 88 a8 54 6f 37 0b 44 fd e2 94 20 70 e0 74 3d Aug 26 13:15:17.469688: | 5d a9 d9 bb 09 63 3d a2 74 c6 dd 24 c3 40 fb 68 Aug 26 13:15:17.469691: | 47 0f e4 05 5d 0b 7f 9b ea ed 5a 5c 8f 8e 88 4a Aug 26 13:15:17.469693: | 85 8d 65 58 1a ff 75 12 fa 46 7e b7 9a 4a f4 89 Aug 26 13:15:17.469696: | 9c 2d a1 2b 1c 0e 9f 49 c4 9d 95 a3 f7 01 be a7 Aug 26 13:15:17.469698: | b8 58 8a c1 17 fe 10 5a 0b 5c db af d8 10 01 0f Aug 26 13:15:17.469701: | 7c 3c 03 53 2b b6 a7 82 e2 f4 43 90 6a 1b 7d c9 Aug 26 13:15:17.469703: | c9 54 e7 2b 20 3f 8d 04 97 Aug 26 13:15:17.469750: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:15:17.469756: | libevent_free: release ptr-libevent@0x563ea927a748 Aug 26 13:15:17.469760: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:17.469763: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:15:17.469767: | event_schedule: new EVENT_RETRANSMIT-pe@0x563ea9286478 Aug 26 13:15:17.469774: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:15:17.469777: | libevent_malloc: new ptr-libevent@0x563ea9286608 size 128 Aug 26 13:15:17.469783: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10603.212233 Aug 26 13:15:17.469789: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:15:17.469794: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:15:17.469800: | #1 spent 0.913 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:15:17.469805: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:15:17.469808: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:17.497206: | spent 0.00328 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:17.497229: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:17.497233: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.497236: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:15:17.497238: | a3 e8 c7 99 af 11 b3 21 bb 82 a1 c6 95 4f d5 ed Aug 26 13:15:17.497241: | 5d b8 46 fd 69 56 60 cc 31 ef 41 b9 58 8f 96 0c Aug 26 13:15:17.497243: | 0f 05 d1 fc b8 90 75 51 68 bc cb 60 ec fb a1 e4 Aug 26 13:15:17.497246: | ad 78 c0 79 2f d3 19 40 0a 06 b2 a7 90 29 97 25 Aug 26 13:15:17.497248: | 0e 46 b7 7e 65 cd 52 7c e8 dc 11 b9 a7 9b db b7 Aug 26 13:15:17.497250: | f3 01 3f cd 51 0d 24 3c f2 0b 60 42 dc 24 fc df Aug 26 13:15:17.497253: | 4a 97 cf c6 09 53 c3 fe 21 b9 43 52 ce 0e fb 6a Aug 26 13:15:17.497255: | 89 68 ef e0 e3 95 e4 95 fe c9 36 6a 7b b9 f5 3a Aug 26 13:15:17.497258: | 03 36 f0 16 81 ab 6f 9e 41 b0 23 ee 8c 6a a8 c9 Aug 26 13:15:17.497260: | 19 f4 e5 78 b0 32 11 db 3b 49 c6 50 2e 85 ce 5e Aug 26 13:15:17.497262: | 28 b5 be 26 89 40 8c 7b 2b 14 49 b1 86 d9 e1 ee Aug 26 13:15:17.497265: | ca ad a7 9b 49 9d ab 28 fe 0a 9b c0 03 c8 07 7e Aug 26 13:15:17.497267: | 67 97 81 5e e1 2b 4e 7a 45 a4 bb 53 11 6a 36 72 Aug 26 13:15:17.497269: | 52 79 4a 85 03 1d a2 f6 2d 9f 3c da 7c 3b 2e c9 Aug 26 13:15:17.497272: | 76 d5 5b 83 ea b4 86 e3 92 fc 1e a7 04 fa 2c 7b Aug 26 13:15:17.497274: | 41 6a a9 98 b0 f1 26 12 a9 09 ce a7 f0 77 48 c3 Aug 26 13:15:17.497277: | 9b 63 ec b8 cc d6 03 82 e0 ec b0 e5 2d ed 5b 6b Aug 26 13:15:17.497279: | 46 9e cd d0 c6 e6 06 97 7b b6 34 da b4 ad ec bd Aug 26 13:15:17.497281: | 4c 4e c2 91 a3 2d a8 2c b2 1f 13 e6 48 c7 b7 6d Aug 26 13:15:17.497284: | b1 18 50 d0 f3 6b 7d bb ca 16 0f 72 3a 60 c0 b6 Aug 26 13:15:17.497286: | e3 16 8c 22 1c ba 88 e1 06 b2 62 be d6 58 54 62 Aug 26 13:15:17.497294: | 26 12 8c 73 30 25 8a 58 2e f6 1f 72 03 0e 8a a3 Aug 26 13:15:17.497296: | 5b 0b 27 5a 66 02 5e 90 e4 a3 33 da 84 bf 36 49 Aug 26 13:15:17.497299: | dd b6 fe 11 0e a0 ba 26 0a 9b 72 c1 a7 73 64 bc Aug 26 13:15:17.497301: | 93 ae 26 f8 89 e2 fd 1c 9a 29 cf 61 69 a6 f2 ab Aug 26 13:15:17.497304: | 2f 90 b9 ae f9 8a dc 7b d6 bb 1d a2 fa 1f 4e 85 Aug 26 13:15:17.497306: | 24 Aug 26 13:15:17.497311: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:17.497315: | **parse ISAKMP Message: Aug 26 13:15:17.497318: | initiator cookie: Aug 26 13:15:17.497320: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:17.497323: | responder cookie: Aug 26 13:15:17.497325: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:17.497328: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:17.497331: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:17.497333: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:15:17.497336: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:15:17.497339: | Message ID: 2 (0x2) Aug 26 13:15:17.497344: | length: 449 (0x1c1) Aug 26 13:15:17.497347: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:15:17.497351: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:15:17.497355: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:15:17.497361: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:17.497365: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 13:15:17.497369: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:15:17.497374: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:15:17.497376: | #3 is idle Aug 26 13:15:17.497379: | #3 idle Aug 26 13:15:17.497381: | unpacking clear payload Aug 26 13:15:17.497384: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:15:17.497387: | ***parse IKEv2 Encryption Payload: Aug 26 13:15:17.497390: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:15:17.497392: | flags: none (0x0) Aug 26 13:15:17.497395: | length: 421 (0x1a5) Aug 26 13:15:17.497397: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:15:17.497400: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:15:17.497419: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:15:17.497423: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:15:17.497425: | **parse IKEv2 Security Association Payload: Aug 26 13:15:17.497428: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:15:17.497430: | flags: none (0x0) Aug 26 13:15:17.497433: | length: 44 (0x2c) Aug 26 13:15:17.497435: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:15:17.497438: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:15:17.497441: | **parse IKEv2 Nonce Payload: Aug 26 13:15:17.497443: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:15:17.497446: | flags: none (0x0) Aug 26 13:15:17.497448: | length: 36 (0x24) Aug 26 13:15:17.497450: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:15:17.497453: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:15:17.497456: | **parse IKEv2 Key Exchange Payload: Aug 26 13:15:17.497458: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:15:17.497461: | flags: none (0x0) Aug 26 13:15:17.497463: | length: 264 (0x108) Aug 26 13:15:17.497466: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.497468: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:15:17.497471: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:15:17.497474: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:15:17.497476: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:15:17.497479: | flags: none (0x0) Aug 26 13:15:17.497481: | length: 24 (0x18) Aug 26 13:15:17.497484: | number of TS: 1 (0x1) Aug 26 13:15:17.497486: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:15:17.497489: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:15:17.497491: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:15:17.497494: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:17.497496: | flags: none (0x0) Aug 26 13:15:17.497499: | length: 24 (0x18) Aug 26 13:15:17.497501: | number of TS: 1 (0x1) Aug 26 13:15:17.497504: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:15:17.497507: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:15:17.497512: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:15:17.497515: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:15:17.497518: | Now let's proceed with state specific processing Aug 26 13:15:17.497521: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:15:17.497536: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.497540: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:15:17.497544: | local proposal 1 type ENCR has 1 transforms Aug 26 13:15:17.497547: | local proposal 1 type PRF has 0 transforms Aug 26 13:15:17.497549: | local proposal 1 type INTEG has 1 transforms Aug 26 13:15:17.497552: | local proposal 1 type DH has 1 transforms Aug 26 13:15:17.497554: | local proposal 1 type ESN has 1 transforms Aug 26 13:15:17.497558: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:15:17.497560: | local proposal 2 type ENCR has 1 transforms Aug 26 13:15:17.497563: | local proposal 2 type PRF has 0 transforms Aug 26 13:15:17.497565: | local proposal 2 type INTEG has 1 transforms Aug 26 13:15:17.497568: | local proposal 2 type DH has 1 transforms Aug 26 13:15:17.497570: | local proposal 2 type ESN has 1 transforms Aug 26 13:15:17.497573: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:15:17.497576: | local proposal 3 type ENCR has 1 transforms Aug 26 13:15:17.497578: | local proposal 3 type PRF has 0 transforms Aug 26 13:15:17.497581: | local proposal 3 type INTEG has 2 transforms Aug 26 13:15:17.497583: | local proposal 3 type DH has 1 transforms Aug 26 13:15:17.497585: | local proposal 3 type ESN has 1 transforms Aug 26 13:15:17.497589: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:15:17.497591: | local proposal 4 type ENCR has 1 transforms Aug 26 13:15:17.497594: | local proposal 4 type PRF has 0 transforms Aug 26 13:15:17.497596: | local proposal 4 type INTEG has 2 transforms Aug 26 13:15:17.497599: | local proposal 4 type DH has 1 transforms Aug 26 13:15:17.497601: | local proposal 4 type ESN has 1 transforms Aug 26 13:15:17.497604: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:15:17.497607: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:15:17.497610: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:17.497612: | length: 40 (0x28) Aug 26 13:15:17.497615: | prop #: 1 (0x1) Aug 26 13:15:17.497617: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:17.497620: | spi size: 4 (0x4) Aug 26 13:15:17.497622: | # transforms: 3 (0x3) Aug 26 13:15:17.497625: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:15:17.497628: | remote SPI bc 33 e3 89 Aug 26 13:15:17.497631: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:15:17.497634: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.497637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.497639: | length: 12 (0xc) Aug 26 13:15:17.497641: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:17.497644: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:17.497647: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:15:17.497649: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:17.497652: | length/value: 256 (0x100) Aug 26 13:15:17.497656: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:15:17.497659: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.497661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:17.497664: | length: 8 (0x8) Aug 26 13:15:17.497666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:17.497669: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:17.497676: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:15:17.497678: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:15:17.497681: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:17.497683: | length: 8 (0x8) Aug 26 13:15:17.497686: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:17.497688: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:17.497692: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:15:17.497695: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:15:17.497700: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:15:17.497703: | remote proposal 1 matches local proposal 1 Aug 26 13:15:17.497706: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:15:17.497711: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=bc33e389;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:15:17.497713: | converting proposal to internal trans attrs Aug 26 13:15:17.497718: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:15:17.497723: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:15:17.497726: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:15:17.497729: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 13:15:17.497733: | libevent_free: release ptr-libevent@0x563ea9286608 Aug 26 13:15:17.497736: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563ea9286478 Aug 26 13:15:17.497739: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:17.497743: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:15:17.497746: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:17.497757: | #3 spent 0.23 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:15:17.497762: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.497766: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:15:17.497769: | suspending state #3 and saving MD Aug 26 13:15:17.497771: | #3 is busy; has a suspended MD Aug 26 13:15:17.497775: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:15:17.497779: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:15:17.497783: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:17.497787: | #1 spent 0.566 milliseconds in ikev2_process_packet() Aug 26 13:15:17.497791: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:17.497794: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:17.497798: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:17.497795: | crypto helper 1 resuming Aug 26 13:15:17.497805: | spent 0.583 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:17.497812: | crypto helper 1 starting work-order 4 for state #3 Aug 26 13:15:17.497826: | crypto helper 1 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 13:15:17.498415: | crypto helper 1 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000589 seconds Aug 26 13:15:17.498428: | (#3) spent 0.588 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 13:15:17.498432: | crypto helper 1 sending results from work-order 4 for state #3 to event queue Aug 26 13:15:17.498435: | scheduling resume sending helper answer for #3 Aug 26 13:15:17.498441: | libevent_malloc: new ptr-libevent@0x7f61dc001f78 size 128 Aug 26 13:15:17.498449: | crypto helper 1 waiting (nothing to do) Aug 26 13:15:17.498457: | processing resume sending helper answer for #3 Aug 26 13:15:17.498464: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:15:17.498468: | crypto helper 1 replies to request ID 4 Aug 26 13:15:17.498471: | calling continuation function 0x563ea7a409d0 Aug 26 13:15:17.498474: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 13:15:17.498477: | TSi: parsing 1 traffic selectors Aug 26 13:15:17.498480: | ***parse IKEv2 Traffic Selector: Aug 26 13:15:17.498483: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.498486: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.498488: | length: 16 (0x10) Aug 26 13:15:17.498491: | start port: 0 (0x0) Aug 26 13:15:17.498493: | end port: 65535 (0xffff) Aug 26 13:15:17.498496: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:15:17.498499: | TS low 0a 00 01 00 Aug 26 13:15:17.498502: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:15:17.498504: | TS high 0a 00 01 ff Aug 26 13:15:17.498507: | TSi: parsed 1 traffic selectors Aug 26 13:15:17.498510: | TSr: parsing 1 traffic selectors Aug 26 13:15:17.498512: | ***parse IKEv2 Traffic Selector: Aug 26 13:15:17.498515: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:15:17.498517: | IP Protocol ID: 0 (0x0) Aug 26 13:15:17.498520: | length: 16 (0x10) Aug 26 13:15:17.498522: | start port: 0 (0x0) Aug 26 13:15:17.498525: | end port: 65535 (0xffff) Aug 26 13:15:17.498527: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:15:17.498530: | TS low 0a 00 02 00 Aug 26 13:15:17.498532: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:15:17.498535: | TS high 0a 00 02 ff Aug 26 13:15:17.498537: | TSr: parsed 1 traffic selectors Aug 26 13:15:17.498543: | evaluating our conn="westnet-eastnet-vti-02" I=10.0.1.0/24:0/0 R=10.0.2.0/24:0/0 to their: Aug 26 13:15:17.498548: | TSi[0] .net=10.0.1.0-10.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:15:17.498554: | match address end->client=10.0.1.0/24 == TSi[0]net=10.0.1.0-10.0.1.255: YES fitness 32 Aug 26 13:15:17.498557: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:15:17.498560: | TSi[0] port match: YES fitness 65536 Aug 26 13:15:17.498563: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:15:17.498566: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:15:17.498570: | TSr[0] .net=10.0.2.0-10.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:15:17.498576: | match address end->client=10.0.2.0/24 == TSr[0]net=10.0.2.0-10.0.2.255: YES fitness 32 Aug 26 13:15:17.498579: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:15:17.498581: | TSr[0] port match: YES fitness 65536 Aug 26 13:15:17.498584: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:15:17.498587: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:15:17.498589: | best fit so far: TSi[0] TSr[0] Aug 26 13:15:17.498592: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:15:17.498594: | printing contents struct traffic_selector Aug 26 13:15:17.498597: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:15:17.498599: | ipprotoid: 0 Aug 26 13:15:17.498601: | port range: 0-65535 Aug 26 13:15:17.498605: | ip range: 10.0.1.0-10.0.1.255 Aug 26 13:15:17.498608: | printing contents struct traffic_selector Aug 26 13:15:17.498610: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:15:17.498613: | ipprotoid: 0 Aug 26 13:15:17.498615: | port range: 0-65535 Aug 26 13:15:17.498619: | ip range: 10.0.2.0-10.0.2.255 Aug 26 13:15:17.498623: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:15:17.498803: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:15:17.498811: | could_route called for westnet-eastnet-vti-02 (kind=CK_PERMANENT) Aug 26 13:15:17.498815: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:17.498818: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.498821: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.498824: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.498827: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.498831: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Aug 26 13:15:17.498835: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:15:17.498838: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:15:17.498841: | AES_GCM_16 requires 4 salt bytes Aug 26 13:15:17.498844: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:15:17.498848: | setting IPsec SA replay-window to 32 Aug 26 13:15:17.498852: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Aug 26 13:15:17.498855: | netlink: enabling tunnel mode Aug 26 13:15:17.498858: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:15:17.498861: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:15:17.498926: | netlink response for Add SA esp.bc33e389@192.1.2.23 included non-error error Aug 26 13:15:17.498930: | set up outgoing SA, ref=0/0 Aug 26 13:15:17.498934: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:15:17.498937: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:15:17.498939: | AES_GCM_16 requires 4 salt bytes Aug 26 13:15:17.498942: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:15:17.498945: | setting IPsec SA replay-window to 32 Aug 26 13:15:17.498948: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Aug 26 13:15:17.498951: | netlink: enabling tunnel mode Aug 26 13:15:17.498953: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:15:17.498956: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:15:17.498986: | netlink response for Add SA esp.f61acde7@192.1.2.45 included non-error error Aug 26 13:15:17.498990: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:17.498996: | add inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:17.499000: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:17.499021: | raw_eroute result=success Aug 26 13:15:17.499025: | set up incoming SA, ref=0/0 Aug 26 13:15:17.499027: | sr for #3: unrouted Aug 26 13:15:17.499030: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:15:17.499033: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:17.499036: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.499039: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.499042: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:17.499045: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:17.499048: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Aug 26 13:15:17.499052: | route_and_eroute with c: westnet-eastnet-vti-02 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 13:15:17.499055: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:17.499062: | eroute_connection add eroute 10.0.1.0/24:0 --0-> 10.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:15:17.499065: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:17.499076: | raw_eroute result=success Aug 26 13:15:17.499079: | running updown command "ipsec _updown" for verb up Aug 26 13:15:17.499082: | command executing up-client Aug 26 13:15:17.499110: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK Aug 26 13:15:17.499116: | popen cmd is 1124 chars long Aug 26 13:15:17.499119: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Aug 26 13:15:17.499122: | cmd( 80):-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Aug 26 13:15:17.499125: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' P: Aug 26 13:15:17.499127: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLU: Aug 26 13:15:17.499130: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.: Aug 26 13:15:17.499145: | cmd( 400):2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NE: Aug 26 13:15:17.499148: | cmd( 480):T='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Aug 26 13:15:17.499151: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Aug 26 13:15:17.499153: | cmd( 640):NN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: Aug 26 13:15:17.499156: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 13:15:17.499159: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 13:15:17.499162: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 13:15:17.499165: | cmd( 960):' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI_RO: Aug 26 13:15:17.499167: | cmd(1040):UTING='yes' VTI_SHARED='yes' SPI_IN=0xbc33e389 SPI_OUT=0xf61acde7 ipsec _updown : Aug 26 13:15:17.499170: | cmd(1120):2>&1: Aug 26 13:15:17.508280: "westnet-eastnet-vti-02" #3: up-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 13:15:17.508335: "westnet-eastnet-vti-02" #3: up-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 13:15:17.508344: "westnet-eastnet-vti-02" #3: up-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 13:15:17.510724: "westnet-eastnet-vti-02" #3: up-client output: done ip route Aug 26 13:15:17.510971: | route_and_eroute: firewall_notified: true Aug 26 13:15:17.510979: | running updown command "ipsec _updown" for verb prepare Aug 26 13:15:17.510982: | command executing prepare-client Aug 26 13:15:17.511008: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xfffffff Aug 26 13:15:17.511014: | popen cmd is 1129 chars long Aug 26 13:15:17.511016: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:15:17.511018: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 13:15:17.511020: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Aug 26 13:15:17.511021: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 13:15:17.511023: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Aug 26 13:15:17.511025: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIE: Aug 26 13:15:17.511026: | cmd( 480):NT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Aug 26 13:15:17.511028: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Aug 26 13:15:17.511030: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Aug 26 13:15:17.511032: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 13:15:17.511033: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Aug 26 13:15:17.511035: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Aug 26 13:15:17.511037: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Aug 26 13:15:17.511038: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbc33e389 SPI_OUT=0xf61acde7 ipsec _up: Aug 26 13:15:17.511040: | cmd(1120):down 2>&1: Aug 26 13:15:17.523151: "westnet-eastnet-vti-02" #3: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 13:15:17.523205: "westnet-eastnet-vti-02" #3: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 13:15:17.523221: "westnet-eastnet-vti-02" #3: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 13:15:17.523761: | running updown command "ipsec _updown" for verb route Aug 26 13:15:17.523774: | command executing route-client Aug 26 13:15:17.523824: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CO Aug 26 13:15:17.523830: | popen cmd is 1127 chars long Aug 26 13:15:17.523834: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:15:17.523839: | cmd( 80):vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Aug 26 13:15:17.523847: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0: Aug 26 13:15:17.523851: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' : Aug 26 13:15:17.523855: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Aug 26 13:15:17.523859: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT: Aug 26 13:15:17.523863: | cmd( 480):_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO: Aug 26 13:15:17.523868: | cmd( 560):_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO: Aug 26 13:15:17.523872: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: Aug 26 13:15:17.523876: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 13:15:17.523880: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 13:15:17.523884: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 13:15:17.523887: | cmd( 960):='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI: Aug 26 13:15:17.523891: | cmd(1040):_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbc33e389 SPI_OUT=0xf61acde7 ipsec _updo: Aug 26 13:15:17.523894: | cmd(1120):wn 2>&1: Aug 26 13:15:17.546017: "westnet-eastnet-vti-02" #3: route-client output: RTNETLINK answers: File exists Aug 26 13:15:17.551993: "westnet-eastnet-vti-02" #3: route-client output: done ip route Aug 26 13:15:17.557967: | route_and_eroute: instance "westnet-eastnet-vti-02", setting eroute_owner {spd=0x563ea927bba8,sr=0x563ea927bba8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:15:17.558139: | #1 spent 2.38 milliseconds in install_ipsec_sa() Aug 26 13:15:17.558152: | inR2: instance westnet-eastnet-vti-02[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:15:17.558156: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:17.558169: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:17.558177: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:17.558192: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:17.558196: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 13:15:17.558199: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:15:17.558202: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:15:17.558204: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:15:17.558208: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:15:17.558211: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:17.558213: | pstats #3 ikev2.child established Aug 26 13:15:17.558221: "westnet-eastnet-vti-02" #3: negotiated connection [10.0.1.0-10.0.1.255:0-65535 0] -> [10.0.2.0-10.0.2.255:0-65535 0] Aug 26 13:15:17.558231: | NAT-T: encaps is 'auto' Aug 26 13:15:17.558239: "westnet-eastnet-vti-02" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xbc33e389 <0xf61acde7 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:15:17.558245: | releasing whack for #3 (sock=fd@22) Aug 26 13:15:17.558253: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 13:15:17.558258: | releasing whack and unpending for parent #1 Aug 26 13:15:17.558261: | unpending state #1 connection "westnet-eastnet-vti-02" Aug 26 13:15:17.558267: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 13:15:17.558274: | event_schedule: new EVENT_SA_REKEY-pe@0x563ea9286478 Aug 26 13:15:17.558278: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 13:15:17.558282: | libevent_malloc: new ptr-libevent@0x563ea9286608 size 128 Aug 26 13:15:17.558294: | #3 spent 2.87 milliseconds in resume sending helper answer Aug 26 13:15:17.558302: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:15:17.558308: | libevent_free: release ptr-libevent@0x7f61dc001f78 Aug 26 13:15:17.558319: | kernel_process_msg_cb process netlink message Aug 26 13:15:17.558326: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:15:17.558332: | spent 0.00813 milliseconds in kernel message Aug 26 13:15:17.558341: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.558347: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.558351: | spent 0.00575 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:17.558354: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.558358: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.558362: | spent 0.0041 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:17.558365: | processing signal PLUTO_SIGCHLD Aug 26 13:15:17.558368: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:17.558372: | spent 0.00391 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:20.838199: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:20.838219: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:15:20.838222: | FOR_EACH_STATE_... in sort_states Aug 26 13:15:20.838228: | get_sa_info esp.8f45810e@192.1.2.45 Aug 26 13:15:20.838246: | get_sa_info esp.eefc67f0@192.1.2.23 Aug 26 13:15:20.838258: | get_sa_info esp.f61acde7@192.1.2.45 Aug 26 13:15:20.838264: | get_sa_info esp.bc33e389@192.1.2.23 Aug 26 13:15:20.838295: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:20.838305: | spent 0.11 milliseconds in whack Aug 26 13:15:21.969918: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:21.970256: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:15:21.970262: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:15:21.970349: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:15:21.970354: | FOR_EACH_STATE_... in sort_states Aug 26 13:15:21.970364: | get_sa_info esp.8f45810e@192.1.2.45 Aug 26 13:15:21.970378: | get_sa_info esp.eefc67f0@192.1.2.23 Aug 26 13:15:21.970389: | get_sa_info esp.f61acde7@192.1.2.45 Aug 26 13:15:21.970395: | get_sa_info esp.bc33e389@192.1.2.23 Aug 26 13:15:21.970410: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:15:21.970416: | spent 0.648 milliseconds in whack Aug 26 13:15:22.245155: | spent 0.00301 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:22.245189: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:22.245194: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.245197: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:15:22.245200: | 7e f8 c9 28 70 1d 10 56 1d 58 02 47 28 f2 ee 01 Aug 26 13:15:22.245202: | 38 77 73 26 c1 28 75 52 05 a8 93 68 5a 29 5c d8 Aug 26 13:15:22.245204: | ec dd 4f ea f1 Aug 26 13:15:22.245210: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:22.245214: | **parse ISAKMP Message: Aug 26 13:15:22.245217: | initiator cookie: Aug 26 13:15:22.245219: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.245222: | responder cookie: Aug 26 13:15:22.245224: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.245227: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:22.245230: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.245233: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.245237: | flags: none (0x0) Aug 26 13:15:22.245243: | Message ID: 0 (0x0) Aug 26 13:15:22.245246: | length: 69 (0x45) Aug 26 13:15:22.245249: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:15:22.245253: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:15:22.245258: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:15:22.245265: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:22.245268: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:15:22.245274: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:15:22.245277: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:15:22.245281: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 13:15:22.245284: | unpacking clear payload Aug 26 13:15:22.245287: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:15:22.245307: | ***parse IKEv2 Encryption Payload: Aug 26 13:15:22.245310: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:15:22.245313: | flags: none (0x0) Aug 26 13:15:22.245315: | length: 41 (0x29) Aug 26 13:15:22.245318: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:15:22.245322: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:15:22.245326: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:15:22.245356: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:15:22.245360: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:15:22.245363: | **parse IKEv2 Delete Payload: Aug 26 13:15:22.245366: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.245369: | flags: none (0x0) Aug 26 13:15:22.245371: | length: 12 (0xc) Aug 26 13:15:22.245374: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:15:22.245377: | SPI size: 4 (0x4) Aug 26 13:15:22.245380: | number of SPIs: 1 (0x1) Aug 26 13:15:22.245383: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:15:22.245386: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:15:22.245388: | Now let's proceed with state specific processing Aug 26 13:15:22.245391: | calling processor I3: INFORMATIONAL Request Aug 26 13:15:22.245395: | an informational request should send a response Aug 26 13:15:22.245420: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:15:22.245426: | **emit ISAKMP Message: Aug 26 13:15:22.245429: | initiator cookie: Aug 26 13:15:22.245432: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.245435: | responder cookie: Aug 26 13:15:22.245437: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.245440: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:22.245443: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.245446: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.245449: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:15:22.245453: | Message ID: 0 (0x0) Aug 26 13:15:22.245456: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:22.245459: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:22.245462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.245465: | flags: none (0x0) Aug 26 13:15:22.245469: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:22.245472: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:15:22.245476: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:22.245490: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:15:22.245496: | SPI bc 33 e3 89 Aug 26 13:15:22.245500: | delete PROTO_v2_ESP SA(0xbc33e389) Aug 26 13:15:22.245503: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:15:22.245507: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:15:22.245510: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xbc33e389) Aug 26 13:15:22.245514: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 13:15:22.245518: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:15:22.245522: | libevent_free: release ptr-libevent@0x563ea9286608 Aug 26 13:15:22.245526: | free_event_entry: release EVENT_SA_REKEY-pe@0x563ea9286478 Aug 26 13:15:22.245529: | event_schedule: new EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:22.245533: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 13:15:22.245537: | libevent_malloc: new ptr-libevent@0x7f61dc001f78 size 128 Aug 26 13:15:22.245541: | ****emit IKEv2 Delete Payload: Aug 26 13:15:22.245545: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.245548: | flags: none (0x0) Aug 26 13:15:22.245550: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:15:22.245553: | SPI size: 4 (0x4) Aug 26 13:15:22.245556: | number of SPIs: 1 (0x1) Aug 26 13:15:22.245559: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:15:22.245562: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:15:22.245566: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:15:22.245569: | local SPIs f6 1a cd e7 Aug 26 13:15:22.245571: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:15:22.245574: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:22.245577: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:15:22.245581: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:15:22.245583: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:15:22.245586: | emitting length of ISAKMP Message: 69 Aug 26 13:15:22.245609: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:22.245612: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.245615: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:15:22.245618: | b6 02 e4 f5 76 b8 17 07 74 40 30 be a8 be 94 a3 Aug 26 13:15:22.245620: | d0 1e bf 60 91 68 f5 5c de 6c 2a aa 1c b6 66 4d Aug 26 13:15:22.245623: | 64 57 e9 03 41 Aug 26 13:15:22.245652: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:15:22.245658: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:15:22.245664: | #1 spent 0.257 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:15:22.245670: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.245674: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:15:22.245678: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:15:22.245683: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:15:22.245687: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:22.245693: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:15:22.245699: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:22.245703: | #1 spent 0.506 milliseconds in ikev2_process_packet() Aug 26 13:15:22.245708: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:22.245712: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:22.245715: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:22.245719: | spent 0.522 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:22.245726: | timer_event_cb: processing event@0x563ea9286478 Aug 26 13:15:22.245729: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 13:15:22.245734: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.245738: | picked newest_ipsec_sa #3 for #3 Aug 26 13:15:22.245741: | replacing stale CHILD SA Aug 26 13:15:22.245745: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:15:22.245748: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:15:22.245752: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:15:22.245757: | creating state object #4 at 0x563ea928ecf8 Aug 26 13:15:22.245760: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:15:22.245769: | pstats #4 ikev2.child started Aug 26 13:15:22.245772: | duplicating state object #1 "westnet-eastnet-vti-01" as #4 for IPSEC SA Aug 26 13:15:22.245778: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:15:22.245788: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:22.245792: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:22.245798: | suspend processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:22.245803: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:22.245807: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:15:22.245821: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.245827: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 13:15:22.245830: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x563ea9287e68 Aug 26 13:15:22.245834: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:15:22.245837: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:22.245843: | RESET processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:15:22.245846: | event_schedule: new EVENT_SA_EXPIRE-pe@0x563ea9280078 Aug 26 13:15:22.245849: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 13:15:22.245852: | libevent_malloc: new ptr-libevent@0x563ea92800e8 size 128 Aug 26 13:15:22.245855: | libevent_free: release ptr-libevent@0x7f61dc001f78 Aug 26 13:15:22.245858: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:22.245863: | #3 spent 0.136 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:15:22.245866: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.245873: | timer_event_cb: processing event@0x563ea9287e68 Aug 26 13:15:22.245876: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:15:22.245881: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.245886: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:15:22.245889: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:22.245893: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:15:22.245895: | libevent_malloc: new ptr-libevent@0x7f61dc001f78 size 128 Aug 26 13:15:22.245904: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:22.245907: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x563ea9287e68 Aug 26 13:15:22.245912: | #4 spent 0.0375 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:15:22.245913: | crypto helper 4 resuming Aug 26 13:15:22.245917: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.245932: | crypto helper 4 starting work-order 5 for state #4 Aug 26 13:15:22.245945: | timer_event_cb: processing event@0x563ea9280078 Aug 26 13:15:22.245950: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 13:15:22.245951: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 13:15:22.245967: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.245971: | picked newest_ipsec_sa #3 for #3 Aug 26 13:15:22.245974: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:15:22.245977: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 13:15:22.245980: | pstats #3 ikev2.child deleted completed Aug 26 13:15:22.245983: | #3 spent 4.88 milliseconds in total Aug 26 13:15:22.245988: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:15:22.245992: "westnet-eastnet-vti-02" #3: deleting state (STATE_V2_IPSEC_I) aged 4.778s and NOT sending notification Aug 26 13:15:22.245996: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:15:22.246000: | get_sa_info esp.bc33e389@192.1.2.23 Aug 26 13:15:22.246014: | get_sa_info esp.f61acde7@192.1.2.45 Aug 26 13:15:22.246023: "westnet-eastnet-vti-02" #3: ESP traffic information: in=0B out=0B Aug 26 13:15:22.246027: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:15:22.246086: | running updown command "ipsec _updown" for verb down Aug 26 13:15:22.246094: | command executing down-client Aug 26 13:15:22.246125: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825317' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffff Aug 26 13:15:22.246130: | popen cmd is 1135 chars long Aug 26 13:15:22.246133: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Aug 26 13:15:22.246137: | cmd( 80):ti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Aug 26 13:15:22.246142: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0': Aug 26 13:15:22.246145: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' P: Aug 26 13:15:22.246148: | cmd( 320):LUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.: Aug 26 13:15:22.246151: | cmd( 400):1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_: Aug 26 13:15:22.246154: | cmd( 480):NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_: Aug 26 13:15:22.246156: | cmd( 560):PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='156682531: Aug 26 13:15:22.246159: | cmd( 640):7' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Aug 26 13:15:22.246162: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Aug 26 13:15:22.246165: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Aug 26 13:15:22.246168: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Aug 26 13:15:22.246171: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Aug 26 13:15:22.246173: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbc33e389 SPI_OUT=0xf61acde7 ips: Aug 26 13:15:22.246176: | cmd(1120):ec _updown 2>&1: Aug 26 13:15:22.247001: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001049 seconds Aug 26 13:15:22.247018: | (#4) spent 1.06 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:15:22.247022: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Aug 26 13:15:22.247026: | scheduling resume sending helper answer for #4 Aug 26 13:15:22.247029: | libevent_malloc: new ptr-libevent@0x7f61e0002888 size 128 Aug 26 13:15:22.247043: | crypto helper 4 waiting (nothing to do) Aug 26 13:15:22.257111: "westnet-eastnet-vti-02" #3: down-client output: Command line is not complete. Try option "help" Aug 26 13:15:22.257584: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:15:22.257597: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:15:22.257602: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:22.257607: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:22.257642: | delete esp.bc33e389@192.1.2.23 Aug 26 13:15:22.257660: | netlink response for Del SA esp.bc33e389@192.1.2.23 included non-error error Aug 26 13:15:22.257665: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:22.257673: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:22.257696: | raw_eroute result=success Aug 26 13:15:22.257702: | delete esp.f61acde7@192.1.2.45 Aug 26 13:15:22.257712: | netlink response for Del SA esp.f61acde7@192.1.2.45 included non-error error Aug 26 13:15:22.257725: | in connection_discard for connection westnet-eastnet-vti-02 Aug 26 13:15:22.257729: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:15:22.257736: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:15:22.257775: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:15:22.257799: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:15:22.257803: | can't expire unused IKE SA #1; it has the child #4 Aug 26 13:15:22.257810: | libevent_free: release ptr-libevent@0x563ea92800e8 Aug 26 13:15:22.257813: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x563ea9280078 Aug 26 13:15:22.257818: | in statetime_stop() and could not find #3 Aug 26 13:15:22.257821: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.257842: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:22.257864: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:22.257868: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.257870: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:15:22.257873: | fa 48 ff 37 d5 e7 57 04 45 d5 ad 81 74 8e 65 03 Aug 26 13:15:22.257876: | ab ac 8b d1 9d 55 6f f6 3f c0 73 77 5e de a0 0e Aug 26 13:15:22.257878: | 58 9d 1a 86 92 Aug 26 13:15:22.257884: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:22.257889: | **parse ISAKMP Message: Aug 26 13:15:22.257892: | initiator cookie: Aug 26 13:15:22.257895: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.257898: | responder cookie: Aug 26 13:15:22.257900: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.257904: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:22.257907: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.257910: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.257914: | flags: none (0x0) Aug 26 13:15:22.257917: | Message ID: 1 (0x1) Aug 26 13:15:22.257920: | length: 69 (0x45) Aug 26 13:15:22.257923: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:15:22.257927: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:15:22.257931: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:15:22.257940: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:22.257944: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:15:22.257949: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:15:22.257952: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:15:22.257958: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 13:15:22.257961: | unpacking clear payload Aug 26 13:15:22.257963: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:15:22.257967: | ***parse IKEv2 Encryption Payload: Aug 26 13:15:22.257970: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:15:22.257973: | flags: none (0x0) Aug 26 13:15:22.257975: | length: 41 (0x29) Aug 26 13:15:22.257979: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:15:22.257984: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:15:22.257987: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:15:22.258005: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:15:22.258009: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:15:22.258012: | **parse IKEv2 Delete Payload: Aug 26 13:15:22.258014: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.258017: | flags: none (0x0) Aug 26 13:15:22.258019: | length: 12 (0xc) Aug 26 13:15:22.258022: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:15:22.258025: | SPI size: 4 (0x4) Aug 26 13:15:22.258028: | number of SPIs: 1 (0x1) Aug 26 13:15:22.258031: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:15:22.258034: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:15:22.258036: | Now let's proceed with state specific processing Aug 26 13:15:22.258039: | calling processor I3: INFORMATIONAL Request Aug 26 13:15:22.258043: | an informational request should send a response Aug 26 13:15:22.258067: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:15:22.258072: | **emit ISAKMP Message: Aug 26 13:15:22.258076: | initiator cookie: Aug 26 13:15:22.258078: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.258081: | responder cookie: Aug 26 13:15:22.258083: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.258088: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:22.258090: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.258093: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.258096: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:15:22.258098: | Message ID: 1 (0x1) Aug 26 13:15:22.258101: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:22.258104: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:22.258107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.258110: | flags: none (0x0) Aug 26 13:15:22.258113: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:22.258116: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:15:22.258120: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:22.258132: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:15:22.258136: | SPI ee fc 67 f0 Aug 26 13:15:22.258139: | delete PROTO_v2_ESP SA(0xeefc67f0) Aug 26 13:15:22.258142: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:15:22.258146: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:15:22.258149: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xeefc67f0) Aug 26 13:15:22.258152: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:15:22.258156: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:15:22.258159: | libevent_free: release ptr-libevent@0x563ea92885f8 Aug 26 13:15:22.258164: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f61ec002b78 Aug 26 13:15:22.258168: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f61ec002b78 Aug 26 13:15:22.258172: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:15:22.258176: | libevent_malloc: new ptr-libevent@0x7f61e8003878 size 128 Aug 26 13:15:22.258180: | ****emit IKEv2 Delete Payload: Aug 26 13:15:22.258183: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.258186: | flags: none (0x0) Aug 26 13:15:22.258189: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:15:22.258191: | SPI size: 4 (0x4) Aug 26 13:15:22.258194: | number of SPIs: 1 (0x1) Aug 26 13:15:22.258197: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:15:22.258200: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:15:22.258204: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:15:22.258207: | local SPIs 8f 45 81 0e Aug 26 13:15:22.258210: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:15:22.258213: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:22.258216: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:15:22.258220: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:15:22.258222: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:15:22.258225: | emitting length of ISAKMP Message: 69 Aug 26 13:15:22.258246: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:22.258250: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.258253: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:15:22.258256: | a3 83 d9 d8 14 a9 9b db 49 98 af 6a a6 48 74 d0 Aug 26 13:15:22.258259: | 8b 50 20 d3 c8 bc a8 be 11 bf b5 06 9e 6d 53 c8 Aug 26 13:15:22.258261: | c5 d2 29 6f 46 Aug 26 13:15:22.258306: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:15:22.258317: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:15:22.258324: | #1 spent 0.259 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:15:22.258332: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.258336: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:15:22.258340: | Message ID: updating counters for #1 to 1 after switching state Aug 26 13:15:22.258345: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:15:22.258349: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:22.258353: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:15:22.258358: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:22.258363: | #1 spent 0.492 milliseconds in ikev2_process_packet() Aug 26 13:15:22.258368: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:22.258372: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:22.258375: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:22.258379: | spent 0.509 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:22.258387: | processing resume sending helper answer for #4 Aug 26 13:15:22.258393: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:15:22.258397: | crypto helper 4 replies to request ID 5 Aug 26 13:15:22.258400: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:22.258404: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 13:15:22.258407: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:22.258411: | libevent_free: release ptr-libevent@0x7f61dc001f78 Aug 26 13:15:22.258416: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea9286478 Aug 26 13:15:22.258420: | event_schedule: new EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:22.258424: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:15:22.258427: | libevent_malloc: new ptr-libevent@0x563ea92800e8 size 128 Aug 26 13:15:22.258433: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:22.258437: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:15:22.258441: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:22.258446: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.258450: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:15:22.258453: | suspending state #4 and saving MD Aug 26 13:15:22.258456: | #4 is busy; has a suspended MD Aug 26 13:15:22.258461: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:15:22.258465: | "westnet-eastnet-vti-02" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:15:22.258469: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:15:22.258474: | #4 spent 0.0762 milliseconds in resume sending helper answer Aug 26 13:15:22.258479: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:15:22.258484: | libevent_free: release ptr-libevent@0x7f61e0002888 Aug 26 13:15:22.258488: | processing signal PLUTO_SIGCHLD Aug 26 13:15:22.258494: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:22.258498: | spent 0.00555 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:22.258505: | timer_event_cb: processing event@0x7f61ec002b78 Aug 26 13:15:22.258509: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:15:22.258514: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.258518: | picked newest_ipsec_sa #2 for #2 Aug 26 13:15:22.258521: | replacing stale CHILD SA Aug 26 13:15:22.258525: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:15:22.258528: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:15:22.258533: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:15:22.258537: | creating state object #5 at 0x563ea9281d88 Aug 26 13:15:22.258541: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 13:15:22.258547: | pstats #5 ikev2.child started Aug 26 13:15:22.258550: | duplicating state object #1 "westnet-eastnet-vti-01" as #5 for IPSEC SA Aug 26 13:15:22.258555: | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:15:22.258562: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:22.258567: | suspend processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:22.258573: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:15:22.258577: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:15:22.258581: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:15:22.258585: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals) Aug 26 13:15:22.258590: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:15:22.258597: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.258600: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:15:22.258605: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.258608: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:22.258613: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.258617: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:15:22.258621: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.258630: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:15:22.258636: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:15:22.258640: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f61e0002b78 Aug 26 13:15:22.258644: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 13:15:22.258647: | libevent_malloc: new ptr-libevent@0x7f61e0002888 size 128 Aug 26 13:15:22.258653: | RESET processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:15:22.258658: | event_schedule: new EVENT_SA_EXPIRE-pe@0x563ea9280078 Aug 26 13:15:22.258662: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:15:22.258665: | libevent_malloc: new ptr-libevent@0x7f61e8002888 size 128 Aug 26 13:15:22.258669: | libevent_free: release ptr-libevent@0x7f61e8003878 Aug 26 13:15:22.258672: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f61ec002b78 Aug 26 13:15:22.258677: | #2 spent 0.171 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:15:22.258681: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.258684: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:15:22.258689: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:15:22.258696: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:15:22.258701: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:15:22.258706: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:15:22.258711: | **emit ISAKMP Message: Aug 26 13:15:22.258714: | initiator cookie: Aug 26 13:15:22.258717: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.258720: | responder cookie: Aug 26 13:15:22.258722: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.258725: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:22.258729: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.258732: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:15:22.258735: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:22.258737: | Message ID: 3 (0x3) Aug 26 13:15:22.258741: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:22.258744: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:22.258747: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.258750: | flags: none (0x0) Aug 26 13:15:22.258754: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:22.258757: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.258761: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:22.258777: | netlink_get_spi: allocated 0x342ae54d for esp.0@192.1.2.45 Aug 26 13:15:22.258782: | Emitting ikev2_proposals ... Aug 26 13:15:22.258785: | ****emit IKEv2 Security Association Payload: Aug 26 13:15:22.258788: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.258791: | flags: none (0x0) Aug 26 13:15:22.258795: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:15:22.258798: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.258801: | discarding INTEG=NONE Aug 26 13:15:22.258804: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.258807: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.258810: | prop #: 1 (0x1) Aug 26 13:15:22.258813: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:22.258816: | spi size: 4 (0x4) Aug 26 13:15:22.258819: | # transforms: 3 (0x3) Aug 26 13:15:22.258822: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.258825: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:22.258828: | our spi 34 2a e5 4d Aug 26 13:15:22.258831: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258839: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.258842: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:22.258845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.258849: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.258852: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.258855: | length/value: 256 (0x100) Aug 26 13:15:22.258858: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.258861: | discarding INTEG=NONE Aug 26 13:15:22.258863: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258869: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.258872: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.258876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.258882: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.258885: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258888: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.258891: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:22.258894: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:22.258897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.258904: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.258907: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:15:22.258910: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.258913: | discarding INTEG=NONE Aug 26 13:15:22.258916: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.258919: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.258922: | prop #: 2 (0x2) Aug 26 13:15:22.258925: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:22.258927: | spi size: 4 (0x4) Aug 26 13:15:22.258930: | # transforms: 3 (0x3) Aug 26 13:15:22.258933: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.258937: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.258940: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:22.258943: | our spi 34 2a e5 4d Aug 26 13:15:22.258946: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258952: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.258954: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:22.258958: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.258961: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.258964: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.258966: | length/value: 128 (0x80) Aug 26 13:15:22.258969: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.258972: | discarding INTEG=NONE Aug 26 13:15:22.258974: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.258984: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.258987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.258990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.258993: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.258996: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.258999: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.259001: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:22.259004: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:22.259007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259013: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259016: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:15:22.259019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.259022: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.259025: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.259027: | prop #: 3 (0x3) Aug 26 13:15:22.259030: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:22.259033: | spi size: 4 (0x4) Aug 26 13:15:22.259036: | # transforms: 5 (0x5) Aug 26 13:15:22.259039: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.259042: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.259045: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:22.259048: | our spi 34 2a e5 4d Aug 26 13:15:22.259051: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259057: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.259059: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:22.259061: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259064: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.259067: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.259070: | length/value: 256 (0x100) Aug 26 13:15:22.259073: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.259076: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259082: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.259085: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:22.259088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259094: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259097: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259102: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.259105: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:22.259109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259115: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259118: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259124: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.259126: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.259129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259135: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259138: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259141: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.259144: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:22.259146: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:22.259149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259155: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259158: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:15:22.259161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.259164: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.259167: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:22.259169: | prop #: 4 (0x4) Aug 26 13:15:22.259172: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:15:22.259174: | spi size: 4 (0x4) Aug 26 13:15:22.259177: | # transforms: 5 (0x5) Aug 26 13:15:22.259180: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.259183: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.259187: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:15:22.259190: | our spi 34 2a e5 4d Aug 26 13:15:22.259192: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259198: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.259201: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:22.259204: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259207: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.259210: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.259212: | length/value: 128 (0x80) Aug 26 13:15:22.259215: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.259218: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259224: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.259227: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:22.259230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259238: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259241: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259246: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.259249: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:22.259252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259261: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259264: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259267: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.259269: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.259273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259279: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259282: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.259285: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.259291: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:15:22.259294: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:15:22.259298: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.259301: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.259304: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.259306: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:15:22.259309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.259312: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:15:22.259315: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:15:22.259319: "westnet-eastnet-vti-02" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 13:15:22.259325: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:15:22.259331: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.259335: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:15:22.259396: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:15:22.259404: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:15:22.259409: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:15:22.259414: | #1 spent 0.717 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:15:22.259419: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:15:22.259423: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:22.259432: | timer_event_cb: processing event@0x7f61e0002b78 Aug 26 13:15:22.259435: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 13:15:22.259440: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.259445: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 13:15:22.259449: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f61ec002b78 Aug 26 13:15:22.259453: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:15:22.259456: | libevent_malloc: new ptr-libevent@0x563ea927a7f8 size 128 Aug 26 13:15:22.259464: | libevent_free: release ptr-libevent@0x7f61e0002888 Aug 26 13:15:22.259467: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f61e0002b78 Aug 26 13:15:22.259472: | #5 spent 0.0397 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:15:22.259473: | crypto helper 6 resuming Aug 26 13:15:22.259488: | crypto helper 6 starting work-order 6 for state #5 Aug 26 13:15:22.259494: | crypto helper 6 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 13:15:22.259477: | stop processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.259524: | timer_event_cb: processing event@0x563ea9280078 Aug 26 13:15:22.259529: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:15:22.259533: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.259536: | picked newest_ipsec_sa #2 for #2 Aug 26 13:15:22.259537: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:15:22.259539: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:15:22.259541: | pstats #2 ikev2.child deleted completed Aug 26 13:15:22.259544: | #2 spent 3.04 milliseconds in total Aug 26 13:15:22.259547: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:15:22.259550: "westnet-eastnet-vti-01" #2: deleting state (STATE_V2_IPSEC_I) aged 4.970s and NOT sending notification Aug 26 13:15:22.259552: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:15:22.259555: | get_sa_info esp.eefc67f0@192.1.2.23 Aug 26 13:15:22.259564: | get_sa_info esp.8f45810e@192.1.2.45 Aug 26 13:15:22.259570: "westnet-eastnet-vti-01" #2: ESP traffic information: in=336B out=336B Aug 26 13:15:22.259572: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:15:22.259617: | running updown command "ipsec _updown" for verb down Aug 26 13:15:22.259625: | command executing down-client Aug 26 13:15:22.259663: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825317' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0 Aug 26 13:15:22.259668: | popen cmd is 1140 chars long Aug 26 13:15:22.259672: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Aug 26 13:15:22.259676: | cmd( 80):ti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Aug 26 13:15:22.259682: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Aug 26 13:15:22.259686: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 13:15:22.259689: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Aug 26 13:15:22.259693: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLI: Aug 26 13:15:22.259696: | cmd( 480):ENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' P: Aug 26 13:15:22.259700: | cmd( 560):LUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566: Aug 26 13:15:22.259703: | cmd( 640):825317' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+: Aug 26 13:15:22.259707: | cmd( 720):IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv: Aug 26 13:15:22.259711: | cmd( 800):4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: Aug 26 13:15:22.259715: | cmd( 880):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_: Aug 26 13:15:22.259719: | cmd( 960):NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE: Aug 26 13:15:22.259725: | cmd(1040):='ipsec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xeefc67f0 SPI_OUT=0x8f45810: Aug 26 13:15:22.259728: | cmd(1120):e ipsec _updown 2>&1: Aug 26 13:15:22.260241: | crypto helper 6 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000747 seconds Aug 26 13:15:22.260252: | (#5) spent 0.702 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:15:22.260255: | crypto helper 6 sending results from work-order 6 for state #5 to event queue Aug 26 13:15:22.260257: | scheduling resume sending helper answer for #5 Aug 26 13:15:22.260260: | libevent_malloc: new ptr-libevent@0x7f61d4002888 size 128 Aug 26 13:15:22.260278: | crypto helper 6 waiting (nothing to do) Aug 26 13:15:22.270843: "westnet-eastnet-vti-01" #2: down-client output: Command line is not complete. Try option "help" Aug 26 13:15:22.271182: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:15:22.271191: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:15:22.271194: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:22.271197: | IPsec Sa SPD priority set to 1042407 Aug 26 13:15:22.271228: | delete esp.eefc67f0@192.1.2.23 Aug 26 13:15:22.271243: | netlink response for Del SA esp.eefc67f0@192.1.2.23 included non-error error Aug 26 13:15:22.271246: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:22.271250: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:22.271267: | raw_eroute result=success Aug 26 13:15:22.271270: | delete esp.8f45810e@192.1.2.45 Aug 26 13:15:22.271277: | netlink response for Del SA esp.8f45810e@192.1.2.45 included non-error error Aug 26 13:15:22.271286: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:22.271296: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:15:22.271303: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:15:22.271311: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:15:22.271328: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:15:22.271330: | can't expire unused IKE SA #1; it has the child #5 Aug 26 13:15:22.271334: | libevent_free: release ptr-libevent@0x7f61e8002888 Aug 26 13:15:22.271337: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x563ea9280078 Aug 26 13:15:22.271340: | in statetime_stop() and could not find #2 Aug 26 13:15:22.271342: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:15:22.271362: | spent 0.00245 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:15:22.271377: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:15:22.271379: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.271381: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 13:15:22.271383: | e3 91 07 e4 8e 35 5d 06 28 9e 38 88 10 f3 54 37 Aug 26 13:15:22.271384: | a6 d6 59 da af d9 61 7c 6f 75 d2 50 fb 27 c7 2e Aug 26 13:15:22.271386: | 4a Aug 26 13:15:22.271390: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:15:22.271392: | **parse ISAKMP Message: Aug 26 13:15:22.271394: | initiator cookie: Aug 26 13:15:22.271396: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.271398: | responder cookie: Aug 26 13:15:22.271399: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.271401: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:15:22.271403: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.271405: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.271408: | flags: none (0x0) Aug 26 13:15:22.271410: | Message ID: 2 (0x2) Aug 26 13:15:22.271411: | length: 65 (0x41) Aug 26 13:15:22.271413: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:15:22.271416: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:15:22.271418: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:15:22.271423: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:15:22.271425: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:15:22.271428: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:15:22.271430: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:15:22.271433: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 13:15:22.271435: | unpacking clear payload Aug 26 13:15:22.271436: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:15:22.271439: | ***parse IKEv2 Encryption Payload: Aug 26 13:15:22.271440: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:15:22.271442: | flags: none (0x0) Aug 26 13:15:22.271444: | length: 37 (0x25) Aug 26 13:15:22.271445: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:15:22.271448: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:15:22.271450: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:15:22.271470: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:15:22.271472: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:15:22.271474: | **parse IKEv2 Delete Payload: Aug 26 13:15:22.271476: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.271477: | flags: none (0x0) Aug 26 13:15:22.271479: | length: 8 (0x8) Aug 26 13:15:22.271481: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:15:22.271482: | SPI size: 0 (0x0) Aug 26 13:15:22.271484: | number of SPIs: 0 (0x0) Aug 26 13:15:22.271486: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:15:22.271488: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:15:22.271489: | Now let's proceed with state specific processing Aug 26 13:15:22.271491: | calling processor I3: INFORMATIONAL Request Aug 26 13:15:22.271493: | an informational request should send a response Aug 26 13:15:22.271513: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:15:22.271515: | **emit ISAKMP Message: Aug 26 13:15:22.271517: | initiator cookie: Aug 26 13:15:22.271519: | f1 ee aa 97 84 da cf 96 Aug 26 13:15:22.271520: | responder cookie: Aug 26 13:15:22.271522: | 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.271525: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:22.271527: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.271529: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:15:22.271531: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:15:22.271533: | Message ID: 2 (0x2) Aug 26 13:15:22.271535: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:22.271537: | ***emit IKEv2 Encryption Payload: Aug 26 13:15:22.271538: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.271540: | flags: none (0x0) Aug 26 13:15:22.271542: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:15:22.271544: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:15:22.271546: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:15:22.271556: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:15:22.271558: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:15:22.271560: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:15:22.271562: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:15:22.271564: | emitting length of ISAKMP Message: 57 Aug 26 13:15:22.271578: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:15:22.271580: | f1 ee aa 97 84 da cf 96 0b dc b2 de 65 2f 57 52 Aug 26 13:15:22.271582: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 13:15:22.271584: | d4 ae 7d ec bf 07 fb 0c e2 c5 ed c5 73 dd bc 27 Aug 26 13:15:22.271585: | 81 8a a7 6b e4 3c 03 d8 a0 Aug 26 13:15:22.271619: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:15:22.271623: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:15:22.271625: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:15:22.271628: | pstats #5 ikev2.child deleted other Aug 26 13:15:22.271630: | #5 spent 0.0397 milliseconds in total Aug 26 13:15:22.271634: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:15:22.271636: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:15:22.271639: "westnet-eastnet-vti-01" #5: deleting other state #5 (STATE_CHILDSA_DEL) aged 0.013s and NOT sending notification Aug 26 13:15:22.271641: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 13:15:22.271643: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:22.271646: | libevent_free: release ptr-libevent@0x563ea927a7f8 Aug 26 13:15:22.271649: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f61ec002b78 Aug 26 13:15:22.271652: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:22.271657: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:22.271666: | raw_eroute result=success Aug 26 13:15:22.271670: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:22.271671: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 13:15:22.271676: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:15:22.271679: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:15:22.271682: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:15:22.271687: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:15:22.271688: | pstats #4 ikev2.child deleted other Aug 26 13:15:22.271690: | #4 spent 1.17 milliseconds in total Aug 26 13:15:22.271693: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:15:22.271696: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:15:22.271699: "westnet-eastnet-vti-02" #4: deleting other state #4 connection (STATE_CHILDSA_DEL) "westnet-eastnet-vti-02" aged 0.025s and NOT sending notification Aug 26 13:15:22.271701: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 13:15:22.271702: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:15:22.271704: | libevent_free: release ptr-libevent@0x563ea92800e8 Aug 26 13:15:22.271706: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563ea9286478 Aug 26 13:15:22.271708: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:22.271712: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:15:22.271718: | raw_eroute result=success Aug 26 13:15:22.271721: | in connection_discard for connection westnet-eastnet-vti-02 Aug 26 13:15:22.271723: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 13:15:22.271725: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:15:22.271744: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:15:22.271748: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:15:22.271750: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:15:22.271752: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:15:22.271754: | pstats #1 ikev2.ike deleted completed Aug 26 13:15:22.271758: | #1 spent 18.5 milliseconds in total Aug 26 13:15:22.271761: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:15:22.271763: "westnet-eastnet-vti-01" #1: deleting state (STATE_IKESA_DEL) aged 4.989s and NOT sending notification Aug 26 13:15:22.271765: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:15:22.271837: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:15:22.271851: | libevent_free: release ptr-libevent@0x7f61e4000f48 Aug 26 13:15:22.271857: | free_event_entry: release EVENT_SA_REKEY-pe@0x563ea927b6a8 Aug 26 13:15:22.271861: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:15:22.271864: | picked newest_isakmp_sa #0 for #1 Aug 26 13:15:22.271868: "westnet-eastnet-vti-01" #1: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:15:22.271873: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 0 seconds Aug 26 13:15:22.271877: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:15:22.271883: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:22.271886: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:15:22.271890: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:15:22.271895: | unreference key: 0x563ea927b888 @east cnt 2-- Aug 26 13:15:22.271917: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:15:22.271941: | in statetime_stop() and could not find #1 Aug 26 13:15:22.271945: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.271948: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:15:22.271952: | STF_OK but no state object remains Aug 26 13:15:22.271954: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:15:22.271956: | in statetime_stop() and could not find #1 Aug 26 13:15:22.271959: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:15:22.271961: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:15:22.271963: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:15:22.271967: | spent 0.574 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:15:22.271973: | processing resume sending helper answer for #5 Aug 26 13:15:22.271976: | crypto helper 6 replies to request ID 6 Aug 26 13:15:22.271978: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:22.271980: | work-order 6 state #5 crypto result suppressed Aug 26 13:15:22.271989: | (#5) spent 0.0119 milliseconds in resume sending helper answer Aug 26 13:15:22.271991: | libevent_free: release ptr-libevent@0x7f61d4002888 Aug 26 13:15:22.271993: | processing signal PLUTO_SIGCHLD Aug 26 13:15:22.272004: | waitpid returned ECHILD (no child processes left) Aug 26 13:15:22.272115: | spent 0.00935 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:15:22.272124: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:15:22.272129: Initiating connection westnet-eastnet-vti-01 which received a Delete/Notify but must remain up per local policy Aug 26 13:15:22.272133: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:15:22.272139: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Aug 26 13:15:22.272143: | connection 'westnet-eastnet-vti-01' +POLICY_UP Aug 26 13:15:22.272147: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:15:22.272151: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:15:22.272159: | creating state object #6 at 0x563ea9281d88 Aug 26 13:15:22.272163: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 13:15:22.272169: | pstats #6 ikev2.ike started Aug 26 13:15:22.272173: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:15:22.272178: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:15:22.272185: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:15:22.272192: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:15:22.272199: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:15:22.272204: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:15:22.272209: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #6 "westnet-eastnet-vti-01" Aug 26 13:15:22.272214: "westnet-eastnet-vti-01" #6: initiating v2 parent SA Aug 26 13:15:22.272240: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:22.272245: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 13:15:22.272248: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563ea9280078 Aug 26 13:15:22.272250: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:15:22.272255: | libevent_malloc: new ptr-libevent@0x7f61e8002888 size 128 Aug 26 13:15:22.272263: | #6 spent 0.125 milliseconds in ikev2_parent_outI1() Aug 26 13:15:22.272267: | RESET processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:15:22.272269: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:15:22.272269: | crypto helper 5 resuming Aug 26 13:15:22.272272: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:15:22.272285: | crypto helper 5 starting work-order 7 for state #6 Aug 26 13:15:22.272287: | spent 0.153 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:15:22.272326: | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 13:15:22.273300: | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000962 seconds Aug 26 13:15:22.273314: | (#6) spent 0.975 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 13:15:22.273318: | crypto helper 5 sending results from work-order 7 for state #6 to event queue Aug 26 13:15:22.273322: | scheduling resume sending helper answer for #6 Aug 26 13:15:22.273326: | libevent_malloc: new ptr-libevent@0x7f61d8002888 size 128 Aug 26 13:15:22.273334: | crypto helper 5 waiting (nothing to do) Aug 26 13:15:22.273344: | processing resume sending helper answer for #6 Aug 26 13:15:22.273356: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:15:22.273362: | crypto helper 5 replies to request ID 7 Aug 26 13:15:22.273365: | calling continuation function 0x563ea7a3fb50 Aug 26 13:15:22.273368: | ikev2_parent_outI1_continue for #6 Aug 26 13:15:22.273374: | **emit ISAKMP Message: Aug 26 13:15:22.273378: | initiator cookie: Aug 26 13:15:22.273381: | 46 ec 08 44 80 72 0e da Aug 26 13:15:22.273384: | responder cookie: Aug 26 13:15:22.273386: | 00 00 00 00 00 00 00 00 Aug 26 13:15:22.273390: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:15:22.273393: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:15:22.273396: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:15:22.273400: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:15:22.273403: | Message ID: 0 (0x0) Aug 26 13:15:22.273406: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:15:22.273423: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:15:22.273427: | Emitting ikev2_proposals ... Aug 26 13:15:22.273430: | ***emit IKEv2 Security Association Payload: Aug 26 13:15:22.273433: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.273435: | flags: none (0x0) Aug 26 13:15:22.273439: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:15:22.273442: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.273445: | discarding INTEG=NONE Aug 26 13:15:22.273448: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.273451: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.273453: | prop #: 1 (0x1) Aug 26 13:15:22.273459: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:22.273462: | spi size: 0 (0x0) Aug 26 13:15:22.273464: | # transforms: 11 (0xb) Aug 26 13:15:22.273468: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.273471: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273477: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.273479: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:22.273482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273485: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.273488: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.273490: | length/value: 256 (0x100) Aug 26 13:15:22.273493: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.273496: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273499: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273501: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.273504: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:22.273507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273510: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273513: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273516: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273521: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.273524: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:22.273527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273536: | discarding INTEG=NONE Aug 26 13:15:22.273538: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273544: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273547: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.273550: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273556: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273559: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273565: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273567: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:22.273571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273577: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273580: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273587: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273590: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:22.273593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273602: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273610: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:22.273613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273619: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273622: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273630: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:22.273634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273640: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273643: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273646: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273651: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:22.273655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273661: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273664: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273673: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:22.273676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273682: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273685: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273688: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.273691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273694: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:22.273697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273703: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273708: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:15:22.273711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.273714: | discarding INTEG=NONE Aug 26 13:15:22.273717: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.273720: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.273723: | prop #: 2 (0x2) Aug 26 13:15:22.273725: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:22.273728: | spi size: 0 (0x0) Aug 26 13:15:22.273731: | # transforms: 11 (0xb) Aug 26 13:15:22.273734: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.273737: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.273741: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273746: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.273749: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:15:22.273752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273756: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.273759: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.273762: | length/value: 128 (0x80) Aug 26 13:15:22.273765: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.273768: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273773: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.273776: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:22.273779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273786: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273789: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273794: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.273797: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:22.273800: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273804: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273807: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273809: | discarding INTEG=NONE Aug 26 13:15:22.273812: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273818: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273821: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.273824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273830: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273833: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273843: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:22.273846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273852: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273855: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273860: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273863: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:22.273866: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273873: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273884: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:22.273887: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273893: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273896: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273904: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:22.273907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273913: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273915: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273921: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273923: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:22.273927: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273933: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273944: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:22.273947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273953: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.273961: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.273964: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.273967: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:22.273970: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.273973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.273976: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.273979: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:15:22.273982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.273985: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.273988: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.273991: | prop #: 3 (0x3) Aug 26 13:15:22.273994: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:22.273996: | spi size: 0 (0x0) Aug 26 13:15:22.273999: | # transforms: 13 (0xd) Aug 26 13:15:22.274002: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.274006: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.274009: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274014: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.274017: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:22.274020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274023: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.274026: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.274029: | length/value: 256 (0x100) Aug 26 13:15:22.274032: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.274034: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274037: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274040: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.274042: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:22.274046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274051: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274054: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274059: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.274062: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:22.274065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274071: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274073: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274076: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274078: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.274081: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:22.274084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274092: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274095: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274100: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.274103: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:22.274106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274112: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274115: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274123: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.274126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274132: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274135: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274140: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274143: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:22.274146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274152: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274155: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274163: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:22.274166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274172: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274174: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274183: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:22.274186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274192: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274194: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274204: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:22.274208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274216: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:22.274228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274236: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274239: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274242: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274244: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:22.274247: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274253: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274256: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274259: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.274261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274264: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:22.274267: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274273: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274276: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:15:22.274279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.274282: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:15:22.274285: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:15:22.274292: | prop #: 4 (0x4) Aug 26 13:15:22.274298: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:15:22.274301: | spi size: 0 (0x0) Aug 26 13:15:22.274304: | # transforms: 13 (0xd) Aug 26 13:15:22.274307: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:15:22.274310: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:15:22.274314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274319: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:15:22.274322: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:15:22.274325: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274330: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:15:22.274333: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:15:22.274335: | length/value: 128 (0x80) Aug 26 13:15:22.274338: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:15:22.274341: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274347: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.274349: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:15:22.274353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274359: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274361: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:15:22.274369: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:15:22.274372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274378: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274381: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274386: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.274389: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:15:22.274392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274407: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:15:22.274409: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:15:22.274413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274419: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274427: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274430: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.274433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274439: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274442: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274448: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274451: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:15:22.274456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274465: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274470: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274473: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:15:22.274476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274482: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274485: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274493: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:15:22.274496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274499: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274502: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274505: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274510: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274513: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:15:22.274516: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274522: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274528: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274533: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:15:22.274536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274542: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274545: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274552: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:15:22.274556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274559: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274562: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:15:22.274569: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:15:22.274572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:15:22.274575: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:15:22.274578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:15:22.274581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:15:22.274584: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:15:22.274587: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:15:22.274590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:15:22.274593: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:15:22.274596: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:15:22.274600: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:15:22.274603: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.274606: | flags: none (0x0) Aug 26 13:15:22.274608: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:15:22.274612: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:15:22.274615: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.274619: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:15:22.274622: | ikev2 g^x 96 de 3f 6c dc c6 86 ff 0f 61 27 c6 00 61 ae 44 Aug 26 13:15:22.274625: | ikev2 g^x f8 f3 7d 8c 7d 0d e4 f8 82 73 41 a0 ca 36 6b 8d Aug 26 13:15:22.274628: | ikev2 g^x a2 b2 e0 34 04 c7 da cb a0 33 67 df d9 2d cc 3c Aug 26 13:15:22.274630: | ikev2 g^x 2a 66 c5 ee 7d 77 b5 63 d9 90 8d 53 c6 4b 00 8d Aug 26 13:15:22.274633: | ikev2 g^x 8d 91 6b e4 8f db db 66 0f f8 4d 6e d5 df 97 6f Aug 26 13:15:22.274636: | ikev2 g^x 35 5d be df 24 80 6d 17 59 5e 23 49 78 54 27 62 Aug 26 13:15:22.274638: | ikev2 g^x 4e 69 07 ff 1a 6c 1b 80 65 88 42 57 d6 99 c7 ad Aug 26 13:15:22.274641: | ikev2 g^x 66 13 67 be d7 8f f7 18 cb 8b fe 63 cc 2a b1 fc Aug 26 13:15:22.274643: | ikev2 g^x a2 7c 12 e9 5a 28 7c a2 a4 7f c1 ab 12 3d f8 ed Aug 26 13:15:22.274646: | ikev2 g^x 48 5b 6e 1a 93 4b 00 ef dc 28 11 d5 9a 75 a6 67 Aug 26 13:15:22.274649: | ikev2 g^x 39 9d e9 40 93 30 69 74 9e 55 d2 e9 8e 3a 14 da Aug 26 13:15:22.274651: | ikev2 g^x 1c df 39 03 99 13 e2 74 ef 21 de 2f 2a 46 6f 73 Aug 26 13:15:22.274654: | ikev2 g^x 7b 31 dc fc ec 09 96 b8 db 30 8e 7f 2e 28 c5 48 Aug 26 13:15:22.274656: | ikev2 g^x aa bf 71 75 63 81 45 43 d5 5d e7 a3 30 e8 f3 0e Aug 26 13:15:22.274659: | ikev2 g^x 90 98 a8 0b 2d 85 33 ee 18 12 2d 21 d5 17 83 3b Aug 26 13:15:22.274662: | ikev2 g^x c5 10 b3 17 c8 24 ac 8b 59 89 b3 d1 72 c4 f5 d6 Aug 26 13:15:22.274665: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:15:22.274667: | ***emit IKEv2 Nonce Payload: Aug 26 13:15:22.274670: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:15:22.274673: | flags: none (0x0) Aug 26 13:15:22.274676: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:15:22.274680: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:15:22.274683: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.274686: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:15:22.274689: | IKEv2 nonce 3a ad 9b 3d 3b 9d 22 f1 e6 90 b9 7f 9c 7b a8 f7 Aug 26 13:15:22.274691: | IKEv2 nonce de 13 aa 0c 5e 99 5f cc 63 2c 1c b6 e6 58 17 d8 Aug 26 13:15:22.274696: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:15:22.274700: | Adding a v2N Payload Aug 26 13:15:22.274702: | ***emit IKEv2 Notify Payload: Aug 26 13:15:22.274705: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.274708: | flags: none (0x0) Aug 26 13:15:22.274711: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:22.274714: | SPI size: 0 (0x0) Aug 26 13:15:22.274717: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:15:22.274721: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:22.274724: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.274727: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:15:22.274731: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:15:22.274734: | natd_hash: rcookie is zero Aug 26 13:15:22.274749: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:22.274753: | natd_hash: icookie= 46 ec 08 44 80 72 0e da Aug 26 13:15:22.274756: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:15:22.274759: | natd_hash: ip= c0 01 02 2d Aug 26 13:15:22.274761: | natd_hash: port=500 Aug 26 13:15:22.274765: | natd_hash: hash= 6c 4a 4a ec 29 89 a1 d4 ba ed 37 64 2b 38 5d a7 Aug 26 13:15:22.274767: | natd_hash: hash= 67 b6 49 ad Aug 26 13:15:22.274770: | Adding a v2N Payload Aug 26 13:15:22.274773: | ***emit IKEv2 Notify Payload: Aug 26 13:15:22.274776: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.274779: | flags: none (0x0) Aug 26 13:15:22.274781: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:22.274784: | SPI size: 0 (0x0) Aug 26 13:15:22.274787: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:15:22.274790: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:22.274793: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.274796: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:15:22.274799: | Notify data 6c 4a 4a ec 29 89 a1 d4 ba ed 37 64 2b 38 5d a7 Aug 26 13:15:22.274802: | Notify data 67 b6 49 ad Aug 26 13:15:22.274804: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:15:22.274807: | natd_hash: rcookie is zero Aug 26 13:15:22.274815: | natd_hash: hasher=0x563ea7b14800(20) Aug 26 13:15:22.274818: | natd_hash: icookie= 46 ec 08 44 80 72 0e da Aug 26 13:15:22.274821: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:15:22.274823: | natd_hash: ip= c0 01 02 17 Aug 26 13:15:22.274825: | natd_hash: port=500 Aug 26 13:15:22.274828: | natd_hash: hash= 6c 2e f7 d6 88 f1 24 d1 40 d9 c8 8c af d6 68 a2 Aug 26 13:15:22.274831: | natd_hash: hash= d4 f7 ba be Aug 26 13:15:22.274833: | Adding a v2N Payload Aug 26 13:15:22.274836: | ***emit IKEv2 Notify Payload: Aug 26 13:15:22.274839: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:15:22.274841: | flags: none (0x0) Aug 26 13:15:22.274844: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:15:22.274846: | SPI size: 0 (0x0) Aug 26 13:15:22.274849: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:15:22.274852: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:15:22.274855: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:15:22.274858: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:15:22.274860: | Notify data 6c 2e f7 d6 88 f1 24 d1 40 d9 c8 8c af d6 68 a2 Aug 26 13:15:22.274863: | Notify data d4 f7 ba be Aug 26 13:15:22.274865: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:15:22.274868: | emitting length of ISAKMP Message: 828 Aug 26 13:15:22.274875: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:15:22.274884: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:15:22.274889: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:15:22.274892: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:15:22.274896: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:15:22.274899: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 13:15:22.274902: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 13:15:22.274907: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:15:22.274911: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:15:22.274917: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:15:22.274923: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 13:15:22.274926: | 46 ec 08 44 80 72 0e da 00 00 00 00 00 00 00 00 Aug 26 13:15:22.274928: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:15:22.274931: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:15:22.274934: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:15:22.274936: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:15:22.274939: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:15:22.274941: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:15:22.274944: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:15:22.274946: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:15:22.274949: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:15:22.274951: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:15:22.274954: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:15:22.274956: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:15:22.274959: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:15:22.274962: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:15:22.274964: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:15:22.274967: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:15:22.274969: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:15:22.274972: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:15:22.274974: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:15:22.274977: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:15:22.274979: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:15:22.274982: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:15:22.274985: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:15:22.274987: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:15:22.274990: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:15:22.274992: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:15:22.274995: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:15:22.274998: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:15:22.275001: | 28 00 01 08 00 0e 00 00 96 de 3f 6c dc c6 86 ff Aug 26 13:15:22.275003: | 0f 61 27 c6 00 61 ae 44 f8 f3 7d 8c 7d 0d e4 f8 Aug 26 13:15:22.275006: | 82 73 41 a0 ca 36 6b 8d a2 b2 e0 34 04 c7 da cb Aug 26 13:15:22.275009: | a0 33 67 df d9 2d cc 3c 2a 66 c5 ee 7d 77 b5 63 Aug 26 13:15:22.275011: | d9 90 8d 53 c6 4b 00 8d 8d 91 6b e4 8f db db 66 Aug 26 13:15:22.275014: | 0f f8 4d 6e d5 df 97 6f 35 5d be df 24 80 6d 17 Aug 26 13:15:22.275017: | 59 5e 23 49 78 54 27 62 4e 69 07 ff 1a 6c 1b 80 Aug 26 13:15:22.275019: | 65 88 42 57 d6 99 c7 ad 66 13 67 be d7 8f f7 18 Aug 26 13:15:22.275024: | cb 8b fe 63 cc 2a b1 fc a2 7c 12 e9 5a 28 7c a2 Aug 26 13:15:22.275027: | a4 7f c1 ab 12 3d f8 ed 48 5b 6e 1a 93 4b 00 ef Aug 26 13:15:22.275029: | dc 28 11 d5 9a 75 a6 67 39 9d e9 40 93 30 69 74 Aug 26 13:15:22.275031: | 9e 55 d2 e9 8e 3a 14 da 1c df 39 03 99 13 e2 74 Aug 26 13:15:22.275034: | ef 21 de 2f 2a 46 6f 73 7b 31 dc fc ec 09 96 b8 Aug 26 13:15:22.275036: | db 30 8e 7f 2e 28 c5 48 aa bf 71 75 63 81 45 43 Aug 26 13:15:22.275039: | d5 5d e7 a3 30 e8 f3 0e 90 98 a8 0b 2d 85 33 ee Aug 26 13:15:22.275041: | 18 12 2d 21 d5 17 83 3b c5 10 b3 17 c8 24 ac 8b Aug 26 13:15:22.275043: | 59 89 b3 d1 72 c4 f5 d6 29 00 00 24 3a ad 9b 3d Aug 26 13:15:22.275046: | 3b 9d 22 f1 e6 90 b9 7f 9c 7b a8 f7 de 13 aa 0c Aug 26 13:15:22.275048: | 5e 99 5f cc 63 2c 1c b6 e6 58 17 d8 29 00 00 08 Aug 26 13:15:22.275051: | 00 00 40 2e 29 00 00 1c 00 00 40 04 6c 4a 4a ec Aug 26 13:15:22.275053: | 29 89 a1 d4 ba ed 37 64 2b 38 5d a7 67 b6 49 ad Aug 26 13:15:22.275056: | 00 00 00 1c 00 00 40 05 6c 2e f7 d6 88 f1 24 d1 Aug 26 13:15:22.275058: | 40 d9 c8 8c af d6 68 a2 d4 f7 ba be Aug 26 13:15:22.275103: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:15:22.275110: | libevent_free: release ptr-libevent@0x7f61e8002888 Aug 26 13:15:22.275113: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563ea9280078 Aug 26 13:15:22.275117: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:15:22.275121: | event_schedule: new EVENT_RETRANSMIT-pe@0x563ea9280078 Aug 26 13:15:22.275125: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:15:22.275129: | libevent_malloc: new ptr-libevent@0x563ea9294478 size 128 Aug 26 13:15:22.275135: | #6 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10608.017587 Aug 26 13:15:22.275139: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 13:15:22.275146: | #6 spent 1.76 milliseconds in resume sending helper answer Aug 26 13:15:22.275152: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:15:22.275155: | libevent_free: release ptr-libevent@0x7f61d8002888 Aug 26 13:15:22.775354: | timer_event_cb: processing event@0x563ea9280078 Aug 26 13:15:22.775378: | handling event EVENT_RETRANSMIT for parent state #6 Aug 26 13:15:22.775389: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:15:22.775394: | IKEv2 retransmit event Aug 26 13:15:22.775401: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:15:22.775407: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-vti-01" #6 attempt 2 of 0 Aug 26 13:15:22.775413: | and parent for 192.1.2.23 "westnet-eastnet-vti-01" #6 keying attempt 1 of 0; retransmit 1 Aug 26 13:15:22.775422: | retransmits: current time 10608.517884; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500297 exceeds limit? NO Aug 26 13:15:22.775427: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f61d8002b78 Aug 26 13:15:22.775433: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:15:22.775438: | libevent_malloc: new ptr-libevent@0x7f61d8002888 size 128 Aug 26 13:15:22.775444: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 13:15:22.775453: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 13:15:22.775457: | 46 ec 08 44 80 72 0e da 00 00 00 00 00 00 00 00 Aug 26 13:15:22.775461: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:15:22.775464: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:15:22.775467: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:15:22.775476: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:15:22.775479: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:15:22.775483: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:15:22.775486: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:15:22.775489: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:15:22.775493: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:15:22.775496: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:15:22.775499: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:15:22.775503: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:15:22.775506: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:15:22.775509: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:15:22.775513: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:15:22.775516: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:15:22.775519: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:15:22.775522: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:15:22.775526: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:15:22.775529: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:15:22.775532: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:15:22.775536: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:15:22.775539: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:15:22.775542: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:15:22.775546: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:15:22.775549: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:15:22.775552: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:15:22.775556: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:15:22.775559: | 28 00 01 08 00 0e 00 00 96 de 3f 6c dc c6 86 ff Aug 26 13:15:22.775562: | 0f 61 27 c6 00 61 ae 44 f8 f3 7d 8c 7d 0d e4 f8 Aug 26 13:15:22.775565: | 82 73 41 a0 ca 36 6b 8d a2 b2 e0 34 04 c7 da cb Aug 26 13:15:22.775569: | a0 33 67 df d9 2d cc 3c 2a 66 c5 ee 7d 77 b5 63 Aug 26 13:15:22.775572: | d9 90 8d 53 c6 4b 00 8d 8d 91 6b e4 8f db db 66 Aug 26 13:15:22.775575: | 0f f8 4d 6e d5 df 97 6f 35 5d be df 24 80 6d 17 Aug 26 13:15:22.775579: | 59 5e 23 49 78 54 27 62 4e 69 07 ff 1a 6c 1b 80 Aug 26 13:15:22.775582: | 65 88 42 57 d6 99 c7 ad 66 13 67 be d7 8f f7 18 Aug 26 13:15:22.775585: | cb 8b fe 63 cc 2a b1 fc a2 7c 12 e9 5a 28 7c a2 Aug 26 13:15:22.775589: | a4 7f c1 ab 12 3d f8 ed 48 5b 6e 1a 93 4b 00 ef Aug 26 13:15:22.775592: | dc 28 11 d5 9a 75 a6 67 39 9d e9 40 93 30 69 74 Aug 26 13:15:22.775595: | 9e 55 d2 e9 8e 3a 14 da 1c df 39 03 99 13 e2 74 Aug 26 13:15:22.775599: | ef 21 de 2f 2a 46 6f 73 7b 31 dc fc ec 09 96 b8 Aug 26 13:15:22.775602: | db 30 8e 7f 2e 28 c5 48 aa bf 71 75 63 81 45 43 Aug 26 13:15:22.775605: | d5 5d e7 a3 30 e8 f3 0e 90 98 a8 0b 2d 85 33 ee Aug 26 13:15:22.775609: | 18 12 2d 21 d5 17 83 3b c5 10 b3 17 c8 24 ac 8b Aug 26 13:15:22.775612: | 59 89 b3 d1 72 c4 f5 d6 29 00 00 24 3a ad 9b 3d Aug 26 13:15:22.775615: | 3b 9d 22 f1 e6 90 b9 7f 9c 7b a8 f7 de 13 aa 0c Aug 26 13:15:22.775619: | 5e 99 5f cc 63 2c 1c b6 e6 58 17 d8 29 00 00 08 Aug 26 13:15:22.775622: | 00 00 40 2e 29 00 00 1c 00 00 40 04 6c 4a 4a ec Aug 26 13:15:22.775625: | 29 89 a1 d4 ba ed 37 64 2b 38 5d a7 67 b6 49 ad Aug 26 13:15:22.775629: | 00 00 00 1c 00 00 40 05 6c 2e f7 d6 88 f1 24 d1 Aug 26 13:15:22.775632: | 40 d9 c8 8c af d6 68 a2 d4 f7 ba be Aug 26 13:15:22.775661: | libevent_free: release ptr-libevent@0x563ea9294478 Aug 26 13:15:22.775668: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563ea9280078 Aug 26 13:15:22.775677: | #6 spent 0.32 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:15:22.775684: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:15:23.001741: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:15:23.001764: shutting down Aug 26 13:15:23.001771: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:15:23.001774: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:15:23.001776: forgetting secrets Aug 26 13:15:23.001782: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:15:23.001800: | unreference key: 0x563ea927b888 @east cnt 1-- Aug 26 13:15:23.001803: | unreference key: 0x563ea927b5b8 @west cnt 1-- Aug 26 13:15:23.001807: | start processing: connection "westnet-eastnet-vti-01" (in delete_connection() at connections.c:189) Aug 26 13:15:23.001810: | removing pending policy for no connection {0x563ea926c428} Aug 26 13:15:23.001812: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:15:23.001814: | pass 0 Aug 26 13:15:23.001816: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:15:23.001818: | state #6 Aug 26 13:15:23.001820: | suspend processing: connection "westnet-eastnet-vti-01" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:15:23.001824: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:15:23.001826: | pstats #6 ikev2.ike deleted other Aug 26 13:15:23.001831: | #6 spent 3.18 milliseconds in total Aug 26 13:15:23.001834: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:15:23.001837: "westnet-eastnet-vti-01" #6: deleting state (STATE_PARENT_I1) aged 0.729s and NOT sending notification Aug 26 13:15:23.001839: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 13:15:23.001841: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:15:23.001843: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 13:15:23.001847: | libevent_free: release ptr-libevent@0x7f61d8002888 Aug 26 13:15:23.001849: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f61d8002b78 Aug 26 13:15:23.001851: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:15:23.001853: | picked newest_isakmp_sa #0 for #6 Aug 26 13:15:23.001856: "westnet-eastnet-vti-01" #6: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:15:23.001858: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 5 seconds Aug 26 13:15:23.001861: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:15:23.001865: | stop processing: connection "westnet-eastnet-vti-01" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:15:23.001867: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:15:23.001869: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 13:15:23.001871: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 13:15:23.001873: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:15:23.001901: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:15:23.001905: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:15:23.001907: | pass 1 Aug 26 13:15:23.001908: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:15:23.001911: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:15:23.001913: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:15:23.001916: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:23.001955: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 13:15:23.001966: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:23.001968: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:23.001970: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:23.001972: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:23.001974: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:23.001977: | route owner of "westnet-eastnet-vti-01" unrouted: NULL Aug 26 13:15:23.001979: | running updown command "ipsec _updown" for verb unroute Aug 26 13:15:23.001981: | command executing unroute-client Aug 26 13:15:23.002013: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xf Aug 26 13:15:23.002016: | popen cmd is 1121 chars long Aug 26 13:15:23.002018: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:15:23.002020: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 13:15:23.002021: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 13:15:23.002023: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Aug 26 13:15:23.002025: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEE: Aug 26 13:15:23.002026: | cmd( 400):R='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER: Aug 26 13:15:23.002028: | cmd( 480):_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=': Aug 26 13:15:23.002030: | cmd( 560):0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME=': Aug 26 13:15:23.002031: | cmd( 640):0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Aug 26 13:15:23.002033: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Aug 26 13:15:23.002035: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Aug 26 13:15:23.002036: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Aug 26 13:15:23.002038: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Aug 26 13:15:23.002040: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 13:15:23.002041: | cmd(1120):1: Aug 26 13:15:23.011075: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011092: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011094: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011097: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011098: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011100: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011101: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011104: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011108: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011121: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011298: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011371: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011393: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.011395: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.015447: | flush revival: connection 'westnet-eastnet-vti-01' revival flushed Aug 26 13:15:23.015462: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:15:23.015480: | start processing: connection "westnet-eastnet-vti-02" (in delete_connection() at connections.c:189) Aug 26 13:15:23.015483: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:15:23.015485: | pass 0 Aug 26 13:15:23.015487: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:15:23.015488: | pass 1 Aug 26 13:15:23.015490: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:15:23.015493: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:15:23.015495: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:15:23.015497: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:23.015521: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 13:15:23.015528: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:15:23.015530: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 13:15:23.015532: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 13:15:23.015535: | route owner of "westnet-eastnet-vti-02" unrouted: NULL Aug 26 13:15:23.015537: | running updown command "ipsec _updown" for verb unroute Aug 26 13:15:23.015539: | command executing unroute-client Aug 26 13:15:23.015561: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Aug 26 13:15:23.015563: | popen cmd is 1116 chars long Aug 26 13:15:23.015565: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:15:23.015567: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 13:15:23.015569: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Aug 26 13:15:23.015571: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 13:15:23.015572: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER=': Aug 26 13:15:23.015574: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLI: Aug 26 13:15:23.015576: | cmd( 480):ENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PL: Aug 26 13:15:23.015579: | cmd( 560):UTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PL: Aug 26 13:15:23.015581: | cmd( 640):UTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_A: Aug 26 13:15:23.015583: | cmd( 720):LLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: Aug 26 13:15:23.015584: | cmd( 800):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': Aug 26 13:15:23.015586: | cmd( 880): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: Aug 26 13:15:23.015588: | cmd( 960):RED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' : Aug 26 13:15:23.015589: | cmd(1040):VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:15:23.026891: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026916: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026920: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026924: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026927: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026930: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026934: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026945: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026955: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.026964: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.027154: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.027162: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.027172: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.027181: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:15:23.031850: | free hp@0x563ea927b4d8 Aug 26 13:15:23.031870: | flush revival: connection 'westnet-eastnet-vti-02' wasn't on the list Aug 26 13:15:23.031875: | stop processing: connection "westnet-eastnet-vti-02" (in discard_connection() at connections.c:249) Aug 26 13:15:23.031894: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:15:23.031897: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:15:23.031910: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:15:23.031914: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:15:23.031917: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:15:23.031921: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:15:23.031925: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:15:23.031937: | libevent_free: release ptr-libevent@0x563ea926cf98 Aug 26 13:15:23.031941: | free_event_entry: release EVENT_NULL-pe@0x563ea9278c08 Aug 26 13:15:23.031951: | libevent_free: release ptr-libevent@0x563ea91ffe98 Aug 26 13:15:23.031954: | free_event_entry: release EVENT_NULL-pe@0x563ea9278cb8 Aug 26 13:15:23.031963: | libevent_free: release ptr-libevent@0x563ea91ffde8 Aug 26 13:15:23.031966: | free_event_entry: release EVENT_NULL-pe@0x563ea9278d68 Aug 26 13:15:23.031972: | libevent_free: release ptr-libevent@0x563ea91ff778 Aug 26 13:15:23.031975: | free_event_entry: release EVENT_NULL-pe@0x563ea9278e18 Aug 26 13:15:23.031980: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:15:23.032411: | libevent_free: release ptr-libevent@0x563ea926d048 Aug 26 13:15:23.032420: | free_event_entry: release EVENT_NULL-pe@0x563ea9260ec8 Aug 26 13:15:23.032426: | libevent_free: release ptr-libevent@0x563ea91ffce8 Aug 26 13:15:23.032432: | free_event_entry: release EVENT_NULL-pe@0x563ea9260e58 Aug 26 13:15:23.032437: | libevent_free: release ptr-libevent@0x563ea9244898 Aug 26 13:15:23.032440: | free_event_entry: release EVENT_NULL-pe@0x563ea9260318 Aug 26 13:15:23.032445: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:15:23.032448: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:15:23.032450: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:15:23.032453: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:15:23.032455: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:15:23.032458: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:15:23.032461: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:15:23.032463: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:15:23.032466: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:15:23.032471: | libevent_free: release ptr-libevent@0x563ea9208b78 Aug 26 13:15:23.032474: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:15:23.032477: | libevent_free: release ptr-libevent@0x563ea9278548 Aug 26 13:15:23.032480: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:15:23.032483: | libevent_free: release ptr-libevent@0x563ea9278658 Aug 26 13:15:23.032486: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:15:23.032489: | libevent_free: release ptr-libevent@0x563ea9278898 Aug 26 13:15:23.032491: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:15:23.032494: | releasing event base Aug 26 13:15:23.032507: | libevent_free: release ptr-libevent@0x563ea9278768 Aug 26 13:15:23.032510: | libevent_free: release ptr-libevent@0x563ea925b828 Aug 26 13:15:23.032514: | libevent_free: release ptr-libevent@0x563ea925b7d8 Aug 26 13:15:23.032517: | libevent_free: release ptr-libevent@0x7f61e80027d8 Aug 26 13:15:23.032519: | libevent_free: release ptr-libevent@0x563ea925b728 Aug 26 13:15:23.032523: | libevent_free: release ptr-libevent@0x563ea9278318 Aug 26 13:15:23.032525: | libevent_free: release ptr-libevent@0x563ea92784c8 Aug 26 13:15:23.032528: | libevent_free: release ptr-libevent@0x563ea925b9d8 Aug 26 13:15:23.032531: | libevent_free: release ptr-libevent@0x563ea9260428 Aug 26 13:15:23.032534: | libevent_free: release ptr-libevent@0x563ea9260e18 Aug 26 13:15:23.032537: | libevent_free: release ptr-libevent@0x563ea9278e88 Aug 26 13:15:23.032539: | libevent_free: release ptr-libevent@0x563ea9278dd8 Aug 26 13:15:23.032542: | libevent_free: release ptr-libevent@0x563ea9278d28 Aug 26 13:15:23.032544: | libevent_free: release ptr-libevent@0x563ea9278c78 Aug 26 13:15:23.032547: | libevent_free: release ptr-libevent@0x563ea91fefc8 Aug 26 13:15:23.032550: | libevent_free: release ptr-libevent@0x563ea9278618 Aug 26 13:15:23.032552: | libevent_free: release ptr-libevent@0x563ea9278508 Aug 26 13:15:23.032555: | libevent_free: release ptr-libevent@0x563ea9278488 Aug 26 13:15:23.032558: | libevent_free: release ptr-libevent@0x563ea9278728 Aug 26 13:15:23.032560: | libevent_free: release ptr-libevent@0x563ea9278358 Aug 26 13:15:23.032563: | libevent_free: release ptr-libevent@0x563ea91d6908 Aug 26 13:15:23.032566: | libevent_free: release ptr-libevent@0x563ea91d6d38 Aug 26 13:15:23.032569: | libevent_free: release ptr-libevent@0x563ea91ff338 Aug 26 13:15:23.032571: | releasing global libevent data Aug 26 13:15:23.032574: | libevent_free: release ptr-libevent@0x563ea91d67f8 Aug 26 13:15:23.032577: | libevent_free: release ptr-libevent@0x563ea91d6cd8 Aug 26 13:15:23.032580: | libevent_free: release ptr-libevent@0x563ea91d6dd8 Aug 26 13:15:23.032617: leak detective found no leaks