FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:6487 core dump dir: /run/pluto secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x561a36f536e8 size 40 | libevent_malloc: new ptr-libevent@0x561a36f53668 size 40 | libevent_malloc: new ptr-libevent@0x561a36f535e8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x561a36f45218 size 56 | libevent_malloc: new ptr-libevent@0x561a36ecedb8 size 664 | libevent_malloc: new ptr-libevent@0x561a36f8dd08 size 24 | libevent_malloc: new ptr-libevent@0x561a36f8dd58 size 384 | libevent_malloc: new ptr-libevent@0x561a36f8dcc8 size 16 | libevent_malloc: new ptr-libevent@0x561a36f53568 size 40 | libevent_malloc: new ptr-libevent@0x561a36f534e8 size 48 | libevent_realloc: new ptr-libevent@0x561a36ecea48 size 256 | libevent_malloc: new ptr-libevent@0x561a36f8df08 size 16 | libevent_free: release ptr-libevent@0x561a36f45218 | libevent initialized | libevent_realloc: new ptr-libevent@0x561a36f45218 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | checking IKEv1 state table | crypto helper 6 waiting (nothing to do) | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561a36f4d408 | libevent_malloc: new ptr-libevent@0x561a36f8c478 size 128 | libevent_malloc: new ptr-libevent@0x561a36f93508 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561a36f93498 | libevent_malloc: new ptr-libevent@0x561a36f45ec8 size 128 | libevent_malloc: new ptr-libevent@0x561a36f93168 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561a36f93938 | libevent_malloc: new ptr-libevent@0x561a36f9f818 size 128 | libevent_malloc: new ptr-libevent@0x561a36faab08 size 16 | libevent_realloc: new ptr-libevent@0x561a36faab48 size 256 | libevent_malloc: new ptr-libevent@0x561a36faac78 size 8 | libevent_realloc: new ptr-libevent@0x561a36faacb8 size 144 | libevent_malloc: new ptr-libevent@0x561a36f519d8 size 152 | libevent_malloc: new ptr-libevent@0x561a36faad78 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x561a36faadb8 size 8 | libevent_malloc: new ptr-libevent@0x561a36ecf728 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x561a36faadf8 size 8 | libevent_malloc: new ptr-libevent@0x561a36faae38 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x561a36faaf08 size 8 | libevent_realloc: release ptr-libevent@0x561a36faacb8 | libevent_realloc: new ptr-libevent@0x561a36faaf48 size 256 | libevent_malloc: new ptr-libevent@0x561a36fab078 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:6580) using fork+execve | forked child 6580 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x561a36fab658 | libevent_malloc: new ptr-libevent@0x561a36f9f768 size 128 | libevent_malloc: new ptr-libevent@0x561a36fab6c8 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x561a36fab708 | libevent_malloc: new ptr-libevent@0x561a36f45f78 size 128 | libevent_malloc: new ptr-libevent@0x561a36fab778 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x561a36fab7b8 | libevent_malloc: new ptr-libevent@0x561a36f45898 size 128 | libevent_malloc: new ptr-libevent@0x561a36fab828 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x561a36fab868 | libevent_malloc: new ptr-libevent@0x561a36f4d158 size 128 | libevent_malloc: new ptr-libevent@0x561a36fab8d8 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x561a36fab918 | libevent_malloc: new ptr-libevent@0x561a36f4d258 size 128 | libevent_malloc: new ptr-libevent@0x561a36fab988 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x561a36fab9c8 | libevent_malloc: new ptr-libevent@0x561a36f4d358 size 128 | libevent_malloc: new ptr-libevent@0x561a36faba38 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.03 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x561a36f9f768 | free_event_entry: release EVENT_NULL-pe@0x561a36fab658 | add_fd_read_event_handler: new ethX-pe@0x561a36fab658 | libevent_malloc: new ptr-libevent@0x561a36f9f768 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x561a36f45f78 | free_event_entry: release EVENT_NULL-pe@0x561a36fab708 | add_fd_read_event_handler: new ethX-pe@0x561a36fab708 | libevent_malloc: new ptr-libevent@0x561a36f45f78 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x561a36f45898 | free_event_entry: release EVENT_NULL-pe@0x561a36fab7b8 | add_fd_read_event_handler: new ethX-pe@0x561a36fab7b8 | libevent_malloc: new ptr-libevent@0x561a36f45898 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x561a36f4d158 | free_event_entry: release EVENT_NULL-pe@0x561a36fab868 | add_fd_read_event_handler: new ethX-pe@0x561a36fab868 | libevent_malloc: new ptr-libevent@0x561a36f4d158 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x561a36f4d258 | free_event_entry: release EVENT_NULL-pe@0x561a36fab918 | add_fd_read_event_handler: new ethX-pe@0x561a36fab918 | libevent_malloc: new ptr-libevent@0x561a36f4d258 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x561a36f4d358 | free_event_entry: release EVENT_NULL-pe@0x561a36fab9c8 | add_fd_read_event_handler: new ethX-pe@0x561a36fab9c8 | libevent_malloc: new ptr-libevent@0x561a36f4d358 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.259 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 6580 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0137 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.047 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection nss-cert with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-signedbyother@testing.libreswan.org,CN=signedbyother.other.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'signedbyother' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561a36faf018 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561a36faefc8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561a36faef78 | unreference key: 0x561a36faf068 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=signedbyother.other.libreswan.org, E=user-signedbyother@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=signedbyother.other.libreswan.org, E=user-signedbyother@testing.libreswan.org is 0 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" | ASCII to DN => 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 25 30 23 06 03 55 04 03 13 1c 4c 69 62 | ASCII to DN => 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | ASCII to DN => 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | ASCII to DN => 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | ASCII to DN => 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | counting wild cards for %fromcert is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x561a36fb29c8 added connection description "nss-cert" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.254/32===192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=signedbyother.other.libreswan.org, E=user-signedbyother@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert]===192.0.2.254/32 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.12 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.343 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing suppress-retransmits + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.413 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "nss-cert" (in initiate_a_connection() at initiate.c:186) | connection 'nss-cert' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x561a36fb3b98 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "nss-cert" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "nss-cert" IKE SA #1 "nss-cert" "nss-cert" #1: initiating v2 parent SA | constructing local IKE proposals for nss-cert (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "nss-cert": constructed local IKE proposals for nss-cert (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561a36faefb8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x561a36faeba8 size 128 | #1 spent 0.137 milliseconds in ikev2_parent_outI1() | crypto helper 0 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 starting work-order 1 for state #1 | RESET processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "nss-cert" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.206 milliseconds in whack | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000714 seconds | (#1) spent 0.722 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5fe0002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x561a352e8b50 | ikev2_parent_outI1_continue for #1 | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection nss-cert (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x ae 9b 5f c0 a1 6b 70 cf fe cc d4 47 c6 fa c8 0a | ikev2 g^x db b4 22 42 b3 37 f9 b3 fc cb de 0f d7 5f 5e 8a | ikev2 g^x b5 2d 93 3c ef bd e7 11 fb 2e 7e 1b ae 22 a3 5a | ikev2 g^x 50 50 a1 c9 b5 c0 7e d4 d0 5d 23 32 5a 99 92 ee | ikev2 g^x 44 4c 15 f1 af 6b c7 e8 eb 92 ea f0 93 e3 21 c2 | ikev2 g^x 5b ec 4f 44 f2 bb a3 53 d1 5a fb ab 47 7b a5 e1 | ikev2 g^x 26 c0 aa f3 7d 1c b4 91 52 f8 47 12 97 c8 e7 06 | ikev2 g^x b4 8a 91 7e 7f d3 60 f1 e9 99 05 6b 48 2e 96 b1 | ikev2 g^x c3 b5 a8 cf 04 86 47 5e 11 3d 38 a7 8d 28 05 1b | ikev2 g^x 2c d2 5e 3b 94 18 e4 d9 ad ba 42 42 42 f4 cc fd | ikev2 g^x 89 0c 06 9a 1f 6a 73 dc 8f 29 24 36 27 4d 54 ca | ikev2 g^x b4 7f 44 72 6b c5 8d 3b 2a ef c3 03 e6 27 a4 5c | ikev2 g^x 81 40 b2 bc 1e 3e bd 77 0d 79 23 ee fe 6d 92 c5 | ikev2 g^x 02 12 f5 66 fe 79 93 ee 07 4d 2d 36 83 19 f7 b5 | ikev2 g^x d3 eb ed 64 14 ab 98 a4 10 3c 90 a3 ae 97 09 59 | ikev2 g^x 9f 00 14 af 69 5d b1 74 e9 49 70 b9 8d 99 f2 a8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce be 12 2e 79 fc 2d de 4e 81 f0 5c f1 e3 1f e2 46 | IKEv2 nonce 2d ae 83 d2 7a f1 e5 2e b5 29 01 62 af bf ab 1a | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x561a353bd800(20) | natd_hash: icookie= 22 b2 66 9d ef c9 50 5f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a2 b4 14 1e 5c 04 68 69 20 ef 3f 4e 02 e8 71 02 | natd_hash: hash= 2e 60 b6 f2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a2 b4 14 1e 5c 04 68 69 20 ef 3f 4e 02 e8 71 02 | Notify data 2e 60 b6 f2 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x561a353bd800(20) | natd_hash: icookie= 22 b2 66 9d ef c9 50 5f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 5b 3e 13 57 48 04 d1 2c 05 bc d7 38 1f ea 45 44 | natd_hash: hash= a1 2b 11 89 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5b 3e 13 57 48 04 d1 2c 05 bc d7 38 1f ea 45 44 | Notify data a1 2b 11 89 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "nss-cert" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 ae 9b 5f c0 a1 6b 70 cf | fe cc d4 47 c6 fa c8 0a db b4 22 42 b3 37 f9 b3 | fc cb de 0f d7 5f 5e 8a b5 2d 93 3c ef bd e7 11 | fb 2e 7e 1b ae 22 a3 5a 50 50 a1 c9 b5 c0 7e d4 | d0 5d 23 32 5a 99 92 ee 44 4c 15 f1 af 6b c7 e8 | eb 92 ea f0 93 e3 21 c2 5b ec 4f 44 f2 bb a3 53 | d1 5a fb ab 47 7b a5 e1 26 c0 aa f3 7d 1c b4 91 | 52 f8 47 12 97 c8 e7 06 b4 8a 91 7e 7f d3 60 f1 | e9 99 05 6b 48 2e 96 b1 c3 b5 a8 cf 04 86 47 5e | 11 3d 38 a7 8d 28 05 1b 2c d2 5e 3b 94 18 e4 d9 | ad ba 42 42 42 f4 cc fd 89 0c 06 9a 1f 6a 73 dc | 8f 29 24 36 27 4d 54 ca b4 7f 44 72 6b c5 8d 3b | 2a ef c3 03 e6 27 a4 5c 81 40 b2 bc 1e 3e bd 77 | 0d 79 23 ee fe 6d 92 c5 02 12 f5 66 fe 79 93 ee | 07 4d 2d 36 83 19 f7 b5 d3 eb ed 64 14 ab 98 a4 | 10 3c 90 a3 ae 97 09 59 9f 00 14 af 69 5d b1 74 | e9 49 70 b9 8d 99 f2 a8 29 00 00 24 be 12 2e 79 | fc 2d de 4e 81 f0 5c f1 e3 1f e2 46 2d ae 83 d2 | 7a f1 e5 2e b5 29 01 62 af bf ab 1a 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 a2 b4 14 1e | 5c 04 68 69 20 ef 3f 4e 02 e8 71 02 2e 60 b6 f2 | 00 00 00 1c 00 00 40 05 5b 3e 13 57 48 04 d1 2c | 05 bc d7 38 1f ea 45 44 a1 2b 11 89 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561a36faeba8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561a36faefb8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x561a36faefb8 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x561a36fb2aa8 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11419.751133 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 1.31 milliseconds in resume sending helper answer | stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5fe0002888 | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 35 97 e7 d5 | 58 1c 29 5f fa a6 a5 aa b7 4e c6 73 60 e5 62 6c | 5a 7d 2b 81 bb 6d 96 cb 0c a0 93 e6 ac 66 17 45 | 8b 1f 4f 72 50 c6 2b 88 53 48 d2 8f 58 e4 72 48 | 85 fc 5b 23 b9 39 25 c7 0b 0b 62 61 a1 47 d5 3a | 99 c4 db 1b 5f 3f ad 84 f6 be 5b 39 57 bd ee 40 | 19 d2 25 88 e2 be 46 1e 64 69 44 74 6c 77 ba 47 | f0 bc 6b 46 ae 76 cb fc 2e 7e 90 4b 98 d7 95 b0 | bc e4 74 d5 2b 23 38 34 a9 ed f2 24 af b7 1b 83 | a7 86 0a 40 fc 4f 00 9f 2b 67 ad 68 d6 48 91 72 | bd ac 02 56 c2 a5 96 63 67 df 90 59 4f 6d 73 5e | 88 9d 1d fc 8f 9a 33 c1 84 bf ee ad 9d 24 d5 d7 | 03 b9 15 c2 40 be 9d e7 75 98 2e c0 2b 2d d3 0a | a3 bd 0c 7a 85 95 33 74 48 32 ae 19 1f f8 c7 88 | eb 29 13 5b 75 54 de b5 f8 96 77 31 04 09 30 54 | 63 3d 58 46 80 a9 b8 da ed 06 d0 ff dc 5f 21 96 | b9 35 de 9c 27 57 6d bc fc 36 71 5a 29 00 00 24 | 7b 7f 98 1d f3 34 14 fa d7 3e 9e 59 93 b6 67 7c | a3 9f 65 32 ea 1d 1e 52 f5 1c e0 ca f1 f9 0e d3 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 7f 40 46 e4 97 81 96 97 eb 61 dc 48 68 a0 34 56 | f8 d6 f7 06 26 00 00 1c 00 00 40 05 68 61 c8 1a | 75 fc 80 16 76 50 9e 01 c3 ac 98 48 3e 19 2c 78 | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection nss-cert (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x561a353bd800(20) | natd_hash: icookie= 22 b2 66 9d ef c9 50 5f | natd_hash: rcookie= 37 35 39 77 6e c5 97 e8 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 68 61 c8 1a 75 fc 80 16 76 50 9e 01 c3 ac 98 48 | natd_hash: hash= 3e 19 2c 78 | natd_hash: hasher=0x561a353bd800(20) | natd_hash: icookie= 22 b2 66 9d ef c9 50 5f | natd_hash: rcookie= 37 35 39 77 6e c5 97 e8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 7f 40 46 e4 97 81 96 97 eb 61 dc 48 68 a0 34 56 | natd_hash: hash= f8 d6 f7 06 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x561a36fb2aa8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561a36faefb8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561a36faefb8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f5fe0002888 size 128 | #1 spent 0.162 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | crypto helper 1 resuming | crypto helper 1 starting work-order 2 for state #1 | #1 is busy; has a suspended MD | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "nss-cert" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.432 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.439 milliseconds in comm_handle_cb() reading and processing packet | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000959 seconds | (#1) spent 0.952 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5fd8000f48 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x561a352e8b50 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | creating state object #2 at 0x561a36fb85c8 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "nss-cert" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5fe0002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561a36faefb8 | event_schedule: new EVENT_SA_REPLACE-pe@0x561a36faefb8 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f5fe0002888 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will NOT be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 199 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 c4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 73 69 67 | my identity 6e 65 64 62 79 6f 74 68 65 72 2e 6f 74 68 65 72 | my identity 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 37 | my identity 30 35 06 09 2a 86 48 86 f7 0d 01 09 01 16 28 75 | my identity 73 65 72 2d 73 69 67 6e 65 64 62 79 6f 74 68 65 | my identity 72 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 207 | Sending [CERT] of certificate: E=user-signedbyother@testing.libreswan.org,CN=signedbyother.other.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1248 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 dc 30 82 04 45 a0 03 02 01 02 02 01 34 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ad 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 26 30 24 06 03 55 04 03 0c 1d 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6f 74 68 65 72 63 61 31 24 30 22 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | CERT 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | CERT 22 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 | CERT 33 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 | CERT 35 33 5a 30 81 c4 31 0b 30 09 06 03 55 04 06 13 | CERT 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | CERT 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | CERT 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | CERT 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | CERT 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | CERT 74 6d 65 6e 74 31 2a 30 28 06 03 55 04 03 0c 21 | CERT 73 69 67 6e 65 64 62 79 6f 74 68 65 72 2e 6f 74 | CERT 68 65 72 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 31 37 30 35 06 09 2a 86 48 86 f7 0d 01 09 01 | CERT 16 28 75 73 65 72 2d 73 69 67 6e 65 64 62 79 6f | CERT 74 68 65 72 40 74 65 73 74 69 6e 67 2e 6c 69 62 | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d | CERT 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 | CERT 8f 00 30 82 01 8a 02 82 01 81 00 a2 b3 ce 77 97 | CERT 67 79 2a ff 05 52 87 40 e1 a3 32 79 1f bb 7e d2 | CERT de 1d 22 7b 57 4a 48 03 e8 d3 9b 30 92 fd 80 a1 | CERT e4 eb 60 98 bd f1 59 5e 8c 5d 1f fe 7d 6e 19 5f | CERT 83 1a f5 dd ad 12 07 cb 5a 75 7a 28 cc 2d 6f f0 | CERT db 21 82 3d 14 aa 95 31 cb 0d be 85 20 da e3 c3 | CERT d4 43 45 1f 78 3c 78 01 70 e1 47 65 a6 6f bc 10 | CERT 98 64 fb 47 55 83 aa 41 ee 6e 9c 65 09 a7 06 bf | CERT 98 6a d2 63 11 d5 f2 df aa 83 7e bc d9 8a 3d e4 | CERT cb 27 d6 05 b2 17 88 61 fb 50 f3 ce 13 fe f2 79 | CERT b1 52 51 1a ee 08 61 c0 3a 2f 49 82 01 b0 84 75 | CERT d3 97 6a 0a f6 ff c6 87 1a c5 c0 9b dc 0d ab 68 | CERT f7 8f 6b 9c d1 9f 26 c2 35 da f8 55 2e a2 c9 d2 | CERT 0e 49 dd 6b 8d 37 0d 37 a8 9a a8 c2 7c 09 f0 7d | CERT c5 7f de 09 d0 58 80 c1 47 d3 84 a3 c0 18 51 ac | CERT 36 d2 73 5e ad 04 81 2c a1 23 a5 0c 7b 5e 04 66 | CERT 86 1a 19 bf a8 90 34 b6 5c 71 7e 5e e9 2c 1b 91 | CERT 81 7e b8 bc e3 db c5 41 24 84 b7 97 f5 b8 88 92 | CERT 0b 23 c0 67 a8 fb 73 07 53 8b f9 8b 15 2d ce db | CERT 56 a1 32 63 33 d0 36 06 41 24 75 c0 f0 9e df 3a | CERT 57 d3 b1 20 c4 7e 6d 2f 03 15 6b 4d 5f 75 f3 22 | CERT 04 0b 73 95 7e 96 d6 dc f5 37 22 87 c2 03 28 6b | CERT 3d 14 95 3b 15 18 da db b4 e7 eb 1a 5e 3f 62 fe | CERT 2a 7c d1 8c 82 ce 8b be ae 37 33 14 26 39 08 bb | CERT e3 ac 5a 57 fb 97 42 8a aa 40 69 02 03 01 00 01 | CERT a3 81 ea 30 81 e7 30 09 06 03 55 1d 13 04 02 30 | CERT 00 30 2c 06 03 55 1d 11 04 25 30 23 82 21 73 69 | CERT 67 6e 65 64 62 79 6f 74 68 65 72 2e 6f 74 68 65 | CERT 72 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | CERT 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 03 | CERT 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 | CERT 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b | CERT 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b | CERT 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f | CERT 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d | CERT 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 | CERT 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 | CERT 60 8c d4 0c a4 29 4a 15 c0 29 be 53 9c e6 b2 9f | CERT 75 6f dd 0d 63 00 2c a7 08 19 0f b4 1c 09 09 a7 | CERT a4 98 76 d9 be 72 00 d4 66 79 bf d6 32 03 87 37 | CERT 58 28 61 c4 f9 3e 53 ec 78 dd aa 8c 94 29 65 6c | CERT ba 82 e6 1d c2 af 8b 1e 75 eb bd e0 f1 7a 28 50 | CERT 63 98 39 f5 51 b8 13 0d 47 56 4b 4b 97 0a c6 92 | CERT 8f 1c 36 20 aa dc e2 5d 64 a3 bd d6 30 7d 49 3a | CERT a3 3c 28 37 09 77 2b eb 4d 5e 86 98 d5 e1 97 5a | emitting length of IKEv2 Certificate Payload: 1253 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: OK to send a certificate request | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org | connection->kind is CK_PERMANENT so send CERTREQ | ****emit IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' | NSS: locating CA cert 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' for CERTREQ using CERT_FindCertByName() failed: (NSS: 0 (0x0): Success; 0 indicates NSS lost the error code) | emitting length of IKEv2 Certificate Request Payload: 5 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=signedbyother.other.libreswan.org, E=user-signedbyother@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAaKzz vs PKK_RSA:AwEAAaKzz | #1 spent 6.22 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 96 a9 7b 25 f9 24 19 46 c6 d4 78 ca ab df ba 65 | rsa signature 17 4a ce 5f ee 83 91 60 30 b6 00 82 69 8a 50 79 | rsa signature 83 88 68 77 17 1d a9 8f 3b 69 dc 98 b3 32 06 3c | rsa signature 18 74 a9 2b c4 cb b6 ad 46 60 02 b1 2d 2f c9 c2 | rsa signature d0 46 cb 22 69 09 69 4f ef 68 82 dd 42 67 a5 18 | rsa signature 3e 4f 01 bf d2 78 9c 53 80 d6 d9 6f 1d 88 b5 3f | rsa signature ec 27 bc 4a f5 93 99 f4 9d a4 9e cb f1 31 48 29 | rsa signature 68 3e 7a 92 90 ae 74 4c 96 5f 7e 03 f7 0c 28 fb | rsa signature 0e ec d9 dd 44 0f 73 39 83 26 18 12 90 a9 a4 50 | rsa signature ca 34 73 b6 8c 2f 11 23 c3 09 91 09 98 c9 58 ab | rsa signature e7 5e f2 49 ec 40 80 e3 b9 c9 1c 70 12 38 71 ed | rsa signature ec 1c 6b 5e 04 8f 38 2b dd 71 43 89 bc c5 c2 c7 | rsa signature a5 46 39 6a 13 d4 a2 c1 ff ab 14 96 75 01 81 28 | rsa signature 0d 3a 53 4f fe d5 ca 25 61 5a f8 77 fd 03 e5 15 | rsa signature e2 53 f9 80 80 1b 41 a9 44 63 b1 4e 3f e3 eb 70 | rsa signature 09 4c 87 ef e8 d1 cd 10 d6 0b 8b 3a 31 54 e5 51 | rsa signature 2b b8 f4 d4 d2 83 2a bb 46 14 e8 41 ff cb 0c 9f | rsa signature 5d c9 4e 9f 72 59 e1 62 58 5d 87 d8 6b dc 6e 40 | rsa signature a1 5f 78 13 8b 96 00 02 8b 70 d0 88 4a 2f 71 f5 | rsa signature 97 94 9e 7a 36 f5 04 4e a3 b6 82 d0 e4 ef 55 79 | rsa signature 45 df 41 a4 09 58 fd b5 12 58 ff c9 e4 c8 c7 e0 | rsa signature 96 83 ac c5 8a 6a 42 2a 54 b1 11 81 a9 1f 02 ef | rsa signature 61 36 67 d0 75 5d 4a 1e 95 1d a2 48 05 19 5c 8e | rsa signature 96 21 f9 1a 6d 13 7f ee 23 e5 50 12 84 d2 f7 a5 | #1 spent 6.35 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #1 | netlink_get_spi: allocated 0xd1eb153 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for nss-cert (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "nss-cert": constructed local ESP/AH proposals for nss-cert (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 0d 1e b1 53 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 0d 1e b1 53 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 0d 1e b1 53 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 0d 1e b1 53 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 fe | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 fe | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 fe | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 fe | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2098 | emitting length of ISAKMP Message: 2126 | **parse ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2126 (0x84e) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2098 (0x832) | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 cf 09 00 00 00 30 81 c4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 03 | cleartext fragment 55 04 03 0c 21 73 69 67 6e 65 64 62 79 6f 74 68 | cleartext fragment 65 72 2e 6f 74 68 65 72 2e 6c 69 62 72 65 73 77 | cleartext fragment 61 6e 2e 6f 72 67 31 37 30 35 06 09 2a 86 48 86 | cleartext fragment f7 0d 01 09 01 16 28 75 73 65 72 2d 73 69 67 6e | cleartext fragment 65 64 62 79 6f 74 68 65 72 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 26 | cleartext fragment 00 04 e5 04 30 82 04 dc 30 82 04 45 a0 03 02 01 | cleartext fragment 02 02 01 34 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 30 81 ad 31 0b 30 09 06 03 55 04 06 13 | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | cleartext fragment 74 6d 65 6e 74 31 26 30 24 06 03 55 04 03 0c 1d | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 | cleartext fragment 41 20 66 6f 72 20 6f 74 68 65 72 63 61 31 24 30 | cleartext fragment 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 | cleartext fragment 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e | cleartext fragment 6f 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 | cleartext fragment 39 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 | cleartext fragment 30 39 30 37 35 33 5a 30 81 c4 31 0b 30 09 06 03 | cleartext fragment 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 | cleartext fragment 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 | cleartext fragment 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 | cleartext fragment 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 | cleartext fragment 20 44 65 70 61 72 74 6d 65 6e 74 31 2a 30 28 06 | cleartext fragment 03 55 04 03 0c 21 73 69 67 6e 65 64 62 79 6f 74 | cleartext fragment 68 65 72 2e 6f 74 68 65 72 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 31 37 30 35 06 09 2a 86 48 | cleartext fragment 86 f7 0d 01 09 01 16 28 75 73 65 72 2d 73 69 67 | cleartext fragment 6e 65 64 62 79 6f 74 68 65 72 40 74 65 73 74 69 | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | cleartext fragment 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 01 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 | cleartext fragment 00 a2 b3 ce 77 97 67 79 2a ff 05 52 87 40 e1 a3 | cleartext fragment 32 79 1f bb 7e d2 de 1d 22 7b 57 4a 48 03 e8 d3 | cleartext fragment 9b 30 92 fd 80 a1 e4 eb 60 98 bd f1 59 5e 8c 5d | cleartext fragment 1f fe 7d 6e 19 5f 83 1a f5 dd ad 12 07 cb 5a 75 | cleartext fragment 7a 28 cc 2d 6f f0 db 21 82 3d 14 aa 95 31 cb 0d | cleartext fragment be 85 20 da e3 c3 d4 43 45 1f 78 3c 78 01 70 e1 | cleartext fragment 47 65 a6 6f bc 10 98 64 fb 47 55 83 aa 41 ee 6e | cleartext fragment 9c 65 09 a7 06 bf 98 6a d2 63 11 d5 f2 df aa 83 | cleartext fragment 7e bc d9 8a 3d e4 cb 27 d6 05 b2 17 88 61 fb 50 | cleartext fragment f3 ce 13 fe f2 79 b1 52 51 1a ee 08 61 c0 3a 2f | cleartext fragment 49 82 01 b0 84 75 d3 97 6a 0a f6 ff c6 87 1a c5 | cleartext fragment c0 9b dc 0d ab 68 f7 8f 6b 9c d1 9f 26 c2 35 da | cleartext fragment f8 55 2e a2 c9 d2 0e 49 dd 6b 8d 37 0d 37 a8 9a | cleartext fragment a8 c2 7c 09 f0 7d c5 7f de 09 d0 58 80 c1 47 d3 | cleartext fragment 84 a3 c0 18 51 ac 36 d2 73 5e ad 04 81 2c a1 23 | cleartext fragment a5 0c 7b 5e 04 66 86 1a 19 bf a8 90 34 b6 5c 71 | cleartext fragment 7e 5e e9 2c 1b 91 81 7e b8 bc e3 db c5 41 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 24 84 b7 97 f5 b8 88 92 0b 23 c0 67 a8 fb 73 07 | cleartext fragment 53 8b f9 8b 15 2d ce db 56 a1 32 63 33 d0 36 06 | cleartext fragment 41 24 75 c0 f0 9e df 3a 57 d3 b1 20 c4 7e 6d 2f | cleartext fragment 03 15 6b 4d 5f 75 f3 22 04 0b 73 95 7e 96 d6 dc | cleartext fragment f5 37 22 87 c2 03 28 6b 3d 14 95 3b 15 18 da db | cleartext fragment b4 e7 eb 1a 5e 3f 62 fe 2a 7c d1 8c 82 ce 8b be | cleartext fragment ae 37 33 14 26 39 08 bb e3 ac 5a 57 fb 97 42 8a | cleartext fragment aa 40 69 02 03 01 00 01 a3 81 ea 30 81 e7 30 09 | cleartext fragment 06 03 55 1d 13 04 02 30 00 30 2c 06 03 55 1d 11 | cleartext fragment 04 25 30 23 82 21 73 69 67 6e 65 64 62 79 6f 74 | cleartext fragment 68 65 72 2e 6f 74 68 65 72 2e 6c 69 62 72 65 73 | cleartext fragment 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 | cleartext fragment 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14 06 | cleartext fragment 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 | cleartext fragment 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 | cleartext fragment 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 | cleartext fragment 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 | cleartext fragment 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f | cleartext fragment 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | cleartext fragment 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 | cleartext fragment 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 | cleartext fragment 01 0b 05 00 03 81 81 00 60 8c d4 0c a4 29 4a 15 | cleartext fragment c0 29 be 53 9c e6 b2 9f 75 6f dd 0d 63 00 2c a7 | cleartext fragment 08 19 0f b4 1c 09 09 a7 a4 98 76 d9 be 72 00 d4 | cleartext fragment 66 79 bf d6 32 03 87 37 58 28 61 c4 f9 3e 53 ec | cleartext fragment 78 dd aa 8c 94 29 65 6c ba 82 e6 1d c2 af 8b 1e | cleartext fragment 75 eb bd e0 f1 7a 28 50 63 98 39 f5 51 b8 13 0d | cleartext fragment 47 56 4b 4b 97 0a c6 92 8f 1c 36 20 aa dc | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment e2 5d 64 a3 bd d6 30 7d 49 3a a3 3c 28 37 09 77 | cleartext fragment 2b eb 4d 5e 86 98 d5 e1 97 5a 27 00 00 05 04 21 | cleartext fragment 00 01 88 01 00 00 00 96 a9 7b 25 f9 24 19 46 c6 | cleartext fragment d4 78 ca ab df ba 65 17 4a ce 5f ee 83 91 60 30 | cleartext fragment b6 00 82 69 8a 50 79 83 88 68 77 17 1d a9 8f 3b | cleartext fragment 69 dc 98 b3 32 06 3c 18 74 a9 2b c4 cb b6 ad 46 | cleartext fragment 60 02 b1 2d 2f c9 c2 d0 46 cb 22 69 09 69 4f ef | cleartext fragment 68 82 dd 42 67 a5 18 3e 4f 01 bf d2 78 9c 53 80 | cleartext fragment d6 d9 6f 1d 88 b5 3f ec 27 bc 4a f5 93 99 f4 9d | cleartext fragment a4 9e cb f1 31 48 29 68 3e 7a 92 90 ae 74 4c 96 | cleartext fragment 5f 7e 03 f7 0c 28 fb 0e ec d9 dd 44 0f 73 39 83 | cleartext fragment 26 18 12 90 a9 a4 50 ca 34 73 b6 8c 2f 11 23 c3 | cleartext fragment 09 91 09 98 c9 58 ab e7 5e f2 49 ec 40 80 e3 b9 | cleartext fragment c9 1c 70 12 38 71 ed ec 1c 6b 5e 04 8f 38 2b dd | cleartext fragment 71 43 89 bc c5 c2 c7 a5 46 39 6a 13 d4 a2 c1 ff | cleartext fragment ab 14 96 75 01 81 28 0d 3a 53 4f fe d5 ca 25 61 | cleartext fragment 5a f8 77 fd 03 e5 15 e2 53 f9 80 80 1b 41 a9 44 | cleartext fragment 63 b1 4e 3f e3 eb 70 09 4c 87 ef e8 d1 cd 10 d6 | cleartext fragment 0b 8b 3a 31 54 e5 51 2b b8 f4 d4 d2 83 2a bb 46 | cleartext fragment 14 e8 41 ff cb 0c 9f 5d c9 4e 9f 72 59 e1 62 58 | cleartext fragment 5d 87 d8 6b dc 6e 40 a1 5f 78 13 8b 96 00 02 8b | cleartext fragment 70 d0 88 4a 2f 71 f5 97 94 9e 7a 36 f5 04 4e a3 | cleartext fragment b6 82 d0 e4 ef 55 79 45 df 41 a4 09 58 fd b5 12 | cleartext fragment 58 ff c9 e4 c8 c7 e0 96 83 ac c5 8a 6a 42 2a 54 | cleartext fragment b1 11 81 a9 1f 02 ef 61 36 67 d0 75 5d 4a 1e 95 | cleartext fragment 1d a2 48 05 19 5c 8e 96 21 f9 1a 6d 13 7f ee 23 | cleartext fragment e5 50 12 84 d2 f7 a5 2c 00 00 a4 02 00 00 20 01 | cleartext fragment 03 04 02 0d 1e b1 53 03 00 00 0c 01 00 00 14 80 | cleartext fragment 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 20 02 | cleartext fragment 03 04 02 0d 1e b1 53 03 00 00 0c 01 00 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 157 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 | cleartext fragment 30 03 03 04 04 0d 1e b1 53 03 00 00 0c 01 00 00 | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 | cleartext fragment 30 04 03 04 04 0d 1e b1 53 03 00 00 0c 01 00 00 | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 | cleartext fragment fe c0 00 01 fe 00 00 00 18 01 00 00 00 07 00 00 | cleartext fragment 10 00 00 ff ff c0 00 02 fe c0 00 02 fe | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 190 | emitting length of ISAKMP Message: 218 | suspend processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "nss-cert" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "nss-cert" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 55 2c f1 3b a1 37 f3 66 d6 6f 5c 7f | 1d 40 f2 14 8a 08 da bb 76 0d 75 a4 f7 01 82 46 | 57 e9 85 3a 23 21 34 f8 3e f1 94 04 e4 ba 65 4a | 14 2a 88 34 b3 68 4c 5c f3 42 09 53 87 3e b2 5e | 56 92 7f 6e 50 dc 5b 81 b6 cb ce 76 57 e2 84 b0 | b1 0f 3a 9e d8 a4 0c a3 3c ec 66 25 3b ba 58 1e | 60 84 e0 9a 2f 5d 36 ac 96 7c 42 f8 d4 45 19 09 | be e8 38 31 09 8a 2b 93 b0 aa e8 a1 4c 7c 56 90 | 73 8c ca a7 0b 74 16 99 c8 76 cc bb a9 91 fa f8 | ba ad 04 9c 2e 24 b5 42 bf 14 d1 10 cb f9 4d 51 | 0e ce 1b 40 99 36 32 2e 0c 91 82 bc ca cc 7e 38 | 2b 5e 2f d4 34 70 c1 79 77 1f 55 93 41 2a 8b 3f | f6 0e 73 b3 80 80 c4 dc 3d a9 68 ad 1b 1d 84 1e | 07 6b 9d 31 9f 79 d7 3d 93 61 37 a1 5b 53 c5 96 | f6 ef af 18 b4 cc b5 02 be a0 46 67 a6 b0 2e ee | 1e 07 d7 4b 56 e4 64 46 f7 0f 05 7c 65 1f d3 52 | 3d ad 2d a6 38 78 b3 7d 11 1b df d6 4c 04 11 5e | 6b e2 64 50 de a5 fb 25 43 f6 1b 8b 10 5a 7c 2a | 85 9a 64 ed b2 8c de 43 f5 9e 9b e3 a2 f3 51 a4 | 3a e4 14 53 12 a9 d5 8b 7f a6 66 80 f4 c8 7b 9e | ef 47 06 6c fa e8 69 b8 d7 0e 70 d9 52 64 d8 23 | dd ae 4d 20 32 be 30 21 91 1f 05 9a 85 ab af 9a | 06 23 b0 a7 a1 f9 ce 24 13 0f 09 79 14 73 43 17 | 18 4e 93 8d 54 ea 12 e5 78 4c 3b e1 a0 79 67 a5 | 20 b2 cb 0d 1c f0 50 c5 d6 af 57 d4 26 84 30 ff | 75 51 bb 83 41 01 cd 23 20 1a db 71 ad 5c df ee | d8 c9 60 80 fb 77 a8 d5 a4 35 d2 d7 9a e2 ca 25 | c6 a6 68 62 67 51 9b 65 a0 38 ac d2 04 91 d1 94 | 77 cd 35 f4 80 e0 fd 69 bf f9 e2 cb f9 e9 83 3a | 9f 09 0d b4 e0 a9 62 35 94 16 a0 68 dd 5d 8d 57 | 79 21 ec d7 bf 09 e0 81 e2 6a f9 c6 ea 39 7a 4e | 6b 5b c5 7a 64 10 68 53 75 f4 cc | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 73 d0 1e da 4f 38 3e 06 8f 2d f5 70 | cb 5b f3 5d 8e b8 53 44 9d d5 ae 6c fd 52 1e c0 | 02 72 bd 73 0d 29 f1 68 69 1c 20 81 5b a1 08 86 | 89 96 0e 90 6f f7 e3 07 88 70 0d fd 3f 38 b0 d5 | 5c 95 45 3c ce da 25 1e c3 87 ab ea f3 76 2f a1 | 99 f8 59 a9 7f c7 67 2a 3f ae 4d 72 54 dc f7 3c | 5f 95 11 f8 c4 64 33 2a 81 61 68 66 ec da d1 02 | 0c 33 de d5 c8 ca 5a 95 5e be 17 6d b2 a0 d5 a6 | 87 d0 9a ef d9 04 b4 93 3e 90 a9 62 ea e7 01 6c | 66 5b cd 8e 31 a0 e5 38 be 9d b3 cb 6d 9e 6e e0 | eb 9c 9e 50 33 93 ad 6d 69 e2 4a fb 5d 72 2d bc | 49 8e b6 4b 37 a9 58 28 cf 3c 3f 6c 1c 52 a5 24 | 49 fd 0a 2e 41 f1 4b c3 68 d5 c1 f8 91 cc 5c e1 | a9 73 89 1b 10 db dd d6 75 0e 37 c7 f6 23 02 26 | 29 ff 1b a6 15 98 e7 82 34 3b 1b 03 a9 77 e2 0b | a3 ae 71 18 f8 8d 99 89 88 22 b8 1b 7c 2c 94 40 | 9e f9 47 fe fb 4e 2e 43 8b dc bc cb 43 09 18 d1 | 5e 7a 2d ba 29 56 3b d7 ff d4 e2 1f 0b e0 68 3e | 40 e8 cf af 95 81 4f d8 0a 05 30 71 df 2d 16 ac | 62 af 49 8b 75 a5 1a 95 92 c2 a8 f5 2d 80 c7 c9 | e6 36 00 cc 8a 7a 6d 77 6f a3 ec 64 0f 5f fa 68 | 6e 4d ca ce 4f 35 20 e1 8a 3a d9 8d 3c f4 3d 89 | f9 8c 33 36 eb 2b 23 b6 8b be 2b 77 50 f3 3f 81 | 6f 50 3b 84 0e 89 9b f8 0f 85 8e 75 5e db ff e3 | 1f 39 07 eb e7 6f ee 91 19 3e 56 3d 70 af 64 c2 | 40 f0 bd 72 02 51 94 ef ae 42 6d c2 fb c0 a2 77 | 58 b4 3e 27 41 59 54 5b a2 b7 8e 38 58 f1 45 4a | be 09 dd b5 ea a2 56 c5 9d 05 05 ba 7f d1 f0 76 | 70 fb 57 ab 38 7c bd 8f 5c 1c 91 3a b6 1c c4 f8 | c8 76 61 98 10 ad 99 43 0d 3d 85 13 d9 a7 7b 98 | 85 52 52 6f ed 1e 69 71 60 02 b6 6d 8b 6d f8 9f | 98 59 f6 46 26 56 7f 94 2f ef 17 | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 ba ed fd 5f c1 55 35 f7 2b 25 3c c3 | 48 73 f8 4c c8 34 bc 7d f4 9c eb 92 f5 8d cf 06 | c3 d5 e6 8c 76 d3 5f c4 15 cb fb 61 5a 30 90 2a | 96 4d cf aa 9c 59 a0 0a 0e 52 e4 ef 47 50 4f 24 | f6 06 c6 03 67 41 69 91 ca 5b 51 01 fd db b9 f8 | 14 9e b0 40 55 2f 01 19 f2 80 7d 20 0b 08 26 8a | 6e d9 00 52 40 cb bd 96 99 8d 1b d8 2b 77 b6 87 | 8e b7 df dd 81 f5 cd 1b 9d 65 dc 29 7d 02 05 71 | 29 01 75 e0 48 04 ef aa e9 c4 91 db 7b 90 61 33 | 06 d6 0b 4a 2e 2f 1f e9 f5 9e 75 14 07 73 94 a8 | 75 7a 3c ab 87 b3 51 77 e7 89 c7 12 ce 16 0b c2 | 0d a6 a1 ea a1 cc 50 53 63 86 5b bc d8 36 85 0f | 68 f3 8e 80 20 81 e9 8b 62 e4 fe 99 50 ef db e7 | d9 da 17 89 a5 02 23 c4 d1 8c 1c b6 2c fd 1c 38 | f2 9f b0 3e 62 ae 7e 4c c4 04 50 bf 44 58 81 03 | 01 f4 13 38 99 0b 0d b5 0d 74 ab 51 b0 65 6c ae | dc 2a 23 00 ab 3d 12 9a 7b b3 4b 28 5c 2f 64 8b | 7d 85 be 77 52 46 a9 b4 f8 cb a7 da a6 d9 37 62 | 2a 44 f5 f5 4c b3 f1 cc a3 0c 11 c9 d6 bf e1 31 | 9e 2e d8 bc 9a a8 6f 5d 97 53 06 56 49 0f 72 c2 | 42 2b 66 46 6a 06 b2 94 a1 48 ec 2a 35 b2 07 f0 | a4 f5 65 46 2e 1d 85 b3 2b c7 94 5b 34 97 bb 0f | 67 c2 61 4e 83 6f e6 cb 8e a6 31 f1 65 e4 28 26 | a9 ac df 95 cf 00 17 39 14 d1 0e 9d d2 b3 d6 05 | fa 9c 61 7d 84 5c e6 d2 3c fc 65 bf 39 01 ad ca | 5e bd 65 01 b5 1c 27 4b cc 1a 2f 8d d2 47 9b ee | 0e a9 00 73 a3 03 34 17 2e 01 78 b9 23 91 c3 4c | 0f c2 ce 9a 17 90 ff a4 14 f2 97 d6 67 e8 e3 7a | f9 46 29 0d 5c ae b4 74 c5 a9 c1 49 c4 83 3b 4c | d2 34 33 7a e4 00 02 19 4c 04 54 07 ca 01 b1 46 | e7 36 13 2b 2b 8e 18 ab a5 67 5c 71 17 86 dc 10 | d1 59 50 74 e0 33 ab c5 cc 71 3d | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 84 82 47 75 8d e1 49 4a e0 ef b3 60 | 41 d0 af 2a 0f 98 32 44 42 bd 90 e0 c4 5a f9 e4 | df 9d 2a 95 8f 97 3b 5c d6 a8 53 2a 00 fe 44 e9 | 00 16 24 c8 48 04 2e d3 8e d7 4c 6a 52 6a 9d dd | 67 a6 78 d0 26 16 be 6d 8a 57 7c 15 fa 28 2d 26 | da d4 62 58 f0 35 f6 e5 cb 0f 31 5d c4 60 e6 8e | 7d 10 6e bc 62 5f 1d 3d 02 16 35 9b 41 c2 33 b3 | d1 54 89 fa 6b 11 9b 34 dc 7a 34 0a bc 45 c7 0e | dc bf 65 53 41 49 93 ba 8c 98 34 b0 c7 a9 31 4d | 6b 77 05 af 1b d2 fc e9 1e 56 29 77 d6 10 70 ae | 70 71 d3 13 fe 98 58 3d 7a 55 d0 f9 c5 1e a3 ef | fd e1 6c 10 a2 58 13 a3 f2 6e 76 34 66 25 11 48 | 5a 8b 0a e3 f3 49 a6 e5 21 12 99 c4 0a fa a9 9c | 0d 6a 73 31 21 86 93 da 91 c4 75 7e cd e4 25 42 | 1b 69 6f ad a3 66 2a 30 75 26 5a d3 e8 9c 31 ad | 74 70 46 47 71 5c 70 d6 9a f6 02 27 85 46 69 ed | 4e 82 dc c3 80 78 17 86 a1 37 18 a6 4d 40 6a f0 | 54 b7 67 9d 99 fd cf 7e 33 66 f3 f7 9f 94 db b2 | bd 2b 36 8f a4 f4 cc b2 5e f9 e4 73 19 7c 37 1c | e5 d3 1d 33 c0 22 bb 3f 36 69 f8 07 60 fb bf b8 | 76 cb 37 38 40 2b 47 1c 35 cd 9b 11 c2 cc 61 3f | d1 2f fa d1 bf 2e 66 5b b8 55 13 71 5d 3d 60 82 | 33 a3 73 3e 65 40 27 79 99 c9 a6 ff c6 f7 76 c3 | 0a aa 8b bd 54 a3 98 fc 6d 50 52 f9 35 68 8a bd | c7 f4 70 8a fe cc d4 b6 dc 30 78 67 71 61 c9 ab | 93 6b ab 21 5a d2 2b 6f db 88 25 11 ec 8e a4 d7 | 49 71 9c 2f 2e ac d9 e3 e3 09 59 d9 27 a6 54 97 | 93 51 72 e0 d2 2d 03 84 1c d8 42 d6 c5 88 cf 9c | 18 c2 19 65 8e 22 44 76 02 0a 07 58 20 bf 2b d1 | 8a 0d 36 57 48 04 78 89 cf 2b 6c c7 7d cd 90 3e | 87 e4 b2 8d 73 02 94 c1 a4 5d 3d 7e a3 21 07 73 | 1b 1b de 08 ae 3e dd e9 e5 f8 9d | sending 218 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 35 20 23 08 00 00 00 01 00 00 00 da 00 00 00 be | 00 05 00 05 a5 d5 74 56 92 9a 9d 2b 57 89 68 16 | c4 b5 43 39 77 6e 14 c8 c6 f4 cf 2f 20 05 0a fd | 0f 3a 7f ec 33 ae a9 8e cd 32 3f c2 5c a0 13 ce | 49 e1 57 e5 89 2a 36 5b 5c 98 02 1f 7a 59 d2 04 | 63 e4 e6 e0 0a 84 6e 2c b6 66 7e cf 62 f8 17 c4 | 01 22 ce 31 c3 06 5b cd 89 4d 16 5d 88 99 ad cf | b0 fc c0 28 46 23 e7 a2 60 df 69 12 d9 da e6 35 | 39 e4 21 d9 50 c7 e2 c5 ce d4 14 99 35 e1 e7 17 | e3 2e 83 f5 2c 68 b3 aa 5b 5c 57 a7 b2 47 0d cf | ec e9 64 e1 20 9d 95 b1 da 91 b1 78 56 07 7c eb | 21 91 e1 03 e5 08 1e 09 2c 07 ab 88 d2 3e 0e c8 | a0 50 b7 20 11 c8 e6 70 08 e1 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "nss-cert" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x561a36fb3168 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x561a36fb2aa8 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11419.763346 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 1.45 milliseconds | #1 spent 8.13 milliseconds in resume sending helper answer | stop processing: state #2 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5fd8000f48 | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 22 b2 66 9d ef c9 50 5f 37 35 39 77 6e c5 97 e8 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | d5 e6 3e d2 fa 30 90 df 62 a2 d2 83 7a 2c 1e e8 | 1f bc 0d 25 cc 48 2c 76 99 96 6a f7 cf 1b 80 f3 | 15 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 22 b2 66 9d ef c9 50 5f | responder cookie: | 37 35 39 77 6e c5 97 e8 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "nss-cert" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "nss-cert" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "nss-cert" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #1 ikev2.ike failed auth-failed "nss-cert" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #2 fd@25 .st_dev=9 .st_ino=9037300 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x561a36fb2aa8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561a36fb3168 | event_schedule: new EVENT_RETRANSMIT-pe@0x561a36fb3168 | inserting event EVENT_RETRANSMIT, timeout in 59.994146 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f5fd8000f48 size 128 "nss-cert" #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.994146 seconds for retry | #2 spent 0.0539 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #2 connection "nss-cert" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #2 connection "nss-cert" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.207 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.218 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.428 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x561a36fb3518 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=signedbyother.other.libreswan.org, E=user-signedbyother@testing.libreswan.org cnt 1-- | unreference key: 0x561a36fb26e8 user-signedbyother@testing.libreswan.org cnt 1-- | unreference key: 0x561a36fb23d8 @signedbyother.other.libreswan.org cnt 1-- | start processing: connection "nss-cert" (in delete_connection() at connections.c:189) | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x561a36f98958} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "nss-cert" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "nss-cert" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted other | #2 spent 0.0539 milliseconds in total | [RE]START processing: state #2 connection "nss-cert" from 192.1.2.23 (in delete_state() at state.c:879) "nss-cert" #2: deleting state (STATE_PARENT_I2) aged 1.890s and NOT sending notification | child state #2: PARENT_I2(open IKE SA) => delete | child state #2: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f5fd8000f48 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561a36fb3168 | priority calculation of connection "nss-cert" is 0xfdfdf | delete inbound eroute 192.0.2.254/32:0 --0-> 192.0.1.254/32:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "nss-cert" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection nss-cert | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | start processing: state #1 connection "nss-cert" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted auth-failed | #1 spent 11.9 milliseconds in total | [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in delete_state() at state.c:879) "nss-cert" #1: deleting state (STATE_PARENT_I2) aged 1.897s and NOT sending notification | parent state #1: PARENT_I2(open IKE SA) => delete | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5fe0002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x561a36faefb8 | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #1 "nss-cert" #1: deleting IKE SA for connection 'nss-cert' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'nss-cert' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection nss-cert | State DB: deleting IKEv2 state #1 in PARENT_I2 | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x561a36fb29c8 | flush revival: connection 'nss-cert' revival flushed | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x561a36f9f768 | free_event_entry: release EVENT_NULL-pe@0x561a36fab658 | libevent_free: release ptr-libevent@0x561a36f45f78 | free_event_entry: release EVENT_NULL-pe@0x561a36fab708 | libevent_free: release ptr-libevent@0x561a36f45898 | free_event_entry: release EVENT_NULL-pe@0x561a36fab7b8 | libevent_free: release ptr-libevent@0x561a36f4d158 | free_event_entry: release EVENT_NULL-pe@0x561a36fab868 | libevent_free: release ptr-libevent@0x561a36f4d258 | free_event_entry: release EVENT_NULL-pe@0x561a36fab918 | libevent_free: release ptr-libevent@0x561a36f4d358 | free_event_entry: release EVENT_NULL-pe@0x561a36fab9c8 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x561a36f9f818 | free_event_entry: release EVENT_NULL-pe@0x561a36f93938 | libevent_free: release ptr-libevent@0x561a36f45ec8 | free_event_entry: release EVENT_NULL-pe@0x561a36f93498 | libevent_free: release ptr-libevent@0x561a36f8c478 | free_event_entry: release EVENT_NULL-pe@0x561a36f4d408 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x561a36f519d8 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x561a36ecf728 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x561a36faae38 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x561a36fab078 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x561a36faaf48 | libevent_free: release ptr-libevent@0x561a36f8dd58 | libevent_free: release ptr-libevent@0x561a36f8dd08 | libevent_free: release ptr-libevent@0x561a36f45218 | libevent_free: release ptr-libevent@0x561a36f8dcc8 | libevent_free: release ptr-libevent@0x561a36faab08 | libevent_free: release ptr-libevent@0x561a36faad78 | libevent_free: release ptr-libevent@0x561a36f8df08 | libevent_free: release ptr-libevent@0x561a36f93508 | libevent_free: release ptr-libevent@0x561a36f93168 | libevent_free: release ptr-libevent@0x561a36faba38 | libevent_free: release ptr-libevent@0x561a36fab988 | libevent_free: release ptr-libevent@0x561a36fab8d8 | libevent_free: release ptr-libevent@0x561a36fab828 | libevent_free: release ptr-libevent@0x561a36fab778 | libevent_free: release ptr-libevent@0x561a36fab6c8 | libevent_free: release ptr-libevent@0x561a36ecea48 | libevent_free: release ptr-libevent@0x561a36faadf8 | libevent_free: release ptr-libevent@0x561a36faadb8 | libevent_free: release ptr-libevent@0x561a36faac78 | libevent_free: release ptr-libevent@0x561a36faaf08 | libevent_free: release ptr-libevent@0x561a36faab48 | libevent_free: release ptr-libevent@0x561a36f53568 | libevent_free: release ptr-libevent@0x561a36f534e8 | libevent_free: release ptr-libevent@0x561a36ecedb8 | releasing global libevent data | libevent_free: release ptr-libevent@0x561a36f536e8 | libevent_free: release ptr-libevent@0x561a36f53668 | libevent_free: release ptr-libevent@0x561a36f535e8 leak detective found no leaks