FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23750 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x563e9cbb9cf8 size 40 | libevent_malloc: new ptr-libevent@0x563e9cbb9c78 size 40 | libevent_malloc: new ptr-libevent@0x563e9cbb9bf8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x563e9cbab828 size 56 | libevent_malloc: new ptr-libevent@0x563e9cb352f8 size 664 | libevent_malloc: new ptr-libevent@0x563e9cbf42b8 size 24 | libevent_malloc: new ptr-libevent@0x563e9cbf4308 size 384 | libevent_malloc: new ptr-libevent@0x563e9cbf4278 size 16 | libevent_malloc: new ptr-libevent@0x563e9cbb9b78 size 40 | libevent_malloc: new ptr-libevent@0x563e9cbb9af8 size 48 | libevent_realloc: new ptr-libevent@0x563e9cb41818 size 256 | libevent_malloc: new ptr-libevent@0x563e9cbf44b8 size 16 | libevent_free: release ptr-libevent@0x563e9cbab828 | libevent initialized | libevent_realloc: new ptr-libevent@0x563e9cbab828 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 started thread for crypto helper 1 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | starting up helper thread 1 started thread for crypto helper 2 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 started thread for crypto helper 4 | crypto helper 3 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none> | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none> | V2_IPSEC_I: category: established CHILD SA flags: 0: <none> | V2_IPSEC_R: category: established CHILD SA flags: 0: <none> | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: <none> Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563e9cbb3a18 | libevent_malloc: new ptr-libevent@0x563e9cbf2938 size 128 | libevent_malloc: new ptr-libevent@0x563e9cbf9ab8 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563e9cbf9a48 | libevent_malloc: new ptr-libevent@0x563e9cbf29e8 size 128 | libevent_malloc: new ptr-libevent@0x563e9cbf9718 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563e9cbf9ee8 | libevent_malloc: new ptr-libevent@0x563e9cc05d48 size 128 | libevent_malloc: new ptr-libevent@0x563e9cc11038 size 16 | libevent_realloc: new ptr-libevent@0x563e9cc11078 size 256 | libevent_malloc: new ptr-libevent@0x563e9cc111a8 size 8 | libevent_realloc: new ptr-libevent@0x563e9cc111e8 size 144 | libevent_malloc: new ptr-libevent@0x563e9cbb7fe8 size 152 | libevent_malloc: new ptr-libevent@0x563e9cc112a8 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x563e9cc112e8 size 8 | libevent_malloc: new ptr-libevent@0x563e9cb256b8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x563e9cc11328 size 8 | libevent_malloc: new ptr-libevent@0x563e9cb3aa88 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x563e9cc11368 size 8 | libevent_realloc: release ptr-libevent@0x563e9cc111e8 | libevent_realloc: new ptr-libevent@0x563e9cc113a8 size 256 | libevent_malloc: new ptr-libevent@0x563e9cc114d8 size 152 | signal event handler PLUTO_SIGSYS installed | starting up helper thread 6 | created addconn helper (pid:23794) using fork+execve | forked child 23794 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.1.3.209 Kernel supports NIC esp-hw-offload adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.1.3.209:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x563e9cc118d8 | libevent_malloc: new ptr-libevent@0x563e9cc05c98 size 128 | libevent_malloc: new ptr-libevent@0x563e9cc11948 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11988 | libevent_malloc: new ptr-libevent@0x563e9cbac568 size 128 | libevent_malloc: new ptr-libevent@0x563e9cc119f8 size 16 | setup callback for interface lo 127.0.0.1:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11a38 | libevent_malloc: new ptr-libevent@0x563e9cbac618 size 128 | libevent_malloc: new ptr-libevent@0x563e9cc11aa8 size 16 | setup callback for interface eth0 192.1.3.209:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11ae8 | libevent_malloc: new ptr-libevent@0x563e9cbab548 size 128 | libevent_malloc: new ptr-libevent@0x563e9cc11b58 size 16 | setup callback for interface eth0 192.1.3.209:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 loaded private key for keyid: PKK_RSA:AQPHFfpyJ | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.27 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection clear with policy AUTH_NEVER+GROUP+PASS+NEVER_NEGOTIATE | counting wild cards for (none) is 15 | counting wild cards for (none) is 15 | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@(nil): none | new hp@0x563e9cc12ac8 added connection description "clear" | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+GROUP+PASS+NEVER_NEGOTIATE | 192.1.3.209---192.1.3.254...%group | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.102 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection clear-or-private with policy ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc15878 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc15828 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc156e8 | unreference key: 0x563e9cc18738 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | counting wild cards for ID_NULL is 0 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: clear added connection description "clear-or-private" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...%opportunisticgroup[ID_NULL] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.23 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection private-or-clear with policy ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | unreference key: 0x563e9cc19f08 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1bdf8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1bda8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1c638 | unreference key: 0x563e9cc18da8 @road.testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc199b8 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc1c0a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | secrets entry for road already exists | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | counting wild cards for ID_NULL is 0 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: clear-or-private added connection description "private-or-clear" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...%opportunisticgroup[ID_NULL] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.523 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection private with policy ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failureDROP | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | unreference key: 0x563e9cc199b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1df98 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1df48 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1e8c8 | unreference key: 0x563e9cc18738 @road.testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc18da8 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc1dfe8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | secrets entry for road already exists | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | counting wild cards for ID_NULL is 0 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: private-or-clear added connection description "private" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failureDROP | 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...%opportunisticgroup[ID_NULL] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.497 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection block with policy AUTH_NEVER+GROUP+REJECT+NEVER_NEGOTIATE | counting wild cards for (none) is 15 | counting wild cards for (none) is 15 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: private added connection description "block" | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+GROUP+REJECT+NEVER_NEGOTIATE | 192.1.3.209---192.1.3.254...%group | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0583 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection private-or-clear-all with policy ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | unreference key: 0x563e9cc18da8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc205a8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc20558 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc20ed8 | unreference key: 0x563e9cc1c0a8 @road.testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc18738 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc205f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | secrets entry for road already exists | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | counting wild cards for ID_NULL is 0 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: block added connection description "private-or-clear-all" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...%opportunisticgroup[ID_NULL] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.491 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "private-or-clear-all" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'private-or-clear-all' wasn't on the list | stop processing: connection "private-or-clear-all" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection private-or-clear-all with policy ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | unreference key: 0x563e9cc18738 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1e698 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1f1a8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563e9cc1e7f8 | unreference key: 0x563e9cc1dfe8 @road.testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc1c0a8 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc18da8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | secrets entry for road already exists | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | counting wild cards for ID_NULL is 0 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | connect_to_host_pair: 192.1.3.209:500 0.0.0.0:500 -> hp@0x563e9cc12ac8: block added connection description "private-or-clear-all" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS | 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...%opportunisticgroup[ID_NULL] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.56 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.1.3.209 | no interfaces to sort | libevent_free: release ptr-libevent@0x563e9cc05c98 | free_event_entry: release EVENT_NULL-pe@0x563e9cc118d8 | add_fd_read_event_handler: new ethX-pe@0x563e9cc118d8 | libevent_malloc: new ptr-libevent@0x563e9cc152a8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 20 | libevent_free: release ptr-libevent@0x563e9cbac568 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11988 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11988 | libevent_malloc: new ptr-libevent@0x563e9cbac568 size 128 | setup callback for interface lo 127.0.0.1:500 fd 19 | libevent_free: release ptr-libevent@0x563e9cbac618 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11a38 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11a38 | libevent_malloc: new ptr-libevent@0x563e9cbac618 size 128 | setup callback for interface eth0 192.1.3.209:4500 fd 18 | libevent_free: release ptr-libevent@0x563e9cbab548 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11ae8 | add_fd_read_event_handler: new ethX-pe@0x563e9cc11ae8 | libevent_malloc: new ptr-libevent@0x563e9cbab548 size 128 | setup callback for interface eth0 192.1.3.209:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 loaded private key for keyid: PKK_RSA:AQPHFfpyJ | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | no group file "/etc/ipsec.d/policies/private-or-clear-all" (pwd:/tmp) loading group "/etc/ipsec.d/policies/block" loading group "/etc/ipsec.d/policies/private" loading group "/etc/ipsec.d/policies/private-or-clear" loading group "/etc/ipsec.d/policies/clear-or-private" loading group "/etc/ipsec.d/policies/clear" | 192.1.3.209/32->192.1.2.254/32 0 sport 0 dport 0 clear | 192.1.3.209/32->192.1.3.254/32 0 sport 0 dport 0 clear | 192.1.3.209/32->192.1.3.253/32 0 sport 0 dport 0 clear | 192.1.3.209/32->192.1.2.253/32 0 sport 0 dport 0 clear | 192.1.3.209/32->192.1.2.0/24 0 sport 0 dport 0 private-or-clear | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.406 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "clear" (in whack_route_connection() at rcv_whack.c:106) | FOR_EACH_CONNECTION_... in conn_by_name | suspend processing: connection "clear" (in route_group() at foodgroups.c:435) | start processing: connection "clear#192.1.2.254/32" 0.0.0.0 (in route_group() at foodgroups.c:435) | could_route called for clear#192.1.2.254/32 (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.254/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.254/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: clear#192.1.2.254/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 | shunt_eroute() called for connection 'clear#192.1.2.254/32' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.2.254/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | priority calculation of connection "clear#192.1.2.254/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='192.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF | popen cmd is 1138 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.25: | cmd( 80):4/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 640):t Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_ST: | cmd( 720):ACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+: | cmd( 800):NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT: | cmd( 880):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO: | cmd( 960):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF: | cmd(1040):IGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 : | cmd(1120):ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='192.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SE | popen cmd is 1136 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.254/: | cmd( 80):32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUT: | cmd( 400):O_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEE: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 640):Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STAC: | cmd( 720):K='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NE: | cmd( 800):VER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 880):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 960):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd(1040):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ip: | cmd(1120):sec _updown 2>&1: | suspend processing: connection "clear#192.1.2.254/32" 0.0.0.0 (in route_group() at foodgroups.c:439) | start processing: connection "clear" (in route_group() at foodgroups.c:439) | FOR_EACH_CONNECTION_... in conn_by_name | suspend processing: connection "clear" (in route_group() at foodgroups.c:435) | start processing: connection "clear#192.1.3.254/32" 0.0.0.0 (in route_group() at foodgroups.c:435) | could_route called for clear#192.1.3.254/32 (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.254/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.254/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: clear#192.1.3.254/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 | shunt_eroute() called for connection 'clear#192.1.3.254/32' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.3.254/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | priority calculation of connection "clear#192.1.3.254/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='192.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF | popen cmd is 1138 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.25: | cmd( 80):4/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 640):t Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_ST: | cmd( 720):ACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+: | cmd( 800):NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT: | cmd( 880):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO: | cmd( 960):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF: | cmd(1040):IGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 : | cmd(1120):ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='192.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SE | popen cmd is 1136 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.254/: | cmd( 80):32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUT: | cmd( 400):O_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEE: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 640):Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STAC: | cmd( 720):K='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NE: | cmd( 800):VER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 880):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 960):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd(1040):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ip: | cmd(1120):sec _updown 2>&1: | suspend processing: connection "clear#192.1.3.254/32" 0.0.0.0 (in route_group() at foodgroups.c:439) | start processing: connection "clear" (in route_group() at foodgroups.c:439) | FOR_EACH_CONNECTION_... in conn_by_name | suspend processing: connection "clear" (in route_group() at foodgroups.c:435) | start processing: connection "clear#192.1.3.253/32" 0.0.0.0 (in route_group() at foodgroups.c:435) | could_route called for clear#192.1.3.253/32 (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.253/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.253/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: clear#192.1.3.253/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 | shunt_eroute() called for connection 'clear#192.1.3.253/32' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.3.253/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | priority calculation of connection "clear#192.1.3.253/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='192.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF | popen cmd is 1138 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.25: | cmd( 80):3/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 640):t Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_ST: | cmd( 720):ACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+: | cmd( 800):NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT: | cmd( 880):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO: | cmd( 960):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF: | cmd(1040):IGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 : | cmd(1120):ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='192.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SE | popen cmd is 1136 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.253/: | cmd( 80):32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUT: | cmd( 400):O_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEE: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 640):Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STAC: | cmd( 720):K='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NE: | cmd( 800):VER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 880):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 960):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd(1040):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ip: | cmd(1120):sec _updown 2>&1: | suspend processing: connection "clear#192.1.3.253/32" 0.0.0.0 (in route_group() at foodgroups.c:439) | start processing: connection "clear" (in route_group() at foodgroups.c:439) | FOR_EACH_CONNECTION_... in conn_by_name | suspend processing: connection "clear" (in route_group() at foodgroups.c:435) | start processing: connection "clear#192.1.2.253/32" 0.0.0.0 (in route_group() at foodgroups.c:435) | could_route called for clear#192.1.2.253/32 (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.253/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.253/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: clear#192.1.2.253/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 | shunt_eroute() called for connection 'clear#192.1.2.253/32' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.2.253/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | priority calculation of connection "clear#192.1.2.253/32" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564639 | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='192.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF | popen cmd is 1138 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.25: | cmd( 80):3/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 640):t Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_ST: | cmd( 720):ACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+: | cmd( 800):NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT: | cmd( 880):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO: | cmd( 960):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF: | cmd(1040):IGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 : | cmd(1120):ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | id type with ID_NONE means wildcard match | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='192.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SE | popen cmd is 1136 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.253/: | cmd( 80):32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUT: | cmd( 400):O_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEE: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 640):Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STAC: | cmd( 720):K='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NE: | cmd( 800):VER_NEGOTIATE' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 880):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 960):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd(1040):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ip: | cmd(1120):sec _updown 2>&1: | suspend processing: connection "clear#192.1.2.253/32" 0.0.0.0 (in route_group() at foodgroups.c:439) | start processing: connection "clear" (in route_group() at foodgroups.c:439) | stop processing: connection "clear" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 3.94 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0262 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.0031 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00203 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00201 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00199 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.002 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00199 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00213 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00201 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "private-or-clear" (in whack_route_connection() at rcv_whack.c:106) | FOR_EACH_CONNECTION_... in conn_by_name | suspend processing: connection "private-or-clear" (in route_group() at foodgroups.c:435) | start processing: connection "private-or-clear#192.1.2.0/24" (in route_group() at foodgroups.c:435) | could_route called for private-or-clear#192.1.2.0/24 (kind=CK_TEMPLATE) | FOR_EACH_CONNECTION_... in route_owner | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "private-or-clear#192.1.2.0/24" unrouted: NULL; eroute owner: NULL | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear-all mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn block mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "private-or-clear#192.1.2.0/24" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: private-or-clear#192.1.2.0/24 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 | shunt_eroute() called for connection 'private-or-clear#192.1.2.0/24' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfe7 | IPsec Sa SPD priority set to 1564647 | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfe7 | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear#192.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P | popen cmd is 1215 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear: | cmd( 80):#192.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192: | cmd( 160):.1.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: | cmd( 240):ent, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_: | cmd( 320):CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK=': | cmd( 400):255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' : | cmd( 480):PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLI: | cmd( 560):ENT='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255: | cmd( 640):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S: | cmd( 720):TACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEG: | cmd( 800):O_PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 880):+failurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: | cmd( 960):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': | cmd(1040): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: | cmd(1120):RED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ips: | cmd(1200):ec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear#192.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO | popen cmd is 1213 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear#1: | cmd( 80):92.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1: | cmd( 160):.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: | cmd( 240):t, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_CL: | cmd( 320):IENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='25: | cmd( 400):5.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' PL: | cmd( 480):UTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIEN: | cmd( 560):T='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255.2: | cmd( 640):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STA: | cmd( 720):CK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_: | cmd( 800):PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+f: | cmd( 880):ailurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAI: | cmd( 960):LED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' P: | cmd(1040):LUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE: | cmd(1120):D='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec: | cmd(1200): _updown 2>&1: | suspend processing: connection "private-or-clear#192.1.2.0/24" (in route_group() at foodgroups.c:439) | start processing: connection "private-or-clear" (in route_group() at foodgroups.c:439) | stop processing: connection "private-or-clear" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.11 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00374 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned nothing left to do (all child processes are busy) | spent 0.00525 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "private" (in whack_route_connection() at rcv_whack.c:106) | stop processing: connection "private" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0264 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "block" (in whack_route_connection() at rcv_whack.c:106) | stop processing: connection "block" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0304 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "private-or-clear-all" (in whack_route_connection() at rcv_whack.c:106) | stop processing: connection "private-or-clear-all" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0222 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "private-or-clear-all" (in whack_route_connection() at rcv_whack.c:106) | stop processing: connection "private-or-clear-all" (in whack_route_connection() at rcv_whack.c:116) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0283 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 23794 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0189 milliseconds in signal handler PLUTO_SIGCHLD | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_ACQUIRE message | xfrm netlink msg len 376 | xfrm acquire rtattribute type 5 | xfrm acquire rtattribute type 16 | add bare shunt 0x563e9cc11e08 192.1.3.209/32:8 --1--> 192.1.2.23/32:0 => %hold 0 %acquire-netlink initiate on demand from 192.1.3.209:8 to 192.1.2.23:0 proto=1 because: acquire | find_connection: looking for policy for connection: 192.1.3.209:1/8 -> 192.1.2.23:1/0 | FOR_EACH_CONNECTION_... in find_connection_for_clients | find_connection: conn "private-or-clear#192.1.2.0/24" has compatible peers: 192.1.3.209/32 -> 192.1.2.0/24 [pri: 33554442] | find_connection: first OK "private-or-clear#192.1.2.0/24" [pri:33554442]{0x563e9cc22178} (child none) | find_connection: concluding with "private-or-clear#192.1.2.0/24" [pri:33554442]{0x563e9cc22178} kind=CK_TEMPLATE | creating new instance from "private-or-clear#192.1.2.0/24" | shunt widened for protoports since conn does not limit protocols | going to initiate opportunistic, first installing pass negotiationshunt | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfe7 | oe-negotiating eroute 192.1.3.209/32:0 --0-> 192.1.2.23/32:0 => %pass (raw_eroute) | netlink_raw_eroute: SPI_PASS | IPsec Sa SPD priority set to 1564647 | raw_eroute result=success | added bare (possibly wided) passthrough negotiationshunt succeeded (violating API) | add bare shunt 0x563e9cc22978 192.1.3.209/32:0 --0--> 192.1.2.23/32:0 => %hold 0 oe-negotiating | fiddle_bare_shunt called | fiddle_bare_shunt with transport_proto 1 | removing specific host-to-host bare shunt | delete bare kernel shunt - was replaced with negotiationshunt eroute 192.1.3.209/32:8 --1-> 192.1.2.23/32:0 => %hold (raw_eroute) | netlink_raw_eroute: SPI_PASS | raw_eroute result=success | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded | delete bare shunt 0x563e9cc11e08 192.1.3.209/32:8 --1--> 192.1.2.23/32:0 => %hold 0 %acquire-netlink | success taking down narrow bare shunt | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | checking private-or-clear-all | checking block | checking private | checking private-or-clear | checking private-or-clear#192.1.2.0/24 | checking clear-or-private | checking clear | checking clear#192.1.2.253/32 | checking clear#192.1.3.253/32 | checking clear#192.1.3.254/32 | checking clear#192.1.2.254/32 | find_host_pair: comparing 192.1.3.209:500 to 0.0.0.0:500 but ignoring ports | checking private-or-clear-all | checking block | checking private | checking private-or-clear | checking private-or-clear#192.1.2.0/24 | checking clear-or-private | checking clear | checking clear#192.1.2.253/32 | checking clear#192.1.3.253/32 | checking clear#192.1.3.254/32 | checking clear#192.1.2.254/32 | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x563e9cc23238 | oppo instantiate d="private-or-clear#192.1.2.0/24" from c="private-or-clear#192.1.2.0/24" with c->routing prospective erouted, d->routing unrouted | new oppo instance: 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...192.1.2.23[ID_NULL]===192.1.2.0/24 | oppo_instantiate() instantiated "[1] ...192.1.2.23"private-or-clear#192.1.2.0/24: 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org]---192.1.3.254...192.1.2.23[ID_NULL] | assigning negotiation_shunt to connection | assign hold, routing was unrouted, needs to be unrouted HOLD | assign_holdpass() removing bare shunt | delete bare shunt 0x563e9cc22978 192.1.3.209/32:0 --0--> 192.1.2.23/32:0 => %hold 0 oe-negotiating | assign_holdpass() done - returning success | assign_holdpass succeeded | initiate on demand from 192.1.3.209:0 to 192.1.2.23:0 proto=1 because: acquire | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x563e9cc23318 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 IKE SA #1 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 | constructing local IKE proposals for private-or-clear#192.1.2.0/24 (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23: constructed local IKE proposals for private-or-clear#192.1.2.0/24 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563e9cc25a88 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x563e9cc05c98 size 128 | #1 spent 0.359 milliseconds in ikev2_parent_outI1() | RESET processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | initiate on demand using RSASIG from 192.1.3.209 to 192.1.2.23 | spent 0.696 milliseconds in kernel message | crypto helper 0 resuming | crypto helper 0 starting work-order 1 for state #1 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000812 seconds | (#1) spent 0.812 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f3eec002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x563e9b9bdb50 | ikev2_parent_outI1_continue for #1 | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection private-or-clear#192.1.2.0/24 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 29 5b 2d 4f ed 72 22 98 e7 eb fe d6 36 81 0b db | ikev2 g^x 7c 38 dc 97 9e 64 ce bc c6 06 ff 62 fc 37 17 53 | ikev2 g^x 52 dc cc fc fb 30 90 b9 1f 9e 45 94 ed a0 ca 0f | ikev2 g^x 4c 41 88 d8 e2 98 a5 c7 d1 63 ed d6 dd 75 17 0e | ikev2 g^x 4e 2b 3f 99 c5 19 4e bb 12 f0 bb 73 66 ae dc e3 | ikev2 g^x 99 bf 83 1e 42 38 1a 1f 05 d3 41 0a bb 1d 1e 72 | ikev2 g^x a6 be 4d 5a 3b 38 bf 42 8f 77 f6 21 03 10 c9 e2 | ikev2 g^x 5f 5c e9 ba 39 a0 4c c4 ad 98 50 09 36 ef 39 8d | ikev2 g^x b2 a8 a9 7f 62 d1 1e 63 c0 f2 20 a3 25 94 18 83 | ikev2 g^x 30 77 46 64 d2 35 23 55 73 92 94 6a 6f c2 70 05 | ikev2 g^x 88 97 1e c6 58 51 75 10 c0 5d 20 73 af 5b 14 4a | ikev2 g^x ec 46 ae 92 ae aa 32 8e 88 87 ad 1f 22 b5 f9 9e | ikev2 g^x a4 83 bc 16 76 30 7a 8c 5c 5d a7 c2 4e 9c 32 5e | ikev2 g^x 3a 5e 56 08 7a 85 27 e1 ec da a1 82 18 43 98 17 | ikev2 g^x 9f 6b cf c2 30 0a b3 2e 01 9d 27 df 31 28 aa 1e | ikev2 g^x 75 01 1f 82 59 8f f8 eb 15 a4 d5 14 bb f3 b1 5b | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 0f 6e 67 f8 7d 88 c6 a9 cb b2 6d 76 4b f9 4e 8d | IKEv2 nonce 88 b4 77 27 fa 34 19 1c 58 16 a9 1d 43 16 42 7a | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | natd_hash: hasher=0x563e9ba92800(20) | natd_hash: icookie= 45 de 21 c6 8e 76 c2 02 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= c1 52 1d d8 5f 68 4b c3 c8 58 bf 1b 6a 45 a0 ea | natd_hash: hash= 22 b5 50 b9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data c1 52 1d d8 5f 68 4b c3 c8 58 bf 1b 6a 45 a0 ea | Notify data 22 b5 50 b9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | natd_hash: hasher=0x563e9ba92800(20) | natd_hash: icookie= 45 de 21 c6 8e 76 c2 02 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 29 5e 5c e3 81 9f 35 1d 68 14 bb a8 10 a3 ab a2 | natd_hash: hash= 45 7b 36 72 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 29 5e 5c e3 81 9f 35 1d 68 14 bb a8 10 a3 ab a2 | Notify data 45 7b 36 72 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 828 | stop processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 | STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 29 5b 2d 4f ed 72 22 98 | e7 eb fe d6 36 81 0b db 7c 38 dc 97 9e 64 ce bc | c6 06 ff 62 fc 37 17 53 52 dc cc fc fb 30 90 b9 | 1f 9e 45 94 ed a0 ca 0f 4c 41 88 d8 e2 98 a5 c7 | d1 63 ed d6 dd 75 17 0e 4e 2b 3f 99 c5 19 4e bb | 12 f0 bb 73 66 ae dc e3 99 bf 83 1e 42 38 1a 1f | 05 d3 41 0a bb 1d 1e 72 a6 be 4d 5a 3b 38 bf 42 | 8f 77 f6 21 03 10 c9 e2 5f 5c e9 ba 39 a0 4c c4 | ad 98 50 09 36 ef 39 8d b2 a8 a9 7f 62 d1 1e 63 | c0 f2 20 a3 25 94 18 83 30 77 46 64 d2 35 23 55 | 73 92 94 6a 6f c2 70 05 88 97 1e c6 58 51 75 10 | c0 5d 20 73 af 5b 14 4a ec 46 ae 92 ae aa 32 8e | 88 87 ad 1f 22 b5 f9 9e a4 83 bc 16 76 30 7a 8c | 5c 5d a7 c2 4e 9c 32 5e 3a 5e 56 08 7a 85 27 e1 | ec da a1 82 18 43 98 17 9f 6b cf c2 30 0a b3 2e | 01 9d 27 df 31 28 aa 1e 75 01 1f 82 59 8f f8 eb | 15 a4 d5 14 bb f3 b1 5b 29 00 00 24 0f 6e 67 f8 | 7d 88 c6 a9 cb b2 6d 76 4b f9 4e 8d 88 b4 77 27 | fa 34 19 1c 58 16 a9 1d 43 16 42 7a 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 c1 52 1d d8 | 5f 68 4b c3 c8 58 bf 1b 6a 45 a0 ea 22 b5 50 b9 | 00 00 00 1c 00 00 40 05 29 5e 5c e3 81 9f 35 1d | 68 14 bb a8 10 a3 ab a2 45 7b 36 72 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x563e9cc05c98 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563e9cc25a88 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x563e9cc25a88 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x563e9cc25bb8 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29578.332677 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 1.14 milliseconds in resume sending helper answer | stop processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f3eec002888 | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 437 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 d6 93 df 10 | a4 87 4d a9 7d 34 5b 0e 23 aa db 53 29 45 b6 46 | 30 25 5c c6 80 68 31 93 cc c9 a2 21 55 38 07 e0 | 90 5f 98 7c f3 ca 2b 9a 3f b5 1e 4c d6 b4 5c 64 | 56 21 87 3c f4 ec 76 0b 7c 33 e6 0a e2 75 bd cc | a4 de f3 1e 8b fe ab d9 d9 d4 f3 b7 52 ca 71 dc | ae bb 55 cb bf 48 6e ca 35 5c f1 12 9b 89 1e e4 | 98 a2 0e b8 c8 22 73 65 c3 de cb cb d4 0b 38 73 | b6 c3 56 4d f3 d0 7e 48 cf 9c ed 1f 31 36 81 7c | 0b c4 15 82 99 b2 2f a0 21 94 aa 5f 8f 4d 18 4b | 68 e9 e6 20 52 33 50 f9 f6 90 97 93 09 63 29 bf | 3d 93 3c 0c 4b 82 48 3d 1d 3e 59 2a be a9 06 e1 | af 19 b5 67 22 ba a1 2d fe 59 58 80 8d 27 85 20 | fd de bd f0 5f 03 7a 35 59 af f2 6c d4 b6 90 01 | bd 65 0b 56 d7 07 3c e6 04 71 66 4d 84 2e 44 03 | e8 f9 d9 ba 8c 80 9a 0d 7a f8 ad 43 02 6c 17 e4 | 70 3b da c5 a5 f2 98 7a fa ea 68 14 29 00 00 24 | e7 a5 ae 84 cd 8b 82 83 97 f0 94 e3 f4 83 ea eb | 4b 81 7b 09 ed 0b a9 e1 0c 87 4a 4a 89 8f f9 1f | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 48 93 a6 9b e4 b8 8d af f1 55 7b eb 83 91 f0 0d | 49 b2 a0 65 26 00 00 1c 00 00 40 05 d9 43 fa 73 | 71 9e 42 58 a4 d2 73 33 79 d0 07 b5 83 e3 37 4e | 00 00 00 05 04 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 437 (0x1b5) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) | ***parse IKEv2 Certificate Request Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 5 (0x5) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | using existing local IKE proposals for connection private-or-clear#192.1.2.0/24 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | natd_hash: hasher=0x563e9ba92800(20) | natd_hash: icookie= 45 de 21 c6 8e 76 c2 02 | natd_hash: rcookie= 56 b8 4c 3f 69 6a 43 06 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= d9 43 fa 73 71 9e 42 58 a4 d2 73 33 79 d0 07 b5 | natd_hash: hash= 83 e3 37 4e | natd_hash: hasher=0x563e9ba92800(20) | natd_hash: icookie= 45 de 21 c6 8e 76 c2 02 | natd_hash: rcookie= 56 b8 4c 3f 69 6a 43 06 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 48 93 a6 9b e4 b8 8d af f1 55 7b eb 83 91 f0 0d | natd_hash: hash= 49 b2 a0 65 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x563e9cc25bb8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x563e9cc25a88 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563e9cc25a88 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f3eec002888 size 128 | #1 spent 0.205 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.438 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.448 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 2 for state #1 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001103 seconds | (#1) spent 1.11 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f3ee4000f48 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x563e9b9bdb50 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | creating state object #2 at 0x563e9cc28428 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 as #2 for IPSEC SA | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1484) | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f3eec002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563e9cc25a88 | event_schedule: new EVENT_SA_REPLACE-pe@0x563e9cc25a88 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f3eec002888 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: OK to send a certificate (always) | IDr payload will be sent | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_DER_ASN1_DN (0x9) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 183 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 | my identity 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 | my identity 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of IKEv2 Identification - Initiator - Payload: 191 | Sending [CERT] of certificate: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | ****emit IKEv2 Certificate Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' | emitting 1224 raw bytes of CERT into IKEv2 Certificate Payload | CERT 30 82 04 c4 30 82 04 2d a0 03 02 01 02 02 01 05 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 | CERT 6f 61 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 | CERT 6f 61 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 de eb 73 26 86 d7 | CERT 2c 84 21 13 0e a4 23 30 11 c6 d4 b1 e8 99 58 5b | CERT 54 fa 8c cb 90 bf aa 54 64 e2 ef 00 f9 df b2 5a | CERT 20 d0 1f fd fb 02 a8 d4 60 ac 44 ab c0 91 e1 eb | CERT 81 59 f7 6d 08 30 04 c9 63 5f 07 58 6a d7 e6 ff | CERT 96 d3 79 c2 a1 6b d3 24 00 31 74 f3 8f b4 e9 17 | CERT af d1 3c 33 ee 8b a9 19 b2 03 f1 98 8a 60 f2 f6 | CERT 14 4b 31 a3 8b cb cb ae 31 d9 70 5a 88 2d cc c8 | CERT 77 e8 27 1f 75 07 9a 9b cc 5a 53 bd 69 be 82 0e | CERT 9c b9 3b c8 4f fa 84 87 bb b6 0d 2d ff 11 a1 2d | CERT 51 d4 3f c2 93 09 22 b4 2e 48 0e 77 81 b6 79 ee | CERT 31 37 3d 55 2f 3d 4f 0e 26 7e 73 34 4f 0d d1 90 | CERT 84 c9 06 53 b6 31 7f 6e 62 51 c6 35 3b a1 03 8a | CERT 8b 62 bb 4d 37 a5 44 42 54 a2 10 80 5f 75 0e 17 | CERT a0 4e d8 46 e8 02 bf a1 f5 e5 2a 2e 5c dc b2 d7 | CERT 93 d9 04 45 51 1d 5e 7d d8 fd 03 96 0c d5 02 5b | CERT 72 03 26 b7 d6 cd a0 18 86 a7 07 d0 74 c6 07 e8 | CERT 5c 1f 7a af be d0 ae b8 e7 7a 3b cf 5c fa ca ea | CERT ae c3 6f 85 22 9b 46 81 be 7c 89 15 4f 06 47 30 | CERT 9f bb ee 24 55 e2 21 cd 8e 93 f5 0e 33 49 5d 50 | CERT 48 39 ac ab 37 59 f8 a2 61 be a0 81 d5 25 97 2f | CERT 8b 2f bd d9 47 a4 5c a5 3b c0 99 19 c5 fb 43 da | CERT 6f 6c 33 54 60 af 00 d5 41 12 60 e5 bb 07 b8 76 | CERT 8a 55 c4 c3 47 8b bd 12 bc e8 5e 94 62 7a 20 91 | CERT 11 fb 23 b7 2d f5 6f 73 b6 a9 02 03 01 00 01 a3 | CERT 81 e3 30 81 e0 30 09 06 03 55 1d 13 04 02 30 00 | CERT 30 25 06 03 55 1d 11 04 1e 30 1c 82 1a 72 6f 61 | CERT 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 | CERT 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14 06 | CERT 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 | CERT 07 03 02 30 41 06 08 2b 06 01 05 05 07 01 01 04 | CERT 35 30 33 30 31 06 08 2b 06 01 05 05 07 30 01 86 | CERT 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | CERT 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | CERT 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 | CERT 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f | CERT 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 | CERT 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 | CERT 01 0b 05 00 03 81 81 00 79 c0 dc 4f ca 3c 5f 4e | CERT 21 3c 76 b0 44 66 c8 74 40 7b 34 5d 63 96 6e ee | CERT c5 df ef 0f fe c2 e4 25 18 39 25 d8 f8 6a b8 87 | CERT f9 17 94 73 7f 8d fb 7d 9d 24 5e c5 95 19 96 3e | CERT 04 dd 8a d0 ad 11 f4 97 32 43 d2 f3 1a d3 1c b1 | CERT e9 01 90 f2 72 36 cf d4 bd 14 e6 ad 8d d2 84 3b | CERT 92 94 99 40 21 16 68 aa e7 5e ac 95 88 11 40 55 | CERT 28 90 af 7f 98 b1 80 36 c5 18 f7 6e 43 40 bc 93 | CERT 86 b3 f1 aa b3 89 b4 15 | emitting length of IKEv2 Certificate Payload: 1229 | IKEv2 CERTREQ: send a cert request? | IKEv2 CERTREQ: no CA DN known to send | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_NULL (0xd) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 0 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr | emitting length of IKEv2 Identification - Responder - Payload: 8 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_RSA (0x1) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org->ID_NULL of kind PKK_RSA | searching for certificate PKK_RSA:AQPHFfpyJ vs PKK_RSA:AwEAAd7rc | private key for cert road not found in local cache; loading from NSS DB | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | searching for certificate PKK_RSA:AwEAAd7rc vs PKK_RSA:AwEAAd7rc | #1 spent 7.45 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload | rsa signature 1e cc 08 d0 5f ac e4 5f 10 e2 42 a5 2c f8 97 83 | rsa signature 51 a2 7f a0 52 0b 5e 1d db 0e 3c 2e c7 05 24 2f | rsa signature 96 34 0f fd 97 14 05 11 25 bd c1 1b 5a 1f 63 4b | rsa signature a2 32 02 b3 5b 9a 33 e8 22 42 ed 2e 0e 31 40 33 | rsa signature f5 a6 4e a1 17 5e fd 7a 0c 1d 48 34 4b b6 77 3c | rsa signature 2d 7c 00 92 21 68 0f 89 85 33 13 f8 fd d6 db 33 | rsa signature 4a 53 27 d7 e1 49 e4 0c 26 6d 8c 6b 13 48 60 be | rsa signature 55 06 0c e5 cd 31 26 32 5f 98 45 0d 8e bf f9 b9 | rsa signature 72 c9 c1 87 3e 67 37 5c 19 01 a4 05 6d e8 23 d6 | rsa signature 80 99 8f 0e d7 4d 51 39 d7 00 12 24 ac 35 38 40 | rsa signature c3 2d 33 07 3f e4 5c 16 22 f4 90 25 f1 04 68 c2 | rsa signature 8d ad ad 42 9c 52 6e e4 33 75 bd b3 6d 37 3d e6 | rsa signature 50 6d 85 28 e2 20 47 a3 94 78 78 48 ae 0e 37 26 | rsa signature 10 4f 30 f9 63 bf 6a 5c fa 0c 13 a1 e3 2e 4e a8 | rsa signature db a1 28 c1 c8 49 e0 17 86 5c 66 55 b2 41 86 a7 | rsa signature 0a fc 09 cd ea 2b f6 5d b2 93 89 17 13 93 8a a5 | rsa signature d6 b1 47 2e f9 d6 7c 3a cb fa 22 78 6a 85 b5 de | rsa signature 55 aa d2 ca 04 71 42 a5 7d 5a 4c 16 df 94 9c e8 | rsa signature aa e4 9a cb 36 50 7e a7 72 2d 6e ad 3e 52 1a 9f | rsa signature 83 da 82 f5 fd b0 9f 5d e6 9d 2b b6 58 c1 73 b6 | rsa signature de 43 b8 60 99 48 63 0f 1e 71 ca 0f 98 39 f1 5a | rsa signature a3 64 61 6a 6c 0a fd 01 8e 75 ad e4 7c 05 74 7f | rsa signature 51 47 80 24 29 37 21 95 94 42 b9 4b a3 6f 77 4c | rsa signature 11 af 57 4f fb 6c f9 f4 34 86 32 4f da f1 52 2a | #1 spent 7.86 milliseconds in ikev2_calculate_rsa_hash() | emitting length of IKEv2 Authentication Payload: 392 | getting first pending from state #1 | netlink_get_spi: allocated 0xac2a2f4b for esp.0@192.1.3.209 | constructing ESP/AH proposals with all DH removed for private-or-clear#192.1.2.0/24 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23: constructed local ESP/AH proposals for private-or-clear#192.1.2.0/24 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ac 2a 2f 4b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ac 2a 2f 4b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ac 2a 2f 4b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ac 2a 2f 4b | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 01 03 d1 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 01 03 d1 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 01 02 17 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 01 02 17 | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 2061 | emitting length of ISAKMP Message: 2089 | **parse ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 2089 (0x829) | **parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 2061 (0x80d) | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | fragment number: 1 (0x1) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 | cleartext fragment 55 04 03 0c 1a 72 6f 61 64 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f | cleartext fragment 75 73 65 72 2d 72 6f 61 64 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 24 | cleartext fragment 00 04 cd 04 30 82 04 c4 30 82 04 2d a0 03 02 01 | cleartext fragment 02 02 01 05 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 2 (0x2) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 | cleartext fragment 55 04 03 0c 1a 72 6f 61 64 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f | cleartext fragment 75 73 65 72 2d 72 6f 61 64 40 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 | cleartext fragment de eb 73 26 86 d7 2c 84 21 13 0e a4 23 30 11 c6 | cleartext fragment d4 b1 e8 99 58 5b 54 fa 8c cb 90 bf aa 54 64 e2 | cleartext fragment ef 00 f9 df b2 5a 20 d0 1f fd fb 02 a8 d4 60 ac | cleartext fragment 44 ab c0 91 e1 eb 81 59 f7 6d 08 30 04 c9 63 5f | cleartext fragment 07 58 6a d7 e6 ff 96 d3 79 c2 a1 6b d3 24 00 31 | cleartext fragment 74 f3 8f b4 e9 17 af d1 3c 33 ee 8b a9 19 b2 03 | cleartext fragment f1 98 8a 60 f2 f6 14 4b 31 a3 8b cb cb ae 31 d9 | cleartext fragment 70 5a 88 2d cc c8 77 e8 27 1f 75 07 9a 9b cc 5a | cleartext fragment 53 bd 69 be 82 0e 9c b9 3b c8 4f fa 84 87 bb b6 | cleartext fragment 0d 2d ff 11 a1 2d 51 d4 3f c2 93 09 22 b4 2e 48 | cleartext fragment 0e 77 81 b6 79 ee 31 37 3d 55 2f 3d 4f 0e 26 7e | cleartext fragment 73 34 4f 0d d1 90 84 c9 06 53 b6 31 7f 6e 62 51 | cleartext fragment c6 35 3b a1 03 8a 8b 62 bb 4d 37 a5 44 42 54 a2 | cleartext fragment 10 80 5f 75 0e 17 a0 4e d8 46 e8 02 bf a1 f5 e5 | cleartext fragment 2a 2e 5c dc b2 d7 93 d9 04 45 51 1d 5e 7d d8 fd | cleartext fragment 03 96 0c d5 02 5b 72 03 26 b7 d6 cd a0 18 86 a7 | cleartext fragment 07 d0 74 c6 07 e8 5c 1f 7a af be d0 ae b8 e7 7a | cleartext fragment 3b cf 5c fa ca ea ae c3 6f 85 22 9b 46 81 be 7c | cleartext fragment 89 15 4f 06 47 30 9f bb ee 24 55 e2 21 cd | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 3 (0x3) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 8e 93 f5 0e 33 49 5d 50 48 39 ac ab 37 59 f8 a2 | cleartext fragment 61 be a0 81 d5 25 97 2f 8b 2f bd d9 47 a4 5c a5 | cleartext fragment 3b c0 99 19 c5 fb 43 da 6f 6c 33 54 60 af 00 d5 | cleartext fragment 41 12 60 e5 bb 07 b8 76 8a 55 c4 c3 47 8b bd 12 | cleartext fragment bc e8 5e 94 62 7a 20 91 11 fb 23 b7 2d f5 6f 73 | cleartext fragment b6 a9 02 03 01 00 01 a3 81 e3 30 81 e0 30 09 06 | cleartext fragment 03 55 1d 13 04 02 30 00 30 25 06 03 55 1d 11 04 | cleartext fragment 1e 30 1c 82 1a 72 6f 61 64 2e 74 65 73 74 69 6e | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 | cleartext fragment 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 1d 06 03 | cleartext fragment 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 | cleartext fragment 01 06 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b | cleartext fragment 06 01 05 05 07 01 01 04 35 30 33 30 31 06 08 2b | cleartext fragment 06 01 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f | cleartext fragment 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | cleartext fragment 65 73 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d | cleartext fragment 06 03 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 | cleartext fragment 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 | cleartext fragment 67 2f 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 | cleartext fragment 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 | cleartext fragment 79 c0 dc 4f ca 3c 5f 4e 21 3c 76 b0 44 66 c8 74 | cleartext fragment 40 7b 34 5d 63 96 6e ee c5 df ef 0f fe c2 e4 25 | cleartext fragment 18 39 25 d8 f8 6a b8 87 f9 17 94 73 7f 8d fb 7d | cleartext fragment 9d 24 5e c5 95 19 96 3e 04 dd 8a d0 ad 11 f4 97 | cleartext fragment 32 43 d2 f3 1a d3 1c b1 e9 01 90 f2 72 36 cf d4 | cleartext fragment bd 14 e6 ad 8d d2 84 3b 92 94 99 40 21 16 68 aa | cleartext fragment e7 5e ac 95 88 11 40 55 28 90 af 7f 98 b1 80 36 | cleartext fragment c5 18 f7 6e 43 40 bc 93 86 b3 f1 aa b3 89 b4 15 | cleartext fragment 27 00 00 08 0d 00 00 00 21 00 01 88 01 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 4 (0x4) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 00 00 1e cc 08 d0 5f ac e4 5f 10 e2 42 a5 2c f8 | cleartext fragment 97 83 51 a2 7f a0 52 0b 5e 1d db 0e 3c 2e c7 05 | cleartext fragment 24 2f 96 34 0f fd 97 14 05 11 25 bd c1 1b 5a 1f | cleartext fragment 63 4b a2 32 02 b3 5b 9a 33 e8 22 42 ed 2e 0e 31 | cleartext fragment 40 33 f5 a6 4e a1 17 5e fd 7a 0c 1d 48 34 4b b6 | cleartext fragment 77 3c 2d 7c 00 92 21 68 0f 89 85 33 13 f8 fd d6 | cleartext fragment db 33 4a 53 27 d7 e1 49 e4 0c 26 6d 8c 6b 13 48 | cleartext fragment 60 be 55 06 0c e5 cd 31 26 32 5f 98 45 0d 8e bf | cleartext fragment f9 b9 72 c9 c1 87 3e 67 37 5c 19 01 a4 05 6d e8 | cleartext fragment 23 d6 80 99 8f 0e d7 4d 51 39 d7 00 12 24 ac 35 | cleartext fragment 38 40 c3 2d 33 07 3f e4 5c 16 22 f4 90 25 f1 04 | cleartext fragment 68 c2 8d ad ad 42 9c 52 6e e4 33 75 bd b3 6d 37 | cleartext fragment 3d e6 50 6d 85 28 e2 20 47 a3 94 78 78 48 ae 0e | cleartext fragment 37 26 10 4f 30 f9 63 bf 6a 5c fa 0c 13 a1 e3 2e | cleartext fragment 4e a8 db a1 28 c1 c8 49 e0 17 86 5c 66 55 b2 41 | cleartext fragment 86 a7 0a fc 09 cd ea 2b f6 5d b2 93 89 17 13 93 | cleartext fragment 8a a5 d6 b1 47 2e f9 d6 7c 3a cb fa 22 78 6a 85 | cleartext fragment b5 de 55 aa d2 ca 04 71 42 a5 7d 5a 4c 16 df 94 | cleartext fragment 9c e8 aa e4 9a cb 36 50 7e a7 72 2d 6e ad 3e 52 | cleartext fragment 1a 9f 83 da 82 f5 fd b0 9f 5d e6 9d 2b b6 58 c1 | cleartext fragment 73 b6 de 43 b8 60 99 48 63 0f 1e 71 ca 0f 98 39 | cleartext fragment f1 5a a3 64 61 6a 6c 0a fd 01 8e 75 ad e4 7c 05 | cleartext fragment 74 7f 51 47 80 24 29 37 21 95 94 42 b9 4b a3 6f | cleartext fragment 77 4c 11 af 57 4f fb 6c f9 f4 34 86 32 4f da f1 | cleartext fragment 52 2a 2c 00 00 a4 02 00 00 20 01 03 04 02 ac 2a | cleartext fragment 2f 4b 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 ac 2a | cleartext fragment 2f 4b 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 ac 2a | cleartext fragment 2f 4b 03 00 00 0c 01 00 00 0c 80 0e 01 00 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 511 | emitting length of ISAKMP Message: 539 | **emit ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encrypted Fragment: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | fragment number: 5 (0x5) | total fragments: 5 (0x5) | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment | emitting 120 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment | cleartext fragment 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | cleartext fragment 00 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 | cleartext fragment ac 2a 2f 4b 03 00 00 0c 01 00 00 0c 80 0e 00 80 | cleartext fragment 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | cleartext fragment 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 | cleartext fragment 07 00 00 10 00 00 ff ff c0 01 03 d1 c0 01 03 d1 | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | cleartext fragment c0 01 02 17 c0 01 02 17 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment | emitting length of IKEv2 Encrypted Fragment: 153 | emitting length of ISAKMP Message: 181 | suspend processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 | STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending fragments ... | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff | 00 01 00 05 f2 f8 b5 b9 fc f4 c9 87 0a c0 dd da | 02 a7 26 57 75 e8 03 a3 66 34 0b 74 8f fa e9 b1 | 2d 32 e1 7e 41 0a 8b c9 9f 79 57 01 91 15 c8 5f | fc 44 93 cf b8 33 0a 25 7a 8d 82 0d ac ea 16 63 | 04 7b e2 72 20 ef ec 5e 06 5a 29 c4 41 3a 6b c6 | a0 00 36 b2 f9 de be 67 84 0c 67 0c 33 b7 94 d2 | 2f a1 22 12 07 d3 d8 a2 40 6c 51 38 51 03 8a 0b | 22 da 63 bf ac d5 28 64 6b 9c fb 4e 88 70 23 95 | 82 94 db 85 b6 8d 8f 3c 10 9c f6 5e fe 75 7f 03 | 67 62 ca 9a ff 8f 60 ee fa 88 50 95 18 69 ec 17 | 0b 9d 1f 03 5e d9 9a e3 5f 66 ba cc 07 f7 8f d0 | 13 d1 9b de 88 1b 3f d7 0d f6 94 59 e1 fc 05 49 | 5e 74 07 0e 3d f0 70 73 a1 9a 72 95 1a e3 ea 1d | 16 5e 15 42 d7 56 79 3a c8 21 63 ea cd 55 9c 99 | c4 a5 79 a7 70 43 b4 78 ef b2 b7 16 ee 1d d2 90 | e8 99 92 d1 24 dc c1 79 22 f6 af 91 38 14 f3 10 | ce ee 1d 1a 2b 9c 5e 00 94 bf 07 7b 1b c4 05 90 | 13 42 5c e9 a5 ad 63 aa e0 db f0 38 75 51 ca 3b | b3 41 08 31 30 b9 5f 99 ed 6b 88 87 9f b7 ba 63 | 03 9a 53 59 34 9c 93 15 83 72 9f 7a 76 dc 97 a2 | f0 d2 88 c2 5c 89 b4 26 17 b7 83 49 7f d5 9e 42 | dd 23 be b2 83 00 f5 1a aa a1 e0 2d 70 48 18 07 | 37 0b 12 f6 b4 65 45 1a c1 61 88 7f 78 37 73 52 | 82 bc 21 90 37 e9 2b 6a a7 3a ed 8d 0d da e3 be | a9 db 31 fd 6a 0f 83 e3 1e e4 43 89 74 66 c5 ea | 51 3a 1e 3c b7 c3 00 9d 2b 87 88 65 32 0a 2e 2d | 9e 1f 3e d7 a4 26 40 63 f5 67 21 87 8a 0f 53 f7 | 04 8f 79 24 58 22 73 2f 25 06 0d af 83 b7 1c 7b | 35 9f 96 3c 96 fd 57 97 e3 e8 77 21 0a e0 36 1a | b5 3e bf 7f 82 02 3c d6 80 07 02 af 1a 23 b9 50 | bd 89 62 d6 76 cc 2d 69 f8 c4 c9 73 3c 70 71 53 | df 72 99 7e a7 b1 fb 68 db 3f 15 | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 02 00 05 5b 09 6a a3 a7 95 11 07 96 32 a5 06 | 5e a4 90 b5 1a d9 11 93 40 e3 c8 92 d1 c1 47 c5 | 72 b7 5c 11 d2 04 a9 72 6f f3 4d d8 75 27 fe 5e | 35 91 69 21 fe cd ec d8 5e bd bc 1f e2 b0 2b 62 | 90 5b ad a3 48 42 98 77 e9 6a 89 37 fc 95 ea 5a | 85 74 02 97 bd c2 1b 7b c1 a7 b9 49 ed 86 ca c6 | 04 07 0e 48 a4 cd e4 f0 f7 5a 97 33 6e 83 8a 8e | 33 8b e2 32 28 cf 0d 66 c3 09 cf ff 9a 23 07 88 | d3 22 5b 6e e4 b2 a5 52 52 c6 b0 45 72 28 bb 2c | 30 2e 18 3e 53 37 bd 3c bd 95 a9 4b 6e 29 b1 0d | bf 1c 01 65 42 d2 19 48 6d c4 8f b7 14 e7 09 cb | 77 c3 fa a8 ad 1b 61 c7 e5 dd 98 ab 7b 49 20 9a | 4e 14 2e a7 b2 34 99 1a 41 7d 44 8e ac 1e 55 45 | 08 de 47 eb f0 7f 02 cc 27 49 7c d9 b5 4b 3b cb | e4 34 29 47 d5 3f 7e 35 3a cc ff 7e ac 7c c3 e0 | f9 0a c9 9b b3 e7 cb 09 f3 a5 c8 0f bb 24 32 e0 | bd 0d 01 01 fb 4d 14 8c ba 87 d2 66 ae 3f c9 04 | da de 01 8f 4a 3c 33 88 48 bb a5 f1 5f 28 cc e9 | 7d 70 5d 1d 55 eb c6 40 d6 45 4e 1e 73 92 75 95 | 3a b2 ae 9a 87 9f 60 e2 47 d1 32 6a 50 34 d9 96 | 95 a4 64 3d e5 cb 6b 6f 6f a8 2c 6c ec 4b 4d 9f | 65 70 90 f0 97 74 eb 76 dc a4 df 4b b3 a5 00 14 | 9c 10 0f 43 66 4d fd 84 d9 c8 c3 8e 87 66 f2 76 | 1e 89 f8 f0 cd 5f dc 2c a8 2a 9a 73 a3 fc d5 45 | 7e 66 41 23 97 a4 09 5e c8 c8 a7 e8 b5 df c0 e4 | 0c 85 85 1b 25 b4 f5 57 f4 ab c6 1c e9 65 84 cf | b0 53 92 3c f4 05 67 f0 f1 79 48 28 02 99 8e 2e | 40 a0 68 e2 d1 82 49 b9 d9 da 89 31 97 8d 7d 77 | ed 2e 50 0e cd 26 39 a4 12 f7 94 94 8f 4d 24 3a | 86 06 1a 0b 06 06 b2 74 af 71 7d aa 0e fd c8 c2 | d2 0e a9 ab 15 4f ca ce d1 23 e1 ac 0c 96 31 62 | 9e bb 98 f7 68 ec a5 f6 79 c2 a8 | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 03 00 05 1e d2 6c 3f fd f9 d7 d9 13 72 fc 14 | 60 a3 e4 3c 2f 97 ad e4 2d e7 ef b0 c5 d7 13 03 | 42 57 4c 30 94 fd 5f 11 35 fc b2 6a 57 a8 01 fb | a1 b4 9e bd a8 8a 5b c6 cf 1c d2 0a b6 9d 10 fc | 60 8f c1 41 f2 72 0e b1 33 57 3d c0 c1 92 80 4f | ee 90 3e cc b4 b5 1b b6 7f 6f 7b ca 8f 7c 59 68 | 8f 5f 5c 82 82 93 f5 94 38 9c c3 28 d0 da c0 62 | 1e 7c 83 23 5f 10 4b 0f 88 48 c5 38 52 1d 20 27 | 86 94 f1 bb b8 93 5b 0e a8 4d f7 ff e8 65 18 26 | 4c c0 e8 9b 5b 6f 25 3d c2 87 33 4b d2 e8 b3 07 | 24 a5 fd be 94 20 f4 2f cc 18 1f d5 92 c3 cd 0e | e9 0c b4 f3 83 ae 54 7c 73 79 a3 ef 8d 02 4a 73 | 54 60 00 6f ac b7 7b 1b fd 30 06 a8 3c 37 b0 25 | 14 26 c3 73 72 79 c5 64 1c 20 48 00 d8 d5 bb 96 | 3f 00 56 1c 94 2f 35 b1 4a 74 0a 03 94 be b0 44 | 21 2d a8 d6 ff 98 e8 da de 9b 09 38 2f d8 ad 4e | 8a 66 e9 5c 74 a7 6f 14 b7 8c e8 d5 a1 fc 02 89 | d6 36 30 ff 22 cf a6 8f f1 51 b7 d0 b2 6f 1c bc | 77 92 07 3e 43 34 cf c4 67 74 a7 71 e5 17 c9 ea | 1a d0 31 e1 03 53 f7 82 50 55 28 49 54 38 75 c6 | 34 5b 60 1c 99 de 44 31 c9 99 92 7e a7 4b 49 4f | 81 37 97 c4 be d4 5a 23 e4 5e 22 83 d7 c9 95 ba | 16 3d af dd 48 61 bd 7e 46 ec 62 1e 2d 5a 2a 66 | 4d 8b 81 dd 4c 4f 95 82 fe a9 86 36 33 8b 9e b0 | 2a 99 1e d1 e7 16 7b 5c c1 f0 dd df fa 41 c8 12 | ee b1 00 7c 99 99 0c 33 e6 0f 77 65 2d 47 df f3 | f7 9b 60 58 bf 20 b1 df 2e 3f 03 1b 99 e2 c5 2a | 1e 18 42 72 86 a9 1d 88 ce 3c db 93 b6 40 62 10 | fb d0 58 b4 7d f6 bc 6e 2b 94 f6 49 bb 9a eb 52 | da 19 8c 08 ca f5 66 fe 6e 3f c2 48 72 17 fa 6f | 66 63 f4 9d dd 80 51 ec 19 a5 45 74 52 7d c9 72 | 6e f8 81 6f f1 42 e6 c8 13 0c 2f | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff | 00 04 00 05 ed 9f dc d3 ec 94 5e 36 03 7f 2b bf | 04 08 cf 45 b9 d9 51 2e 5c 47 b4 19 34 5b e8 0e | 01 0d 77 bb c0 dd 03 0a 12 22 8a e9 c1 a8 cb 47 | 68 99 ba d8 bc f5 cf fa 72 ff 64 cf 33 cd e6 3d | 7c c8 ee b6 a5 61 77 ae 58 e9 89 df 67 ec f3 50 | 6a cf 00 f0 90 38 38 5b ff 3a d9 b0 93 9b bc 37 | 2d 0d 62 39 27 c1 da 0c 9c 11 fa 13 73 ee 70 b1 | 12 39 6f 02 28 92 06 8a a2 fc cd de 6d 80 07 ff | 34 41 30 7c f9 b0 f1 4e 62 0f 87 8e 9c c7 ec 6f | ee b0 ba 02 e9 41 17 e1 03 76 29 5f 4c 53 d7 bb | 3d 74 34 e4 16 30 45 e9 79 6e f8 e2 42 b2 07 d6 | 6c da 9e 1c 17 d6 0d f3 86 c0 eb 36 fb 14 4f cd | 27 40 e4 da 6b 17 a5 e0 37 6b 89 42 7b 91 02 67 | 2f 65 c4 79 37 c2 c4 92 7b 08 5e 98 22 ab 5d 14 | b4 0f 64 20 f9 a0 3f 25 c5 96 d1 d2 16 9e 41 80 | 20 66 da b3 4f 35 02 6b 92 26 b4 56 8d 44 29 e1 | 07 a1 e0 26 56 4c a1 3a ab 42 8c e2 09 b9 71 07 | 7b a8 e7 02 d5 08 f6 a4 17 b5 f4 51 ea f6 5d b6 | 37 8e 00 f2 bd 92 4a 12 a7 28 cc 37 ff 21 fa 11 | 16 60 94 2c 97 c2 02 39 54 a3 86 c1 21 38 ee 46 | f7 9e 23 f0 df c6 1d 9a 37 a5 fe b2 49 ea ce 9e | 5f 41 46 22 11 03 ad 7f c2 61 2b 89 a6 6f 2f 3e | 90 bb 59 35 fd 9e 75 63 c1 d7 72 9d 01 0a d8 08 | 6b 22 b7 42 a1 ac ae fa ae e6 0f 74 b0 e5 13 67 | 44 40 b2 93 90 8d dd 20 ef f8 e3 c1 74 a1 c5 dc | 8e 4c 2c 7f 74 e2 69 4d ae 1d 47 cc d0 53 2b e0 | 5f 5f 7c 52 c4 4a 94 c9 57 4b 91 01 a8 a6 9a b7 | 28 02 46 3d 02 52 32 3b f0 3a a3 7e ff 4f 68 02 | 47 05 74 f8 0b 53 eb ee 7b 80 cc 7c 02 d7 36 04 | 8b 76 94 6e f8 3c f1 69 e6 12 8c 31 ee fe 26 04 | e2 75 35 af 3d b9 7f c3 18 a8 22 f2 1a bb e3 5b | cd 13 4e fe 45 18 fd 50 23 2c e2 | sending 181 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 35 20 23 08 00 00 00 01 00 00 00 b5 00 00 00 99 | 00 05 00 05 1a 1f a3 1a 16 e2 9e 9b 63 6e de 57 | 7e dd a7 75 7c 94 86 da c0 1b e8 46 bf 33 84 0f | 01 59 49 1e eb 3a 34 4e 1f 51 be 51 b6 68 77 da | b3 99 60 fe 0e 31 f1 f7 82 38 17 a4 b8 a5 cc 1a | 59 f5 18 7d 76 98 0f 16 7a b3 e5 9d 59 b1 b4 cf | ae 75 94 b3 6c de e3 37 98 90 cf a5 08 f0 60 ec | b3 75 19 9f 70 ef 21 13 83 74 4b 87 fb 4a a2 a4 | 32 8e 8e 3d 6a cd 73 7e f1 a2 a3 38 6b b9 f4 f9 | 61 cf e7 78 84 86 c5 53 f3 d4 b7 a8 93 ae c6 7e | 96 76 1b 8d 62 | sent 5 fragments | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x563e9cc29598 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x563e9cc25c08 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29578.346536 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 1.25 milliseconds | #1 spent 9.45 milliseconds in resume sending helper answer | stop processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f3ee4000f48 | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 45 de 21 c6 8e 76 c2 02 56 b8 4c 3f 69 6a 43 06 | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 | cd c8 c3 32 96 b4 29 d6 08 28 35 68 aa 88 19 7f | b5 3a fa a2 fc 1f 20 38 34 6e 51 2a 7c d9 9c ba | a4 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 45 de 21 c6 8e 76 c2 02 | responder cookie: | 56 b8 4c 3f 69 6a 43 06 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification | Now let's proceed with state specific processing | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED | pstats #1 ikev2.ike failed auth-failed "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: scheduling retry attempt 1 of an unlimited number | release_pending_whacks: state #2 has no whack fd | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@-1 | libevent_free: release ptr-libevent@0x563e9cc25c08 | free_event_entry: release EVENT_RETRANSMIT-pe@0x563e9cc29598 | event_schedule: new EVENT_RETRANSMIT-pe@0x563e9cc29598 | inserting event EVENT_RETRANSMIT, timeout in 59.993546 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f3ee4000f48 size 128 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.993546 seconds for retry | #2 spent 0.0321 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() | [RE]START processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.168 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.179 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00464 milliseconds in global timer EVENT_SHUNT_SCAN | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.105 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0361 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0596 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.914 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x563e9cc1c0a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc1dfe8 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x563e9cc205f8 @road.testing.libreswan.org cnt 1-- | start processing: connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 (in delete_connection() at connections.c:189) | removing pending policy for no connection {0x563e9cafd898} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted other | #2 spent 0.0321 milliseconds in total | [RE]START processing: state #2 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: deleting state (STATE_PARENT_I2) aged 29.418s and NOT sending notification | child state #2: PARENT_I2(open IKE SA) => delete | child state #2: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f3ee4000f48 | free_event_entry: release EVENT_RETRANSMIT-pe@0x563e9cc29598 | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfdf | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) | raw_eroute result=success | stop processing: connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection private-or-clear#192.1.2.0/24 | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | start processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted auth-failed | #1 spent 13.5 milliseconds in total | [RE]START processing: state #1 connection "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: deleting state (STATE_PARENT_I2) aged 29.425s and NOT sending notification | parent state #1: PARENT_I2(open IKE SA) => delete | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f3eec002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x563e9cc25a88 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection private-or-clear#192.1.2.0/24 | State DB: deleting IKEv2 state #1 in PARENT_I2 | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'private-or-clear#192.1.2.0/24' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfdf | netlink_raw_eroute: SPI_PASS | free hp@0x563e9cc23238 | flush revival: connection 'private-or-clear#192.1.2.0/24' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "private-or-clear-all" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'private-or-clear-all' wasn't on the list | stop processing: connection "private-or-clear-all" (in discard_connection() at connections.c:249) | start processing: connection "block" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'block' wasn't on the list | stop processing: connection "block" (in discard_connection() at connections.c:249) | start processing: connection "private" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'private' wasn't on the list | stop processing: connection "private" (in discard_connection() at connections.c:249) | start processing: connection "private-or-clear#192.1.2.0/24" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'private-or-clear#192.1.2.0/24' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfe7 | netlink_raw_eroute: SPI_PASS | priority calculation of connection "private-or-clear#192.1.2.0/24" is 0x17dfe7 | netlink_raw_eroute: SPI_PASS | FOR_EACH_CONNECTION_... in route_owner | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn private-or-clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn private-or-clear#192.1.2.0/24 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "private-or-clear#192.1.2.0/24" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear#192.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEGO_PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+failurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P | popen cmd is 1215 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private-or-clear: | cmd( 80):#192.1.2.0/24' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192: | cmd( 160):.1.3.209' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: | cmd( 240):ent, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_MY_: | cmd( 320):CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK=': | cmd( 400):255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16432' : | cmd( 480):PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLI: | cmd( 560):ENT='192.1.2.0/24' PLUTO_PEER_CLIENT_NET='192.1.2.0' PLUTO_PEER_CLIENT_MASK='255: | cmd( 640):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S: | cmd( 720):TACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+NEG: | cmd( 800):O_PASS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 880):+failurePASS' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: | cmd( 960):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': | cmd(1040): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: | cmd(1120):RED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ips: | cmd(1200):ec _updown 2>&1: "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. "private-or-clear#192.1.2.0/24": unroute-host output: Error: Peer netns reference is invalid. | flush revival: connection 'private-or-clear#192.1.2.0/24' wasn't on the list | stop processing: connection "private-or-clear#192.1.2.0/24" (in discard_connection() at connections.c:249) | start processing: connection "private-or-clear" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | flush revival: connection 'private-or-clear' wasn't on the list | stop processing: connection "private-or-clear" (in discard_connection() at connections.c:249) | start processing: connection "clear#192.1.2.253/32" 0.0.0.0 (in delete_connection() at connections.c:189) "clear#192.1.2.253/32" 0.0.0.0: deleting connection "clear#192.1.2.253/32" 0.0.0.0 instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'clear#192.1.2.253/32' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.2.253/32" is 0x17dfdf | priority calculation of connection "clear#192.1.2.253/32" is 0x17dfdf | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.253/32" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='192.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 S | popen cmd is 1022 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.25: | cmd( 80):3/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.253/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.2.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_C: | cmd( 640):ONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_G: | cmd( 720):OING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. | flush revival: connection 'clear#192.1.2.253/32' wasn't on the list | stop processing: connection "clear#192.1.2.253/32" 0.0.0.0 (in discard_connection() at connections.c:249) | start processing: connection "clear#192.1.3.253/32" 0.0.0.0 (in delete_connection() at connections.c:189) "clear#192.1.3.253/32" 0.0.0.0: deleting connection "clear#192.1.3.253/32" 0.0.0.0 instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'clear#192.1.3.253/32' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.3.253/32" is 0x17dfdf | priority calculation of connection "clear#192.1.3.253/32" is 0x17dfdf | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.253/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.253/32" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.253/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='192.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 S | popen cmd is 1022 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.25: | cmd( 80):3/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.253/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.3.253' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_C: | cmd( 640):ONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_G: | cmd( 720):OING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.253/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. | flush revival: connection 'clear#192.1.3.253/32' wasn't on the list | stop processing: connection "clear#192.1.3.253/32" 0.0.0.0 (in discard_connection() at connections.c:249) | start processing: connection "clear#192.1.3.254/32" 0.0.0.0 (in delete_connection() at connections.c:189) "clear#192.1.3.254/32" 0.0.0.0: deleting connection "clear#192.1.3.254/32" 0.0.0.0 instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'clear#192.1.3.254/32' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.3.254/32" is 0x17dfdf | priority calculation of connection "clear#192.1.3.254/32" is 0x17dfdf | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.3.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.3.254/32" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='192.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 S | popen cmd is 1022 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.3.25: | cmd( 80):4/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16420' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.3.254/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_C: | cmd( 640):ONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_G: | cmd( 720):OING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.3.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. | flush revival: connection 'clear#192.1.3.254/32' wasn't on the list | stop processing: connection "clear#192.1.3.254/32" 0.0.0.0 (in discard_connection() at connections.c:249) | start processing: connection "clear#192.1.2.254/32" 0.0.0.0 (in delete_connection() at connections.c:189) "clear#192.1.2.254/32" 0.0.0.0: deleting connection "clear#192.1.2.254/32" 0.0.0.0 instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'clear#192.1.2.254/32' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "clear#192.1.2.254/32" is 0x17dfdf | priority calculation of connection "clear#192.1.2.254/32" is 0x17dfdf | FOR_EACH_CONNECTION_... in route_owner | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear mark 0/00000000, 0/00000000 | conn clear#192.1.2.254/32 mark 0/00000000, 0/00000000 vs | conn clear-or-private mark 0/00000000, 0/00000000 | route owner of "clear#192.1.2.254/32" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.254/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='192.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 S | popen cmd is 1022 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='clear#192.1.2.25: | cmd( 80):4/32' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209': | cmd( 160): PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET=: | cmd( 240):'192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16416' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PL: | cmd( 400):UTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.1.2.254/32' PLUTO_PEER_CLIENT_NET='1: | cmd( 480):92.1.2.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_C: | cmd( 640):ONN_POLICY='AUTH_NEVER+GROUPINSTANCE+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_G: | cmd( 720):OING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. "clear#192.1.2.254/32" 0.0.0.0: unroute-host output: Error: Peer netns reference is invalid. | flush revival: connection 'clear#192.1.2.254/32' wasn't on the list | stop processing: connection "clear#192.1.2.254/32" 0.0.0.0 (in discard_connection() at connections.c:249) | start processing: connection "clear" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | flush revival: connection 'clear' wasn't on the list | stop processing: connection "clear" (in discard_connection() at connections.c:249) | start processing: connection "clear-or-private" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x563e9cc12ac8 | flush revival: connection 'clear-or-private' wasn't on the list | stop processing: connection "clear-or-private" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.1.3.209:4500 shutting down interface eth0/eth0 192.1.3.209:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x563e9cc152a8 | free_event_entry: release EVENT_NULL-pe@0x563e9cc118d8 | libevent_free: release ptr-libevent@0x563e9cbac568 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11988 | libevent_free: release ptr-libevent@0x563e9cbac618 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11a38 | libevent_free: release ptr-libevent@0x563e9cbab548 | free_event_entry: release EVENT_NULL-pe@0x563e9cc11ae8 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x563e9cc05d48 | free_event_entry: release EVENT_NULL-pe@0x563e9cbf9ee8 | libevent_free: release ptr-libevent@0x563e9cbf29e8 | free_event_entry: release EVENT_NULL-pe@0x563e9cbf9a48 | libevent_free: release ptr-libevent@0x563e9cbf2938 | free_event_entry: release EVENT_NULL-pe@0x563e9cbb3a18 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x563e9cbb7fe8 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x563e9cb256b8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x563e9cb3aa88 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x563e9cc114d8 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x563e9cc113a8 | libevent_free: release ptr-libevent@0x563e9cbf4308 | libevent_free: release ptr-libevent@0x563e9cbf42b8 | libevent_free: release ptr-libevent@0x563e9cbab828 | libevent_free: release ptr-libevent@0x563e9cbf4278 | libevent_free: release ptr-libevent@0x563e9cc11038 | libevent_free: release ptr-libevent@0x563e9cc112a8 | libevent_free: release ptr-libevent@0x563e9cbf44b8 | libevent_free: release ptr-libevent@0x563e9cbf9ab8 | libevent_free: release ptr-libevent@0x563e9cbf9718 | libevent_free: release ptr-libevent@0x563e9cc11b58 | libevent_free: release ptr-libevent@0x563e9cc11aa8 | libevent_free: release ptr-libevent@0x563e9cc119f8 | libevent_free: release ptr-libevent@0x563e9cc11948 | libevent_free: release ptr-libevent@0x563e9cb41818 | libevent_free: release ptr-libevent@0x563e9cc11328 | libevent_free: release ptr-libevent@0x563e9cc112e8 | libevent_free: release ptr-libevent@0x563e9cc111a8 | libevent_free: release ptr-libevent@0x563e9cc11368 | libevent_free: release ptr-libevent@0x563e9cc11078 | libevent_free: release ptr-libevent@0x563e9cbb9b78 | libevent_free: release ptr-libevent@0x563e9cbb9af8 | libevent_free: release ptr-libevent@0x563e9cb352f8 | releasing global libevent data | libevent_free: release ptr-libevent@0x563e9cbb9cf8 | libevent_free: release ptr-libevent@0x563e9cbb9c78 | libevent_free: release ptr-libevent@0x563e9cbb9bf8 leak: group instance name, item size: 30 leak: cloned from groupname, item size: 17 leak: group instance name, item size: 21 leak: cloned from groupname, item size: 6 leak: group instance name, item size: 21 leak: cloned from groupname, item size: 6 leak: group instance name, item size: 21 leak: cloned from groupname, item size: 6 leak: group instance name, item size: 21 leak: cloned from groupname, item size: 6 leak: policy group path, item size: 54 leak detective found 11 leaks, total size 209