Aug 26 18:24:12.719916: FIPS Product: YES Aug 26 18:24:12.720031: FIPS Kernel: NO Aug 26 18:24:12.720035: FIPS Mode: NO Aug 26 18:24:12.720038: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:12.720186: Initializing NSS Aug 26 18:24:12.720193: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:12.758195: NSS initialized Aug 26 18:24:12.758211: NSS crypto library initialized Aug 26 18:24:12.758214: FIPS HMAC integrity support [enabled] Aug 26 18:24:12.758217: FIPS mode disabled for pluto daemon Aug 26 18:24:12.807549: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:12.808045: libcap-ng support [enabled] Aug 26 18:24:12.808056: Linux audit support [enabled] Aug 26 18:24:12.808096: Linux audit activated Aug 26 18:24:12.808105: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:27866 Aug 26 18:24:12.808109: core dump dir: /tmp Aug 26 18:24:12.808112: secrets file: /etc/ipsec.secrets Aug 26 18:24:12.808114: leak-detective enabled Aug 26 18:24:12.808116: NSS crypto [enabled] Aug 26 18:24:12.808118: XAUTH PAM support [enabled] Aug 26 18:24:12.808193: | libevent is using pluto's memory allocator Aug 26 18:24:12.808201: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:12.808217: | libevent_malloc: new ptr-libevent@0x55814d4ea598 size 40 Aug 26 18:24:12.808226: | libevent_malloc: new ptr-libevent@0x55814d4b9cd8 size 40 Aug 26 18:24:12.808230: | libevent_malloc: new ptr-libevent@0x55814d4b9dd8 size 40 Aug 26 18:24:12.808233: | creating event base Aug 26 18:24:12.808238: | libevent_malloc: new ptr-libevent@0x55814d53c898 size 56 Aug 26 18:24:12.808244: | libevent_malloc: new ptr-libevent@0x55814d4e8d88 size 664 Aug 26 18:24:12.808256: | libevent_malloc: new ptr-libevent@0x55814d53c908 size 24 Aug 26 18:24:12.808260: | libevent_malloc: new ptr-libevent@0x55814d53c958 size 384 Aug 26 18:24:12.808271: | libevent_malloc: new ptr-libevent@0x55814d53c858 size 16 Aug 26 18:24:12.808275: | libevent_malloc: new ptr-libevent@0x55814d4b9908 size 40 Aug 26 18:24:12.808278: | libevent_malloc: new ptr-libevent@0x55814d4b9d38 size 48 Aug 26 18:24:12.808285: | libevent_realloc: new ptr-libevent@0x55814d4e8a18 size 256 Aug 26 18:24:12.808314: | libevent_malloc: new ptr-libevent@0x55814d53cb08 size 16 Aug 26 18:24:12.808326: | libevent_free: release ptr-libevent@0x55814d53c898 Aug 26 18:24:12.808331: | libevent initialized Aug 26 18:24:12.808336: | libevent_realloc: new ptr-libevent@0x55814d53c898 size 64 Aug 26 18:24:12.808343: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:12.808362: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:12.808366: NAT-Traversal support [enabled] Aug 26 18:24:12.808369: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:12.808376: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:12.808380: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:12.808414: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:12.808419: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:12.808423: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:12.808485: Encryption algorithms: Aug 26 18:24:12.808493: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:12.808498: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:12.808503: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:12.808507: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:12.808511: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:12.808522: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:12.808527: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:12.808532: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:12.808537: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:12.808541: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:12.808545: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:12.808550: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:12.808555: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:12.808560: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:12.808565: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:12.808569: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:12.808574: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:12.808583: Hash algorithms: Aug 26 18:24:12.808587: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:12.808591: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:12.808595: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:12.808599: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:12.808603: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:12.808622: PRF algorithms: Aug 26 18:24:12.808626: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:12.808630: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:12.808635: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:12.808639: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:12.808643: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:12.808647: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:12.808689: Integrity algorithms: Aug 26 18:24:12.808693: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:12.808698: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:12.808703: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:12.808709: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:12.808714: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:12.808718: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:12.808722: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:12.808726: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:12.808730: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:12.808748: DH algorithms: Aug 26 18:24:12.808752: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:12.808755: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:12.808759: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:12.808765: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:12.808769: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:12.808773: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:12.808776: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:12.808780: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:12.808785: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:12.808789: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:12.808792: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:12.808795: testing CAMELLIA_CBC: Aug 26 18:24:12.808798: Camellia: 16 bytes with 128-bit key Aug 26 18:24:12.808924: Camellia: 16 bytes with 128-bit key Aug 26 18:24:12.808957: Camellia: 16 bytes with 256-bit key Aug 26 18:24:12.808992: Camellia: 16 bytes with 256-bit key Aug 26 18:24:12.809024: testing AES_GCM_16: Aug 26 18:24:12.809028: empty string Aug 26 18:24:12.809057: one block Aug 26 18:24:12.809085: two blocks Aug 26 18:24:12.809114: two blocks with associated data Aug 26 18:24:12.809143: testing AES_CTR: Aug 26 18:24:12.809146: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:12.809176: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:12.809208: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:12.809241: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:12.809272: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:12.809325: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:12.809364: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:12.809394: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:12.809427: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:12.809460: testing AES_CBC: Aug 26 18:24:12.809463: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:12.809493: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:12.809526: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:12.809560: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:12.809602: testing AES_XCBC: Aug 26 18:24:12.809605: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:12.809727: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:12.809864: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:12.809996: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:12.810131: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:12.810263: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:12.810409: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:12.810691: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:12.810818: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:12.810965: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:12.811209: testing HMAC_MD5: Aug 26 18:24:12.811214: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:12.811401: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:12.811564: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:12.811794: 8 CPU cores online Aug 26 18:24:12.811799: starting up 7 crypto helpers Aug 26 18:24:12.811833: started thread for crypto helper 0 Aug 26 18:24:12.811857: started thread for crypto helper 1 Aug 26 18:24:12.811877: started thread for crypto helper 2 Aug 26 18:24:12.811896: started thread for crypto helper 3 Aug 26 18:24:12.811914: started thread for crypto helper 4 Aug 26 18:24:12.811936: started thread for crypto helper 5 Aug 26 18:24:12.811951: | starting up helper thread 3 Aug 26 18:24:12.811983: | starting up helper thread 2 Aug 26 18:24:12.811976: | starting up helper thread 5 Aug 26 18:24:12.811992: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:12.811998: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:12.812000: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:12.811992: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:12.812007: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:12.811972: started thread for crypto helper 6 Aug 26 18:24:12.812012: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:12.812016: | checking IKEv1 state table Aug 26 18:24:12.812025: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812029: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:12.812032: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812035: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:12.812038: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:12.812040: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:12.812042: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:12.812045: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:12.812047: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:12.812050: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:12.812052: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:12.812054: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:12.812057: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:12.812059: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:12.812061: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:12.812063: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:12.812065: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:12.812067: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:12.812070: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:12.812071: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:12.812074: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:12.812076: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812078: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:12.812081: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812083: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812086: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:12.812088: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812090: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:12.812092: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:12.812095: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:12.812097: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:12.812099: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:12.812101: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:12.812103: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812106: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:12.812108: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812110: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:12.812112: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:12.812115: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:12.812117: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:12.812120: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:12.812122: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:12.812125: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:12.812127: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812130: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:12.812132: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812135: | INFO: category: informational flags: 0: Aug 26 18:24:12.812137: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812140: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:12.812143: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812145: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:12.812151: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:12.812154: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:12.812156: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:12.812158: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:12.812161: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:12.812163: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:12.812166: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:12.812168: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:12.812171: | -> UNDEFINED EVENT_NULL Aug 26 18:24:12.812174: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:12.812176: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:12.812179: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:12.812181: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:12.812185: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:12.812187: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:12.812193: | checking IKEv2 state table Aug 26 18:24:12.812201: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:12.812204: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:12.812207: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812211: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:12.812214: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:12.812217: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:12.812220: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:12.812224: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:12.812227: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:12.812230: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:12.812233: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:12.812236: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:12.812239: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:12.812242: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:12.812245: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:12.812247: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:12.812250: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812253: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:12.812256: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:12.812259: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:12.812262: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:12.812265: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:12.812267: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:12.812270: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:12.812273: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:12.811936: | starting up helper thread 1 Aug 26 18:24:12.812280: | starting up helper thread 6 Aug 26 18:24:12.812276: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:12.812286: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:12.812324: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:12.812404: | starting up helper thread 4 Aug 26 18:24:12.812414: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:12.812417: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:12.812286: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:12.812631: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:12.812301: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:12.812642: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:12.812646: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:12.812649: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:12.812652: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:12.812655: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:12.812659: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:12.812661: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:12.812664: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:12.812668: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:12.812671: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:12.812674: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:12.812677: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:12.812680: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:12.812683: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:12.812686: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:12.812689: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:12.812693: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:12.812696: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:12.812699: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:12.812702: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:12.812719: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:12.813015: | starting up helper thread 0 Aug 26 18:24:12.813029: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:12.813033: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:12.813342: | Hard-wiring algorithms Aug 26 18:24:12.813354: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:12.813360: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:12.813364: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:12.813366: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:12.813369: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:12.813372: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:12.813375: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:12.813378: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:12.813381: | adding AES_CTR to kernel algorithm db Aug 26 18:24:12.813384: | adding AES_CBC to kernel algorithm db Aug 26 18:24:12.813386: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:12.813389: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:12.813392: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:12.813395: | adding NULL to kernel algorithm db Aug 26 18:24:12.813398: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:12.813401: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:12.813404: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:12.813407: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:12.813409: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:12.813412: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:12.813415: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:12.813418: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:12.813421: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:12.813423: | adding NONE to kernel algorithm db Aug 26 18:24:12.813456: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:12.813465: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:12.813467: | setup kernel fd callback Aug 26 18:24:12.813471: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55814d542118 Aug 26 18:24:12.813477: | libevent_malloc: new ptr-libevent@0x55814d525b18 size 128 Aug 26 18:24:12.813481: | libevent_malloc: new ptr-libevent@0x55814d541678 size 16 Aug 26 18:24:12.813488: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55814d541568 Aug 26 18:24:12.813491: | libevent_malloc: new ptr-libevent@0x55814d4ebf78 size 128 Aug 26 18:24:12.813494: | libevent_malloc: new ptr-libevent@0x55814d542068 size 16 Aug 26 18:24:12.813736: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:12.813746: selinux support is enabled. Aug 26 18:24:12.814416: | unbound context created - setting debug level to 5 Aug 26 18:24:12.814518: | /etc/hosts lookups activated Aug 26 18:24:12.814537: | /etc/resolv.conf usage activated Aug 26 18:24:12.814601: | outgoing-port-avoid set 0-65535 Aug 26 18:24:12.814631: | outgoing-port-permit set 32768-60999 Aug 26 18:24:12.814635: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:12.814639: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:12.814642: | Setting up events, loop start Aug 26 18:24:12.814646: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55814d5420a8 Aug 26 18:24:12.814650: | libevent_malloc: new ptr-libevent@0x55814d54e368 size 128 Aug 26 18:24:12.814654: | libevent_malloc: new ptr-libevent@0x55814d559678 size 16 Aug 26 18:24:12.814660: | libevent_realloc: new ptr-libevent@0x55814d5596b8 size 256 Aug 26 18:24:12.814663: | libevent_malloc: new ptr-libevent@0x55814d5597e8 size 8 Aug 26 18:24:12.814665: | libevent_realloc: new ptr-libevent@0x55814d4e92c8 size 144 Aug 26 18:24:12.814667: | libevent_malloc: new ptr-libevent@0x55814d4ed3f8 size 152 Aug 26 18:24:12.814670: | libevent_malloc: new ptr-libevent@0x55814d559828 size 16 Aug 26 18:24:12.814672: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:12.814674: | libevent_malloc: new ptr-libevent@0x55814d559868 size 8 Aug 26 18:24:12.814676: | libevent_malloc: new ptr-libevent@0x55814d5598a8 size 152 Aug 26 18:24:12.814678: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:12.814680: | libevent_malloc: new ptr-libevent@0x55814d559978 size 8 Aug 26 18:24:12.814682: | libevent_malloc: new ptr-libevent@0x55814d5599b8 size 152 Aug 26 18:24:12.814684: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:12.814687: | libevent_malloc: new ptr-libevent@0x55814d559a88 size 8 Aug 26 18:24:12.814690: | libevent_realloc: release ptr-libevent@0x55814d4e92c8 Aug 26 18:24:12.814693: | libevent_realloc: new ptr-libevent@0x55814d559ac8 size 256 Aug 26 18:24:12.814696: | libevent_malloc: new ptr-libevent@0x55814d559bf8 size 152 Aug 26 18:24:12.814699: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:12.814998: | created addconn helper (pid:28041) using fork+execve Aug 26 18:24:12.815015: | forked child 28041 Aug 26 18:24:12.815064: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:12.815082: listening for IKE messages Aug 26 18:24:12.815511: | Inspecting interface lo Aug 26 18:24:12.815523: | found lo with address 127.0.0.1 Aug 26 18:24:12.815527: | Inspecting interface eth0 Aug 26 18:24:12.815530: | found eth0 with address 192.0.2.254 Aug 26 18:24:12.815532: | Inspecting interface eth1 Aug 26 18:24:12.815535: | found eth1 with address 192.1.2.23 Aug 26 18:24:12.815619: Kernel supports NIC esp-hw-offload Aug 26 18:24:12.815627: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:24:12.815670: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:12.815674: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:12.815676: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:12.815698: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:24:12.815712: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:12.815715: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:12.815717: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:12.815734: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:12.815749: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:12.815751: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:12.815754: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:12.815821: | no interfaces to sort Aug 26 18:24:12.815826: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:12.815834: | add_fd_read_event_handler: new ethX-pe@0x55814d55a148 Aug 26 18:24:12.815837: | libevent_malloc: new ptr-libevent@0x55814d54e2b8 size 128 Aug 26 18:24:12.815840: | libevent_malloc: new ptr-libevent@0x55814d55a1b8 size 16 Aug 26 18:24:12.815846: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:12.815848: | add_fd_read_event_handler: new ethX-pe@0x55814d55a1f8 Aug 26 18:24:12.815851: | libevent_malloc: new ptr-libevent@0x55814d4ea1d8 size 128 Aug 26 18:24:12.815852: | libevent_malloc: new ptr-libevent@0x55814d55a268 size 16 Aug 26 18:24:12.815856: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:12.815857: | add_fd_read_event_handler: new ethX-pe@0x55814d55a2a8 Aug 26 18:24:12.815859: | libevent_malloc: new ptr-libevent@0x55814d4ec078 size 128 Aug 26 18:24:12.815861: | libevent_malloc: new ptr-libevent@0x55814d55a318 size 16 Aug 26 18:24:12.815864: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:12.815866: | add_fd_read_event_handler: new ethX-pe@0x55814d55a358 Aug 26 18:24:12.815868: | libevent_malloc: new ptr-libevent@0x55814d4e91c8 size 128 Aug 26 18:24:12.815870: | libevent_malloc: new ptr-libevent@0x55814d55a3c8 size 16 Aug 26 18:24:12.815874: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:12.815875: | add_fd_read_event_handler: new ethX-pe@0x55814d55a408 Aug 26 18:24:12.815878: | libevent_malloc: new ptr-libevent@0x55814d4ba4e8 size 128 Aug 26 18:24:12.815880: | libevent_malloc: new ptr-libevent@0x55814d55a478 size 16 Aug 26 18:24:12.815883: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:12.815885: | add_fd_read_event_handler: new ethX-pe@0x55814d55a4b8 Aug 26 18:24:12.815887: | libevent_malloc: new ptr-libevent@0x55814d4ba1d8 size 128 Aug 26 18:24:12.815888: | libevent_malloc: new ptr-libevent@0x55814d55a528 size 16 Aug 26 18:24:12.815891: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:12.815894: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:12.815896: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:12.815911: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:12.815919: | id type added to secret(0x55814d4b5c48) PKK_PSK: @east Aug 26 18:24:12.815922: | id type added to secret(0x55814d4b5c48) PKK_PSK: @west Aug 26 18:24:12.815925: | Processing PSK at line 1: passed Aug 26 18:24:12.815927: | certs and keys locked by 'process_secret' Aug 26 18:24:12.815929: | certs and keys unlocked by 'process_secret' Aug 26 18:24:12.815937: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:12.815943: | spent 0.885 milliseconds in whack Aug 26 18:24:12.853257: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:12.853280: listening for IKE messages Aug 26 18:24:12.853339: | Inspecting interface lo Aug 26 18:24:12.853350: | found lo with address 127.0.0.1 Aug 26 18:24:12.853354: | Inspecting interface eth0 Aug 26 18:24:12.853360: | found eth0 with address 192.0.2.254 Aug 26 18:24:12.853363: | Inspecting interface eth1 Aug 26 18:24:12.853367: | found eth1 with address 192.1.2.23 Aug 26 18:24:12.853432: | no interfaces to sort Aug 26 18:24:12.853447: | libevent_free: release ptr-libevent@0x55814d54e2b8 Aug 26 18:24:12.853451: | free_event_entry: release EVENT_NULL-pe@0x55814d55a148 Aug 26 18:24:12.853455: | add_fd_read_event_handler: new ethX-pe@0x55814d55a148 Aug 26 18:24:12.853458: | libevent_malloc: new ptr-libevent@0x55814d54e2b8 size 128 Aug 26 18:24:12.853467: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:12.853471: | libevent_free: release ptr-libevent@0x55814d4ea1d8 Aug 26 18:24:12.853474: | free_event_entry: release EVENT_NULL-pe@0x55814d55a1f8 Aug 26 18:24:12.853477: | add_fd_read_event_handler: new ethX-pe@0x55814d55a1f8 Aug 26 18:24:12.853480: | libevent_malloc: new ptr-libevent@0x55814d4ea1d8 size 128 Aug 26 18:24:12.853487: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:12.853491: | libevent_free: release ptr-libevent@0x55814d4ec078 Aug 26 18:24:12.853494: | free_event_entry: release EVENT_NULL-pe@0x55814d55a2a8 Aug 26 18:24:12.853497: | add_fd_read_event_handler: new ethX-pe@0x55814d55a2a8 Aug 26 18:24:12.853500: | libevent_malloc: new ptr-libevent@0x55814d4ec078 size 128 Aug 26 18:24:12.853505: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:12.853509: | libevent_free: release ptr-libevent@0x55814d4e91c8 Aug 26 18:24:12.853512: | free_event_entry: release EVENT_NULL-pe@0x55814d55a358 Aug 26 18:24:12.853515: | add_fd_read_event_handler: new ethX-pe@0x55814d55a358 Aug 26 18:24:12.853517: | libevent_malloc: new ptr-libevent@0x55814d4e91c8 size 128 Aug 26 18:24:12.853522: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:12.853526: | libevent_free: release ptr-libevent@0x55814d4ba4e8 Aug 26 18:24:12.853529: | free_event_entry: release EVENT_NULL-pe@0x55814d55a408 Aug 26 18:24:12.853532: | add_fd_read_event_handler: new ethX-pe@0x55814d55a408 Aug 26 18:24:12.853535: | libevent_malloc: new ptr-libevent@0x55814d4ba4e8 size 128 Aug 26 18:24:12.853540: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:12.853544: | libevent_free: release ptr-libevent@0x55814d4ba1d8 Aug 26 18:24:12.853547: | free_event_entry: release EVENT_NULL-pe@0x55814d55a4b8 Aug 26 18:24:12.853549: | add_fd_read_event_handler: new ethX-pe@0x55814d55a4b8 Aug 26 18:24:12.853552: | libevent_malloc: new ptr-libevent@0x55814d4ba1d8 size 128 Aug 26 18:24:12.853558: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:12.853561: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:12.853564: forgetting secrets Aug 26 18:24:12.853572: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:12.853586: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:12.853596: | id type added to secret(0x55814d4b5c48) PKK_PSK: @east Aug 26 18:24:12.853600: | id type added to secret(0x55814d4b5c48) PKK_PSK: @west Aug 26 18:24:12.853604: | Processing PSK at line 1: passed Aug 26 18:24:12.853607: | certs and keys locked by 'process_secret' Aug 26 18:24:12.853610: | certs and keys unlocked by 'process_secret' Aug 26 18:24:12.853620: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:12.853627: | spent 0.376 milliseconds in whack Aug 26 18:24:12.854015: | processing signal PLUTO_SIGCHLD Aug 26 18:24:12.854028: | waitpid returned pid 28041 (exited with status 0) Aug 26 18:24:12.854033: | reaped addconn helper child (status 0) Aug 26 18:24:12.854038: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:12.854043: | spent 0.0181 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:12.903481: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:12.903505: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:12.903509: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:12.903512: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:12.903515: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:12.903519: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:12.903527: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:12.903573: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:12.903576: | from whack: got --esp= Aug 26 18:24:12.903599: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:12.903602: | counting wild cards for @west is 0 Aug 26 18:24:12.903605: | counting wild cards for @east is 0 Aug 26 18:24:12.903611: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 18:24:12.903614: | new hp@0x55814d55c848 Aug 26 18:24:12.903617: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:12.903625: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:12.903636: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 18:24:12.903645: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:12.903653: | spent 0.478 milliseconds in whack Aug 26 18:24:12.971797: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:12.971986: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:12.971992: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:12.972036: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:12.972044: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:12.972050: | spent 0.261 milliseconds in whack Aug 26 18:24:16.028631: | spent 0.00333 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:16.028667: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 18:24:16.028673: | 5f 07 16 2b f7 b1 ca 64 00 00 00 00 00 00 00 00 Aug 26 18:24:16.028677: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:16.028679: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:16.028682: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:16.028685: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:16.028687: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:16.028690: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:16.028693: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:16.028695: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:16.028698: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:16.028701: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:16.028703: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:16.028706: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:16.028709: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:16.028712: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:16.028715: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:16.028717: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:16.028720: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:16.028723: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:16.028725: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:16.028728: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:16.028730: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:16.028733: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:16.028740: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:16.028743: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:16.028745: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:16.028747: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:16.028750: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:16.028752: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:16.028755: | 28 00 01 08 00 0e 00 00 68 bf 95 55 21 d1 8c 7a Aug 26 18:24:16.028758: | 7f 86 58 b5 6b 22 e8 a3 f8 12 9d 88 a9 d1 23 e4 Aug 26 18:24:16.028760: | ea 59 4d 87 3d a4 6f 6b a2 cf 65 a2 75 e8 cb 8c Aug 26 18:24:16.028763: | 0b 02 65 ac 02 b5 60 d8 25 36 2d a1 63 01 db 14 Aug 26 18:24:16.028765: | 10 4c 42 12 f1 bd c9 fb 1c 5a c0 b2 9d 5a b8 13 Aug 26 18:24:16.028768: | fe e0 57 85 f7 34 b6 6d 3f 9c 9f b9 59 8b e0 34 Aug 26 18:24:16.028771: | 7b a9 e8 47 c1 30 ab 43 91 a9 b5 f9 50 f2 e2 95 Aug 26 18:24:16.028773: | 13 6e d3 80 d9 67 dd 93 5f be a7 bd 31 f7 18 34 Aug 26 18:24:16.028776: | 70 19 2c 69 84 9d 61 8d c0 7a e1 e1 18 e3 2c 30 Aug 26 18:24:16.028778: | c6 7c a4 d1 19 fe 90 9e 96 2f 44 99 47 d3 5f 30 Aug 26 18:24:16.028781: | ca ba 01 96 8a 04 61 13 f4 c7 b6 11 f0 45 28 d3 Aug 26 18:24:16.028784: | c8 05 97 1c 51 8c 62 d8 e4 92 1b a3 0b 74 5b f8 Aug 26 18:24:16.028786: | 67 20 1e 91 f5 69 80 2d 19 3c 60 e5 75 28 23 d7 Aug 26 18:24:16.028789: | 09 ea 7f 60 11 74 92 ad 02 63 2e 2b b9 0b 1a 45 Aug 26 18:24:16.028791: | ab 7b 9b ad 08 f3 04 5a 21 07 93 4d 43 8d ac 20 Aug 26 18:24:16.028794: | c6 04 56 ca 98 c1 61 53 93 59 92 96 a9 67 a1 d3 Aug 26 18:24:16.028797: | 3c 74 69 e0 2c 37 fa ea 29 00 00 24 93 7e d2 0d Aug 26 18:24:16.028799: | 21 0f 6b 8f 24 b1 34 1b cb 05 67 ed 53 02 0f e4 Aug 26 18:24:16.028802: | 54 a0 b7 7f 1a 55 1b a0 8e c1 a7 7e 29 00 00 08 Aug 26 18:24:16.028804: | 00 00 40 2e 29 00 00 1c 00 00 40 04 aa fe 9a 48 Aug 26 18:24:16.028807: | 2e 5f 25 03 be 7a dc 84 d4 bd 3e 49 ef 92 ae 39 Aug 26 18:24:16.028809: | 00 00 00 1c 00 00 40 05 a6 8a 27 d6 65 ac f3 b2 Aug 26 18:24:16.028812: | e0 bc dc f4 c4 40 48 86 1c 1f 2b c9 Aug 26 18:24:16.028819: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 18:24:16.028825: | **parse ISAKMP Message: Aug 26 18:24:16.028828: | initiator cookie: Aug 26 18:24:16.028830: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.028833: | responder cookie: Aug 26 18:24:16.028835: | 00 00 00 00 00 00 00 00 Aug 26 18:24:16.028838: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:16.028842: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.028845: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:16.028848: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:16.028850: | Message ID: 0 (0x0) Aug 26 18:24:16.028853: | length: 828 (0x33c) Aug 26 18:24:16.028856: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:16.028860: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:24:16.028864: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:16.028867: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:16.028871: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:16.028873: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:16.028875: | flags: none (0x0) Aug 26 18:24:16.028877: | length: 436 (0x1b4) Aug 26 18:24:16.028880: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:24:16.028882: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:16.028885: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:16.028887: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:16.028889: | flags: none (0x0) Aug 26 18:24:16.028891: | length: 264 (0x108) Aug 26 18:24:16.028894: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.028899: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:16.028902: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:16.028904: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:16.028907: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.028910: | flags: none (0x0) Aug 26 18:24:16.028912: | length: 36 (0x24) Aug 26 18:24:16.028914: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:16.028917: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.028920: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.028922: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.028924: | flags: none (0x0) Aug 26 18:24:16.028927: | length: 8 (0x8) Aug 26 18:24:16.028929: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.028932: | SPI size: 0 (0x0) Aug 26 18:24:16.028935: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:16.028938: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:16.028940: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.028943: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.028946: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.028948: | flags: none (0x0) Aug 26 18:24:16.028951: | length: 28 (0x1c) Aug 26 18:24:16.028954: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.028956: | SPI size: 0 (0x0) Aug 26 18:24:16.028959: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:16.028962: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:16.028964: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.028967: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.028973: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.028977: | flags: none (0x0) Aug 26 18:24:16.028981: | length: 28 (0x1c) Aug 26 18:24:16.028984: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.028987: | SPI size: 0 (0x0) Aug 26 18:24:16.028991: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:16.028996: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:16.029001: | DDOS disabled and no cookie sent, continuing Aug 26 18:24:16.029008: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:16.029013: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:24:16.029017: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:16.029021: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:24:16.029024: | find_next_host_connection returns empty Aug 26 18:24:16.029029: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:16.029032: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:16.029035: | find_next_host_connection returns empty Aug 26 18:24:16.029039: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:24:16.029045: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:24:16.029050: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:24:16.029053: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:16.029056: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:24:16.029059: | find_next_host_connection returns empty Aug 26 18:24:16.029063: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:24:16.029066: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:16.029069: | find_next_host_connection returns empty Aug 26 18:24:16.029073: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 18:24:16.029081: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 18:24:16.029087: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:24:16.029090: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:24:16.029093: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:24:16.029096: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:16.029099: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:24:16.029102: | find_next_host_connection returns empty Aug 26 18:24:16.029105: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Aug 26 18:24:16.029134: | creating state object #1 at 0x55814d55e558 Aug 26 18:24:16.029139: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:16.029148: | pstats #1 ikev2.ike started Aug 26 18:24:16.029152: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:16.029156: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:24:16.029162: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:16.029173: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:16.029177: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:16.029182: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:16.029185: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:16.029190: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:16.029195: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:16.029198: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:24:16.029201: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:24:16.029204: | Now let's proceed with state specific processing Aug 26 18:24:16.029207: | calling processor Respond to IKE_SA_INIT Aug 26 18:24:16.029214: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:16.029218: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Aug 26 18:24:16.029230: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.029238: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.029243: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.029250: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.029254: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.029261: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.029265: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.029271: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.029286: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.029317: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:24:16.029322: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:16.029325: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:16.029328: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:16.029331: | local proposal 1 type DH has 8 transforms Aug 26 18:24:16.029334: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:16.029338: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:16.029340: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:16.029343: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:16.029346: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:16.029349: | local proposal 2 type DH has 8 transforms Aug 26 18:24:16.029351: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:16.029355: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:16.029358: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:16.029361: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:16.029364: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:16.029366: | local proposal 3 type DH has 8 transforms Aug 26 18:24:16.029369: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:16.029372: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:16.029375: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:16.029378: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:16.029381: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:16.029384: | local proposal 4 type DH has 8 transforms Aug 26 18:24:16.029387: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:16.029390: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:16.029394: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.029397: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.029400: | length: 100 (0x64) Aug 26 18:24:16.029403: | prop #: 1 (0x1) Aug 26 18:24:16.029405: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.029408: | spi size: 0 (0x0) Aug 26 18:24:16.029411: | # transforms: 11 (0xb) Aug 26 18:24:16.029415: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:16.029418: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029423: | length: 12 (0xc) Aug 26 18:24:16.029426: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.029429: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.029432: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.029435: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.029438: | length/value: 256 (0x100) Aug 26 18:24:16.029442: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:16.029446: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029454: | length: 8 (0x8) Aug 26 18:24:16.029457: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029459: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.029463: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:16.029467: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:24:16.029470: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:24:16.029474: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:24:16.029476: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029482: | length: 8 (0x8) Aug 26 18:24:16.029485: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029487: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.029490: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029496: | length: 8 (0x8) Aug 26 18:24:16.029498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029501: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.029505: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:16.029508: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:16.029512: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:16.029515: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:16.029518: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029523: | length: 8 (0x8) Aug 26 18:24:16.029526: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029529: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.029532: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029537: | length: 8 (0x8) Aug 26 18:24:16.029540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029542: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.029545: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029550: | length: 8 (0x8) Aug 26 18:24:16.029553: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029556: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.029559: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029564: | length: 8 (0x8) Aug 26 18:24:16.029567: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029570: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.029572: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029577: | length: 8 (0x8) Aug 26 18:24:16.029579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029582: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.029585: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029590: | length: 8 (0x8) Aug 26 18:24:16.029592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029595: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.029598: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029600: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.029605: | length: 8 (0x8) Aug 26 18:24:16.029607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029610: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.029614: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:16.029619: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:16.029623: | remote proposal 1 matches local proposal 1 Aug 26 18:24:16.029626: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.029629: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.029632: | length: 100 (0x64) Aug 26 18:24:16.029634: | prop #: 2 (0x2) Aug 26 18:24:16.029637: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.029639: | spi size: 0 (0x0) Aug 26 18:24:16.029642: | # transforms: 11 (0xb) Aug 26 18:24:16.029645: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.029647: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029652: | length: 12 (0xc) Aug 26 18:24:16.029654: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.029656: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.029659: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.029661: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.029663: | length/value: 128 (0x80) Aug 26 18:24:16.029666: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029670: | length: 8 (0x8) Aug 26 18:24:16.029672: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029675: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.029677: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029679: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029682: | length: 8 (0x8) Aug 26 18:24:16.029684: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029686: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.029689: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029694: | length: 8 (0x8) Aug 26 18:24:16.029697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029699: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.029702: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029708: | length: 8 (0x8) Aug 26 18:24:16.029710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029713: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.029716: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029721: | length: 8 (0x8) Aug 26 18:24:16.029724: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029727: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.029730: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029735: | length: 8 (0x8) Aug 26 18:24:16.029738: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029741: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.029744: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029749: | length: 8 (0x8) Aug 26 18:24:16.029752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029755: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.029758: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029768: | length: 8 (0x8) Aug 26 18:24:16.029771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029774: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.029777: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029784: | length: 8 (0x8) Aug 26 18:24:16.029786: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029789: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.029792: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029796: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.029798: | length: 8 (0x8) Aug 26 18:24:16.029801: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029804: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.029809: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:24:16.029812: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:24:16.029815: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.029817: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.029819: | length: 116 (0x74) Aug 26 18:24:16.029822: | prop #: 3 (0x3) Aug 26 18:24:16.029824: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.029826: | spi size: 0 (0x0) Aug 26 18:24:16.029828: | # transforms: 13 (0xd) Aug 26 18:24:16.029831: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.029833: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029838: | length: 12 (0xc) Aug 26 18:24:16.029840: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.029843: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.029846: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.029849: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.029851: | length/value: 256 (0x100) Aug 26 18:24:16.029855: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029860: | length: 8 (0x8) Aug 26 18:24:16.029863: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029866: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.029869: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029875: | length: 8 (0x8) Aug 26 18:24:16.029878: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.029881: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.029884: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029887: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029889: | length: 8 (0x8) Aug 26 18:24:16.029892: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.029895: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.029898: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029903: | length: 8 (0x8) Aug 26 18:24:16.029906: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.029908: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.029911: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029917: | length: 8 (0x8) Aug 26 18:24:16.029920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029923: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.029926: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029932: | length: 8 (0x8) Aug 26 18:24:16.029936: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029940: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.029943: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029948: | length: 8 (0x8) Aug 26 18:24:16.029950: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029953: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.029956: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029961: | length: 8 (0x8) Aug 26 18:24:16.029963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029966: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.029969: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029975: | length: 8 (0x8) Aug 26 18:24:16.029977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029980: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.029983: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.029988: | length: 8 (0x8) Aug 26 18:24:16.029991: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.029993: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.029996: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.029999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030001: | length: 8 (0x8) Aug 26 18:24:16.030004: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.030009: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030012: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.030014: | length: 8 (0x8) Aug 26 18:24:16.030016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030019: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.030023: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:16.030026: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:16.030029: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.030032: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.030035: | length: 116 (0x74) Aug 26 18:24:16.030037: | prop #: 4 (0x4) Aug 26 18:24:16.030040: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.030043: | spi size: 0 (0x0) Aug 26 18:24:16.030045: | # transforms: 13 (0xd) Aug 26 18:24:16.030049: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.030052: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030057: | length: 12 (0xc) Aug 26 18:24:16.030060: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.030062: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.030069: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.030074: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.030077: | length/value: 128 (0x80) Aug 26 18:24:16.030081: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030089: | length: 8 (0x8) Aug 26 18:24:16.030092: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.030095: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.030099: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030103: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030105: | length: 8 (0x8) Aug 26 18:24:16.030109: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.030114: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.030118: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030124: | length: 8 (0x8) Aug 26 18:24:16.030128: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.030131: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.030135: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030138: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030141: | length: 8 (0x8) Aug 26 18:24:16.030144: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.030147: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.030151: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030157: | length: 8 (0x8) Aug 26 18:24:16.030160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030163: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.030167: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030177: | length: 8 (0x8) Aug 26 18:24:16.030181: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030184: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.030187: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030193: | length: 8 (0x8) Aug 26 18:24:16.030195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030198: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.030201: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030207: | length: 8 (0x8) Aug 26 18:24:16.030210: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030213: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.030217: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030222: | length: 8 (0x8) Aug 26 18:24:16.030226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.030232: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030238: | length: 8 (0x8) Aug 26 18:24:16.030241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030244: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.030247: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.030252: | length: 8 (0x8) Aug 26 18:24:16.030255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030258: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.030261: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.030264: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.030267: | length: 8 (0x8) Aug 26 18:24:16.030270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.030273: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.030278: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:16.030282: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:16.030293: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:24:16.030305: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:24:16.030308: | converting proposal to internal trans attrs Aug 26 18:24:16.030314: | natd_hash: rcookie is zero Aug 26 18:24:16.030335: | natd_hash: hasher=0x55814ce26800(20) Aug 26 18:24:16.030338: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.030341: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:16.030344: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:16.030346: | natd_hash: port=500 Aug 26 18:24:16.030349: | natd_hash: hash= a6 8a 27 d6 65 ac f3 b2 e0 bc dc f4 c4 40 48 86 Aug 26 18:24:16.030351: | natd_hash: hash= 1c 1f 2b c9 Aug 26 18:24:16.030354: | natd_hash: rcookie is zero Aug 26 18:24:16.030361: | natd_hash: hasher=0x55814ce26800(20) Aug 26 18:24:16.030364: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.030366: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:16.030369: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:16.030371: | natd_hash: port=500 Aug 26 18:24:16.030374: | natd_hash: hash= aa fe 9a 48 2e 5f 25 03 be 7a dc 84 d4 bd 3e 49 Aug 26 18:24:16.030377: | natd_hash: hash= ef 92 ae 39 Aug 26 18:24:16.030380: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:16.030383: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:16.030385: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:16.030390: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Aug 26 18:24:16.030396: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:24:16.030400: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55814d55e138 Aug 26 18:24:16.030404: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:16.030409: | libevent_malloc: new ptr-libevent@0x55814d5608b8 size 128 Aug 26 18:24:16.030422: | #1 spent 1.18 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:24:16.030430: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.030434: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:16.030438: | suspending state #1 and saving MD Aug 26 18:24:16.030440: | #1 is busy; has a suspended MD Aug 26 18:24:16.030445: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:16.030449: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:16.030454: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:16.030459: | #1 spent 1.79 milliseconds in ikev2_process_packet() Aug 26 18:24:16.030464: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 18:24:16.030468: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:16.030471: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:16.030476: | spent 1.8 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:16.031144: | crypto helper 3 resuming Aug 26 18:24:16.031158: | crypto helper 3 starting work-order 1 for state #1 Aug 26 18:24:16.031164: | crypto helper 3 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:24:16.032155: | crypto helper 3 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000989 seconds Aug 26 18:24:16.032178: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:24:16.032183: | crypto helper 3 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:16.032187: | scheduling resume sending helper answer for #1 Aug 26 18:24:16.032192: | libevent_malloc: new ptr-libevent@0x7fc084002888 size 128 Aug 26 18:24:16.032203: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:16.032213: | processing resume sending helper answer for #1 Aug 26 18:24:16.032228: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 18:24:16.032233: | crypto helper 3 replies to request ID 1 Aug 26 18:24:16.032236: | calling continuation function 0x55814cd51b50 Aug 26 18:24:16.032240: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:24:16.032271: | **emit ISAKMP Message: Aug 26 18:24:16.032275: | initiator cookie: Aug 26 18:24:16.032278: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.032281: | responder cookie: Aug 26 18:24:16.032284: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.032287: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:16.032342: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.032345: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:16.032349: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:16.032352: | Message ID: 0 (0x0) Aug 26 18:24:16.032356: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:16.032360: | Emitting ikev2_proposal ... Aug 26 18:24:16.032363: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:16.032367: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.032370: | flags: none (0x0) Aug 26 18:24:16.032374: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:16.032378: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032382: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.032386: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.032389: | prop #: 1 (0x1) Aug 26 18:24:16.032392: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.032395: | spi size: 0 (0x0) Aug 26 18:24:16.032398: | # transforms: 3 (0x3) Aug 26 18:24:16.032402: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.032406: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.032409: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.032413: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.032416: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.032420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.032424: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.032428: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.032431: | length/value: 256 (0x100) Aug 26 18:24:16.032434: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.032438: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.032441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.032444: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.032447: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.032452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.032456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.032462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.032465: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.032469: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.032472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.032475: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.032480: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.032484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.032487: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.032491: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:24:16.032495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.032498: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:24:16.032502: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:16.032506: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:16.032510: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.032513: | flags: none (0x0) Aug 26 18:24:16.032516: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.032521: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:16.032525: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032529: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:16.032532: | ikev2 g^x b8 f6 3f 56 e5 3b 84 5b eb 9b e8 ca a2 d2 3c 1b Aug 26 18:24:16.032536: | ikev2 g^x 2b 67 f7 02 21 fc a9 1f 0b df 73 19 bc f8 dd 82 Aug 26 18:24:16.032539: | ikev2 g^x e8 a8 bc 95 10 98 4f b6 80 58 de ca ba a6 74 1c Aug 26 18:24:16.032542: | ikev2 g^x 97 01 d8 7f 7d 91 88 74 41 67 b4 5b ed 42 af 28 Aug 26 18:24:16.032545: | ikev2 g^x 4d 54 78 51 7f 5d f9 0c e9 ed 3d 64 09 ab 0e 7b Aug 26 18:24:16.032548: | ikev2 g^x 55 c4 ea 2c 04 49 42 45 70 89 a1 d3 1d a3 70 d8 Aug 26 18:24:16.032551: | ikev2 g^x e7 ab 7e 45 9c 33 dd 2a 26 bd 92 1f 24 2a ae 2b Aug 26 18:24:16.032554: | ikev2 g^x 6a de 94 a9 84 48 3c 77 3b ea 2a ef 11 d9 37 02 Aug 26 18:24:16.032557: | ikev2 g^x 86 7b c1 0e d4 48 40 5b 4c 04 00 c8 a8 3b bd 54 Aug 26 18:24:16.032560: | ikev2 g^x 35 51 3d b7 71 41 55 7c 70 af eb ff 65 88 20 3e Aug 26 18:24:16.032564: | ikev2 g^x b0 16 e0 4f 4d cc 0e c9 a0 60 01 f6 09 c5 1b f8 Aug 26 18:24:16.032567: | ikev2 g^x af 5d 7d 17 52 06 7c 39 e6 0b b4 b8 1f d0 17 99 Aug 26 18:24:16.032570: | ikev2 g^x 2e 5a be 87 e9 73 b3 cd 5f 4f 0d 71 7b 6f 1f 26 Aug 26 18:24:16.032573: | ikev2 g^x 80 46 77 c9 be e6 e5 4c a7 f0 ab 90 68 3b 01 00 Aug 26 18:24:16.032576: | ikev2 g^x 85 09 f0 52 94 00 2a dc bd 10 d8 a9 8a 31 03 9e Aug 26 18:24:16.032579: | ikev2 g^x b8 31 f3 41 d7 ef f1 93 b2 14 76 78 14 74 44 e9 Aug 26 18:24:16.032582: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:16.032586: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:16.032590: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.032593: | flags: none (0x0) Aug 26 18:24:16.032597: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:16.032601: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:16.032605: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032609: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:16.032615: | IKEv2 nonce 3e 38 51 73 a7 f8 5c fc 09 95 7c 43 03 fd fa 5d Aug 26 18:24:16.032618: | IKEv2 nonce fb 1a 24 d3 ed 48 92 a5 2d 67 4d 1c ab 8d c6 2b Aug 26 18:24:16.032621: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:16.032625: | Adding a v2N Payload Aug 26 18:24:16.032628: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.032631: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.032634: | flags: none (0x0) Aug 26 18:24:16.032637: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.032640: | SPI size: 0 (0x0) Aug 26 18:24:16.032644: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:16.032648: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.032652: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032656: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:16.032660: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:16.032672: | natd_hash: hasher=0x55814ce26800(20) Aug 26 18:24:16.032676: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.032679: | natd_hash: rcookie= 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.032682: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:16.032685: | natd_hash: port=500 Aug 26 18:24:16.032688: | natd_hash: hash= 1e a2 d2 9b 6a 2b e5 be a5 ca 81 09 68 f2 ea e1 Aug 26 18:24:16.032691: | natd_hash: hash= e1 91 ee 92 Aug 26 18:24:16.032694: | Adding a v2N Payload Aug 26 18:24:16.032697: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.032700: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.032703: | flags: none (0x0) Aug 26 18:24:16.032706: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.032709: | SPI size: 0 (0x0) Aug 26 18:24:16.032713: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:16.032717: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.032721: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032725: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:16.032728: | Notify data 1e a2 d2 9b 6a 2b e5 be a5 ca 81 09 68 f2 ea e1 Aug 26 18:24:16.032731: | Notify data e1 91 ee 92 Aug 26 18:24:16.032734: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:16.032740: | natd_hash: hasher=0x55814ce26800(20) Aug 26 18:24:16.032744: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.032747: | natd_hash: rcookie= 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.032750: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:16.032752: | natd_hash: port=500 Aug 26 18:24:16.032756: | natd_hash: hash= f9 3d 51 af e7 70 1d 17 c8 15 d5 41 0f 2b 15 8f Aug 26 18:24:16.032759: | natd_hash: hash= e6 48 94 dd Aug 26 18:24:16.032761: | Adding a v2N Payload Aug 26 18:24:16.032764: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.032768: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.032771: | flags: none (0x0) Aug 26 18:24:16.032774: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.032777: | SPI size: 0 (0x0) Aug 26 18:24:16.032780: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:16.032784: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.032788: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.032792: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:16.032795: | Notify data f9 3d 51 af e7 70 1d 17 c8 15 d5 41 0f 2b 15 8f Aug 26 18:24:16.032798: | Notify data e6 48 94 dd Aug 26 18:24:16.032801: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:16.032805: | emitting length of ISAKMP Message: 432 Aug 26 18:24:16.032815: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.032819: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:24:16.032823: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:24:16.032828: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:24:16.032832: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:16.032838: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:16.032844: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:16.032850: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:16.032856: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 18:24:16.032864: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:24:16.032871: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.032875: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:24:16.032878: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:16.032881: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:16.032884: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b8 f6 3f 56 Aug 26 18:24:16.032887: | e5 3b 84 5b eb 9b e8 ca a2 d2 3c 1b 2b 67 f7 02 Aug 26 18:24:16.032890: | 21 fc a9 1f 0b df 73 19 bc f8 dd 82 e8 a8 bc 95 Aug 26 18:24:16.032893: | 10 98 4f b6 80 58 de ca ba a6 74 1c 97 01 d8 7f Aug 26 18:24:16.032896: | 7d 91 88 74 41 67 b4 5b ed 42 af 28 4d 54 78 51 Aug 26 18:24:16.032899: | 7f 5d f9 0c e9 ed 3d 64 09 ab 0e 7b 55 c4 ea 2c Aug 26 18:24:16.032902: | 04 49 42 45 70 89 a1 d3 1d a3 70 d8 e7 ab 7e 45 Aug 26 18:24:16.032905: | 9c 33 dd 2a 26 bd 92 1f 24 2a ae 2b 6a de 94 a9 Aug 26 18:24:16.032908: | 84 48 3c 77 3b ea 2a ef 11 d9 37 02 86 7b c1 0e Aug 26 18:24:16.032911: | d4 48 40 5b 4c 04 00 c8 a8 3b bd 54 35 51 3d b7 Aug 26 18:24:16.032914: | 71 41 55 7c 70 af eb ff 65 88 20 3e b0 16 e0 4f Aug 26 18:24:16.032917: | 4d cc 0e c9 a0 60 01 f6 09 c5 1b f8 af 5d 7d 17 Aug 26 18:24:16.032920: | 52 06 7c 39 e6 0b b4 b8 1f d0 17 99 2e 5a be 87 Aug 26 18:24:16.032923: | e9 73 b3 cd 5f 4f 0d 71 7b 6f 1f 26 80 46 77 c9 Aug 26 18:24:16.032926: | be e6 e5 4c a7 f0 ab 90 68 3b 01 00 85 09 f0 52 Aug 26 18:24:16.032929: | 94 00 2a dc bd 10 d8 a9 8a 31 03 9e b8 31 f3 41 Aug 26 18:24:16.032932: | d7 ef f1 93 b2 14 76 78 14 74 44 e9 29 00 00 24 Aug 26 18:24:16.032935: | 3e 38 51 73 a7 f8 5c fc 09 95 7c 43 03 fd fa 5d Aug 26 18:24:16.032938: | fb 1a 24 d3 ed 48 92 a5 2d 67 4d 1c ab 8d c6 2b Aug 26 18:24:16.032941: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:16.032944: | 1e a2 d2 9b 6a 2b e5 be a5 ca 81 09 68 f2 ea e1 Aug 26 18:24:16.032947: | e1 91 ee 92 00 00 00 1c 00 00 40 05 f9 3d 51 af Aug 26 18:24:16.032950: | e7 70 1d 17 c8 15 d5 41 0f 2b 15 8f e6 48 94 dd Aug 26 18:24:16.032974: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:16.032980: | libevent_free: release ptr-libevent@0x55814d5608b8 Aug 26 18:24:16.032984: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55814d55e138 Aug 26 18:24:16.032988: | event_schedule: new EVENT_SO_DISCARD-pe@0x55814d55e138 Aug 26 18:24:16.032993: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:24:16.032997: | libevent_malloc: new ptr-libevent@0x55814d5619c8 size 128 Aug 26 18:24:16.033002: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:16.033009: | #1 spent 0.73 milliseconds in resume sending helper answer Aug 26 18:24:16.033018: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 18:24:16.033022: | libevent_free: release ptr-libevent@0x7fc084002888 Aug 26 18:24:16.037899: | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:16.037924: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 18:24:16.037928: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.037931: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 18:24:16.037933: | 59 d8 5d cc 41 84 87 18 1d 4e 87 d9 93 8e 8c 31 Aug 26 18:24:16.037936: | 56 d2 1f 12 e1 8f 45 14 a7 37 f2 3c 6f 7e 97 ef Aug 26 18:24:16.037938: | 15 6c 57 42 93 fc d3 20 a7 45 bc cd 50 a1 38 1b Aug 26 18:24:16.037941: | 7a 52 54 a4 59 e1 55 af 3e a1 f5 54 15 ab e4 e2 Aug 26 18:24:16.037943: | ea ed 7b e5 61 38 3b 5f 95 18 27 14 b7 5a 88 fe Aug 26 18:24:16.037946: | 63 35 cd 7a b7 95 05 24 93 f8 d6 b1 ca a4 05 51 Aug 26 18:24:16.037948: | 1e 5a c3 2b f8 21 73 cf 25 30 32 8b 51 51 58 86 Aug 26 18:24:16.037951: | 5a 56 df 3e c9 49 8e ff 84 6a e7 72 51 0b c2 3e Aug 26 18:24:16.037953: | e3 1c df cd a7 05 7c 90 1a b8 18 e5 3d 2f c9 0d Aug 26 18:24:16.037956: | d3 d1 ba 77 06 ba 42 60 34 14 45 15 7a 94 d1 36 Aug 26 18:24:16.037958: | 00 4a 0b 9e 82 ab 6c ca f3 c4 b8 fb 13 c3 3b c8 Aug 26 18:24:16.037961: | 97 0e 75 bd 79 5a 58 8e 6b 44 88 ac 74 fc 76 1d Aug 26 18:24:16.037964: | 16 6e 03 37 60 83 a8 88 b9 4a 25 95 7b c5 ce d1 Aug 26 18:24:16.037966: | a8 1a e4 81 f5 50 71 8d 40 85 dc cd 01 d4 6a 41 Aug 26 18:24:16.037969: | 28 8f 79 39 62 30 0c 5d 10 09 40 65 c6 56 ba 45 Aug 26 18:24:16.037971: | b3 a7 90 e2 2a 31 05 4b 2c ad 38 c3 72 1d 9f f1 Aug 26 18:24:16.037974: | ed d4 3b bf bc 1b 1d ab e5 e1 c0 66 22 9d 30 8a Aug 26 18:24:16.037976: | b7 0a 5b 25 99 e4 df 6f 2e 8d 92 56 97 d2 ed a0 Aug 26 18:24:16.037979: | 37 10 c4 e3 f8 88 d8 59 f4 fd ce e1 66 53 0b f6 Aug 26 18:24:16.037981: | f0 ab 5e 97 bf 8c 88 1a 4d 54 d8 a8 f8 5e d9 05 Aug 26 18:24:16.037984: | c0 21 db 17 ea 39 47 f4 fd f7 8c cd da Aug 26 18:24:16.037989: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 18:24:16.037993: | **parse ISAKMP Message: Aug 26 18:24:16.037996: | initiator cookie: Aug 26 18:24:16.037999: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.038001: | responder cookie: Aug 26 18:24:16.038004: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.038007: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:16.038010: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.038013: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:16.038015: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:16.038018: | Message ID: 1 (0x1) Aug 26 18:24:16.038021: | length: 365 (0x16d) Aug 26 18:24:16.038024: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:16.038028: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:16.038032: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:16.038038: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:16.038042: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:16.038047: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:16.038050: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:16.038054: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 18:24:16.038057: | unpacking clear payload Aug 26 18:24:16.038060: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:16.038063: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:16.038068: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:16.038071: | flags: none (0x0) Aug 26 18:24:16.038074: | length: 337 (0x151) Aug 26 18:24:16.038076: | processing payload: ISAKMP_NEXT_v2SK (len=333) Aug 26 18:24:16.038081: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:16.038084: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:16.038088: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:16.038091: | Now let's proceed with state specific processing Aug 26 18:24:16.038093: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:16.038097: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 18:24:16.038101: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:16.038106: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 18:24:16.038109: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:24:16.038112: | libevent_free: release ptr-libevent@0x55814d5619c8 Aug 26 18:24:16.038116: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55814d55e138 Aug 26 18:24:16.038119: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55814d55e138 Aug 26 18:24:16.038123: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:16.038126: | libevent_malloc: new ptr-libevent@0x7fc084002888 size 128 Aug 26 18:24:16.038137: | #1 spent 0.0384 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 18:24:16.038143: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.038148: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:16.038151: | suspending state #1 and saving MD Aug 26 18:24:16.038153: | #1 is busy; has a suspended MD Aug 26 18:24:16.038158: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:16.038162: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:16.038167: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:16.038171: | #1 spent 0.257 milliseconds in ikev2_process_packet() Aug 26 18:24:16.038175: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 18:24:16.038178: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:16.038181: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:16.038185: | spent 0.272 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:16.038198: | crypto helper 2 resuming Aug 26 18:24:16.038203: | crypto helper 2 starting work-order 2 for state #1 Aug 26 18:24:16.038208: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 18:24:16.039200: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:16.039635: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001427 seconds Aug 26 18:24:16.039648: | (#1) spent 1.41 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 18:24:16.039652: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:16.039655: | scheduling resume sending helper answer for #1 Aug 26 18:24:16.039659: | libevent_malloc: new ptr-libevent@0x7fc07c000f48 size 128 Aug 26 18:24:16.039668: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:16.039680: | processing resume sending helper answer for #1 Aug 26 18:24:16.039695: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 18:24:16.039704: | crypto helper 2 replies to request ID 2 Aug 26 18:24:16.039708: | calling continuation function 0x55814cd51b50 Aug 26 18:24:16.039712: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 18:24:16.039716: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:16.039736: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:16.039740: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 18:24:16.039745: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 18:24:16.039748: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:16.039752: | flags: none (0x0) Aug 26 18:24:16.039755: | length: 12 (0xc) Aug 26 18:24:16.039758: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.039761: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 18:24:16.039764: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:16.039768: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:16.039771: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:16.039774: | flags: none (0x0) Aug 26 18:24:16.039777: | length: 12 (0xc) Aug 26 18:24:16.039780: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.039783: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:24:16.039786: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:16.039789: | **parse IKEv2 Authentication Payload: Aug 26 18:24:16.039792: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:16.039795: | flags: none (0x0) Aug 26 18:24:16.039798: | length: 72 (0x48) Aug 26 18:24:16.039801: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:16.039804: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:24:16.039807: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:16.039810: | **parse IKEv2 Security Association Payload: Aug 26 18:24:16.039813: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:16.039816: | flags: none (0x0) Aug 26 18:24:16.039819: | length: 164 (0xa4) Aug 26 18:24:16.039822: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 18:24:16.039825: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:16.039828: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:16.039831: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:16.039834: | flags: none (0x0) Aug 26 18:24:16.039836: | length: 24 (0x18) Aug 26 18:24:16.039840: | number of TS: 1 (0x1) Aug 26 18:24:16.039843: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:16.039846: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:16.039849: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:16.039851: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.039854: | flags: none (0x0) Aug 26 18:24:16.039857: | length: 24 (0x18) Aug 26 18:24:16.039860: | number of TS: 1 (0x1) Aug 26 18:24:16.039863: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:16.039866: | selected state microcode Responder: process IKE_AUTH request Aug 26 18:24:16.039869: | Now let's proceed with state specific processing Aug 26 18:24:16.039872: | calling processor Responder: process IKE_AUTH request Aug 26 18:24:16.039879: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 18:24:16.039887: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:16.039892: | received IDr payload - extracting our alleged ID Aug 26 18:24:16.039896: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:16.039901: | match_id a=@west Aug 26 18:24:16.039904: | b=@west Aug 26 18:24:16.039907: | results matched Aug 26 18:24:16.039912: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 18:24:16.039917: | Warning: not switching back to template of current instance Aug 26 18:24:16.039921: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 18:24:16.039924: | This connection's local id is @east (ID_FQDN) Aug 26 18:24:16.039928: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Aug 26 18:24:16.039933: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.039936: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.039940: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:24:16.039944: | 1: compared key @west to @east / @west -> 004 Aug 26 18:24:16.039948: | 2: compared key @east to @east / @west -> 014 Aug 26 18:24:16.039951: | line 1: match=014 Aug 26 18:24:16.039954: | match 014 beats previous best_match 000 match=0x55814d4b5c48 (line=1) Aug 26 18:24:16.039958: | concluding with best_match=014 best=0x55814d4b5c48 (lineno=1) Aug 26 18:24:16.039960: | returning because exact peer id match Aug 26 18:24:16.039964: | offered CA: '%none' Aug 26 18:24:16.039968: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Aug 26 18:24:16.039992: | verifying AUTH payload Aug 26 18:24:16.039998: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 18:24:16.040002: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.040005: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.040008: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:24:16.040012: | 1: compared key @west to @east / @west -> 004 Aug 26 18:24:16.040015: | 2: compared key @east to @east / @west -> 014 Aug 26 18:24:16.040018: | line 1: match=014 Aug 26 18:24:16.040021: | match 014 beats previous best_match 000 match=0x55814d4b5c48 (line=1) Aug 26 18:24:16.040024: | concluding with best_match=014 best=0x55814d4b5c48 (lineno=1) Aug 26 18:24:16.040091: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Aug 26 18:24:16.040098: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 18:24:16.040104: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:16.040108: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:16.040112: | libevent_free: release ptr-libevent@0x7fc084002888 Aug 26 18:24:16.040117: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55814d55e138 Aug 26 18:24:16.040120: | event_schedule: new EVENT_SA_REKEY-pe@0x55814d55e138 Aug 26 18:24:16.040124: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 18:24:16.040128: | libevent_malloc: new ptr-libevent@0x55814d5619c8 size 128 Aug 26 18:24:16.042159: | pstats #1 ikev2.ike established Aug 26 18:24:16.042178: | **emit ISAKMP Message: Aug 26 18:24:16.042182: | initiator cookie: Aug 26 18:24:16.042185: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.042188: | responder cookie: Aug 26 18:24:16.042190: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.042194: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:16.042197: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.042201: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:16.042205: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:16.042208: | Message ID: 1 (0x1) Aug 26 18:24:16.042211: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:16.042215: | IKEv2 CERT: send a certificate? Aug 26 18:24:16.042219: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:24:16.042223: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:16.042226: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.042228: | flags: none (0x0) Aug 26 18:24:16.042230: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:16.042235: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.042238: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:16.042250: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:16.042273: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:16.042276: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.042277: | flags: none (0x0) Aug 26 18:24:16.042279: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.042282: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:16.042284: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.042286: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 18:24:16.042293: | my identity 65 61 73 74 Aug 26 18:24:16.042297: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:24:16.042308: | assembled IDr payload Aug 26 18:24:16.042310: | CHILD SA proposals received Aug 26 18:24:16.042313: | going to assemble AUTH payload Aug 26 18:24:16.042316: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:16.042319: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:16.042321: | flags: none (0x0) Aug 26 18:24:16.042324: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:16.042326: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:24:16.042329: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:16.042332: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.042335: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 18:24:16.042340: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.042343: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:24:16.042346: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:24:16.042348: | 1: compared key @west to @east / @west -> 004 Aug 26 18:24:16.042350: | 2: compared key @east to @east / @west -> 014 Aug 26 18:24:16.042352: | line 1: match=014 Aug 26 18:24:16.042354: | match 014 beats previous best_match 000 match=0x55814d4b5c48 (line=1) Aug 26 18:24:16.042356: | concluding with best_match=014 best=0x55814d4b5c48 (lineno=1) Aug 26 18:24:16.042410: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:24:16.042416: | PSK auth bd 63 eb 6a 55 a3 64 aa f5 d9 95 76 71 96 e0 a0 Aug 26 18:24:16.042418: | PSK auth ea 7f 26 c2 9e 9f d7 05 7b e2 ba 39 c4 f4 a1 42 Aug 26 18:24:16.042420: | PSK auth 1e ba 73 20 75 55 9d de b9 8a dc 7f a3 85 34 23 Aug 26 18:24:16.042423: | PSK auth a5 e2 af 05 d8 8b 77 c2 dc 98 8c 8e 63 af 0b f4 Aug 26 18:24:16.042425: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:24:16.042430: | creating state object #2 at 0x55814d562528 Aug 26 18:24:16.042434: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:16.042438: | pstats #2 ikev2.child started Aug 26 18:24:16.042442: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 18:24:16.042448: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:16.042456: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:16.042461: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:16.042467: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:16.042471: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 18:24:16.042474: | TSi: parsing 1 traffic selectors Aug 26 18:24:16.042478: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:16.042481: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.042484: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.042486: | length: 16 (0x10) Aug 26 18:24:16.042489: | start port: 0 (0x0) Aug 26 18:24:16.042492: | end port: 65535 (0xffff) Aug 26 18:24:16.042494: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:16.042497: | TS low c0 00 01 00 Aug 26 18:24:16.042499: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:16.042502: | TS high c0 00 01 ff Aug 26 18:24:16.042504: | TSi: parsed 1 traffic selectors Aug 26 18:24:16.042507: | TSr: parsing 1 traffic selectors Aug 26 18:24:16.042509: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:16.042511: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.042514: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.042516: | length: 16 (0x10) Aug 26 18:24:16.042518: | start port: 0 (0x0) Aug 26 18:24:16.042520: | end port: 65535 (0xffff) Aug 26 18:24:16.042522: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:16.042524: | TS low c0 00 02 00 Aug 26 18:24:16.042527: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:16.042529: | TS high c0 00 02 ff Aug 26 18:24:16.042531: | TSr: parsed 1 traffic selectors Aug 26 18:24:16.042533: | looking for best SPD in current connection Aug 26 18:24:16.042539: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:16.042544: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.042550: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:24:16.042553: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:16.042556: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:16.042559: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:16.042562: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.042566: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.042572: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:16.042575: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:16.042578: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:16.042581: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:16.042584: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.042586: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:16.042589: | found better spd route for TSi[0],TSr[0] Aug 26 18:24:16.042591: | looking for better host pair Aug 26 18:24:16.042597: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:24:16.042602: | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found Aug 26 18:24:16.042605: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Aug 26 18:24:16.042608: | match_id a=@west Aug 26 18:24:16.042610: | b=@west Aug 26 18:24:16.042613: | results matched Aug 26 18:24:16.042618: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:16.042623: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.042629: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:24:16.042632: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:16.042635: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:16.042640: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:16.042643: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.042647: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.042652: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:16.042656: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:16.042658: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:16.042661: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:16.042664: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.042667: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:16.042670: | did not find a better connection using host pair Aug 26 18:24:16.042673: | printing contents struct traffic_selector Aug 26 18:24:16.042675: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:16.042678: | ipprotoid: 0 Aug 26 18:24:16.042680: | port range: 0-65535 Aug 26 18:24:16.042684: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:16.042686: | printing contents struct traffic_selector Aug 26 18:24:16.042689: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:16.042691: | ipprotoid: 0 Aug 26 18:24:16.042694: | port range: 0-65535 Aug 26 18:24:16.042698: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:24:16.042703: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 18:24:16.042712: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:16.042719: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:16.042722: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:16.042726: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:16.042730: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:16.042735: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.042738: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:16.042742: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.042751: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.042755: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:24:16.042759: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:16.042761: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:16.042764: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:16.042767: | local proposal 1 type DH has 1 transforms Aug 26 18:24:16.042769: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:16.042773: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:16.042775: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:16.042778: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:16.042781: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:16.042783: | local proposal 2 type DH has 1 transforms Aug 26 18:24:16.042786: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:16.042789: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:16.042792: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:16.042795: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:16.042798: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:16.042802: | local proposal 3 type DH has 1 transforms Aug 26 18:24:16.042805: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:16.042808: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:16.042811: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:16.042813: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:16.042816: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:16.042819: | local proposal 4 type DH has 1 transforms Aug 26 18:24:16.042822: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:16.042825: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:16.042828: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.042831: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.042834: | length: 32 (0x20) Aug 26 18:24:16.042837: | prop #: 1 (0x1) Aug 26 18:24:16.042840: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.042842: | spi size: 4 (0x4) Aug 26 18:24:16.042845: | # transforms: 2 (0x2) Aug 26 18:24:16.042849: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:16.042852: | remote SPI 12 b3 08 5d Aug 26 18:24:16.042856: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:16.042859: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.042862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.042865: | length: 12 (0xc) Aug 26 18:24:16.042867: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.042870: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.042873: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.042876: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.042879: | length/value: 256 (0x100) Aug 26 18:24:16.042884: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:16.042887: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.042891: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.042893: | length: 8 (0x8) Aug 26 18:24:16.042896: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.042899: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.042904: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:16.042908: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:24:16.042911: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:24:16.042915: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:24:16.042919: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:16.042923: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:16.042927: | remote proposal 1 matches local proposal 1 Aug 26 18:24:16.042930: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.042933: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.042936: | length: 32 (0x20) Aug 26 18:24:16.042939: | prop #: 2 (0x2) Aug 26 18:24:16.042942: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.042944: | spi size: 4 (0x4) Aug 26 18:24:16.042947: | # transforms: 2 (0x2) Aug 26 18:24:16.042950: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:16.042953: | remote SPI 12 b3 08 5d Aug 26 18:24:16.042957: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.042960: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.042963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.042965: | length: 12 (0xc) Aug 26 18:24:16.042968: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.042973: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.042976: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.042979: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.042982: | length/value: 128 (0x80) Aug 26 18:24:16.042985: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.042988: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.042990: | length: 8 (0x8) Aug 26 18:24:16.042993: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.042995: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.042999: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 18:24:16.043003: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 18:24:16.043006: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.043008: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.043010: | length: 48 (0x30) Aug 26 18:24:16.043012: | prop #: 3 (0x3) Aug 26 18:24:16.043015: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.043018: | spi size: 4 (0x4) Aug 26 18:24:16.043020: | # transforms: 4 (0x4) Aug 26 18:24:16.043024: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:16.043026: | remote SPI 12 b3 08 5d Aug 26 18:24:16.043029: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.043032: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043037: | length: 12 (0xc) Aug 26 18:24:16.043040: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.043042: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.043045: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.043048: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.043050: | length/value: 256 (0x100) Aug 26 18:24:16.043053: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043058: | length: 8 (0x8) Aug 26 18:24:16.043061: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.043063: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.043067: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043072: | length: 8 (0x8) Aug 26 18:24:16.043075: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.043077: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.043080: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043083: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.043085: | length: 8 (0x8) Aug 26 18:24:16.043088: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.043091: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.043095: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:16.043098: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:16.043101: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.043104: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.043107: | length: 48 (0x30) Aug 26 18:24:16.043109: | prop #: 4 (0x4) Aug 26 18:24:16.043112: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.043114: | spi size: 4 (0x4) Aug 26 18:24:16.043117: | # transforms: 4 (0x4) Aug 26 18:24:16.043120: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:16.043123: | remote SPI 12 b3 08 5d Aug 26 18:24:16.043126: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:16.043129: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043136: | length: 12 (0xc) Aug 26 18:24:16.043139: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.043142: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.043145: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.043148: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.043151: | length/value: 128 (0x80) Aug 26 18:24:16.043154: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043159: | length: 8 (0x8) Aug 26 18:24:16.043163: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.043166: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.043169: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043174: | length: 8 (0x8) Aug 26 18:24:16.043177: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.043180: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.043183: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043186: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.043188: | length: 8 (0x8) Aug 26 18:24:16.043191: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.043194: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.043198: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:16.043202: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:16.043208: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=12b3085d;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:24:16.043214: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=12b3085d;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:16.043217: | converting proposal to internal trans attrs Aug 26 18:24:16.043241: | netlink_get_spi: allocated 0x94dbdd87 for esp.0@192.1.2.23 Aug 26 18:24:16.043245: | Emitting ikev2_proposal ... Aug 26 18:24:16.043249: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:16.043252: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.043255: | flags: none (0x0) Aug 26 18:24:16.043258: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:16.043261: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.043265: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.043268: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.043271: | prop #: 1 (0x1) Aug 26 18:24:16.043274: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.043276: | spi size: 4 (0x4) Aug 26 18:24:16.043279: | # transforms: 2 (0x2) Aug 26 18:24:16.043282: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.043286: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:16.043298: | our spi 94 db dd 87 Aug 26 18:24:16.043302: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043307: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.043311: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.043314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.043317: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.043320: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.043325: | length/value: 256 (0x100) Aug 26 18:24:16.043328: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.043331: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.043334: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.043336: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.043339: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.043342: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.043345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.043348: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.043350: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:16.043353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.043356: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 18:24:16.043359: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:16.043362: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:16.043365: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.043367: | flags: none (0x0) Aug 26 18:24:16.043370: | number of TS: 1 (0x1) Aug 26 18:24:16.043374: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:16.043377: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.043380: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:16.043383: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.043385: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.043388: | start port: 0 (0x0) Aug 26 18:24:16.043390: | end port: 65535 (0xffff) Aug 26 18:24:16.043394: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:16.043397: | ipv4 start c0 00 01 00 Aug 26 18:24:16.043399: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:16.043402: | ipv4 end c0 00 01 ff Aug 26 18:24:16.043404: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:16.043407: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:16.043409: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:16.043412: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.043415: | flags: none (0x0) Aug 26 18:24:16.043417: | number of TS: 1 (0x1) Aug 26 18:24:16.043421: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:16.043424: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.043427: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:16.043429: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.043432: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.043435: | start port: 0 (0x0) Aug 26 18:24:16.043437: | end port: 65535 (0xffff) Aug 26 18:24:16.043440: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:16.043443: | ipv4 start c0 00 02 00 Aug 26 18:24:16.043446: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:16.043448: | ipv4 end c0 00 02 ff Aug 26 18:24:16.043450: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:16.043453: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:16.043456: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:16.043461: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:16.043638: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:24:16.043650: | #1 spent 2.57 milliseconds Aug 26 18:24:16.043654: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:16.043657: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 18:24:16.043661: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:16.043664: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:16.043667: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:16.043671: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:16.043675: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:16.043679: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:16.043682: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:16.043685: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:16.043689: | setting IPsec SA replay-window to 32 Aug 26 18:24:16.043692: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:24:16.043695: | netlink: enabling tunnel mode Aug 26 18:24:16.043698: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:16.043701: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:16.043777: | netlink response for Add SA esp.12b3085d@192.1.2.45 included non-error error Aug 26 18:24:16.043783: | set up outgoing SA, ref=0/0 Aug 26 18:24:16.043786: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:16.043790: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:16.043793: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:16.043795: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:16.043799: | setting IPsec SA replay-window to 32 Aug 26 18:24:16.043802: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:24:16.043805: | netlink: enabling tunnel mode Aug 26 18:24:16.043808: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:16.043811: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:16.043850: | netlink response for Add SA esp.94dbdd87@192.1.2.23 included non-error error Aug 26 18:24:16.043856: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:16.043863: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:16.043867: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:16.043891: | raw_eroute result=success Aug 26 18:24:16.043895: | set up incoming SA, ref=0/0 Aug 26 18:24:16.043898: | sr for #2: unrouted Aug 26 18:24:16.043902: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:16.043905: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:16.043908: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:16.043911: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:16.043915: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:16.043919: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:16.043923: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:16.043930: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Aug 26 18:24:16.043934: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:16.043948: | raw_eroute result=success Aug 26 18:24:16.043952: | running updown command "ipsec _updown" for verb up Aug 26 18:24:16.043955: | command executing up-client Aug 26 18:24:16.043984: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Aug 26 18:24:16.043992: | popen cmd is 1046 chars long Aug 26 18:24:16.043995: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 18:24:16.043998: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Aug 26 18:24:16.044002: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 18:24:16.044005: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 18:24:16.044008: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Aug 26 18:24:16.044011: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Aug 26 18:24:16.044013: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:16.044016: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 18:24:16.044019: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 18:24:16.044022: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 18:24:16.044025: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 18:24:16.044028: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 18:24:16.044031: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x12b3085d SPI_OUT=0x94dbdd87 ipsec _updow: Aug 26 18:24:16.044033: | cmd(1040):n 2>&1: Aug 26 18:24:16.055580: | route_and_eroute: firewall_notified: true Aug 26 18:24:16.055598: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:16.055602: | command executing prepare-client Aug 26 18:24:16.055634: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 18:24:16.055640: | popen cmd is 1051 chars long Aug 26 18:24:16.055643: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:16.055647: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 18:24:16.055654: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:24:16.055657: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:24:16.055661: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Aug 26 18:24:16.055664: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 18:24:16.055667: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 18:24:16.055669: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 18:24:16.055672: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 18:24:16.055675: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 18:24:16.055678: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 18:24:16.055681: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 18:24:16.055684: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x12b3085d SPI_OUT=0x94dbdd87 ipsec _: Aug 26 18:24:16.055687: | cmd(1040):updown 2>&1: Aug 26 18:24:16.068198: | running updown command "ipsec _updown" for verb route Aug 26 18:24:16.068221: | command executing route-client Aug 26 18:24:16.068256: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 18:24:16.068262: | popen cmd is 1049 chars long Aug 26 18:24:16.068265: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:24:16.068268: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Aug 26 18:24:16.068272: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 18:24:16.068275: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 18:24:16.068278: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Aug 26 18:24:16.068281: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:24:16.068284: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:24:16.068287: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:24:16.068332: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 18:24:16.068336: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 18:24:16.068339: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 18:24:16.068342: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 18:24:16.068350: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x12b3085d SPI_OUT=0x94dbdd87 ipsec _up: Aug 26 18:24:16.068353: | cmd(1040):down 2>&1: Aug 26 18:24:16.084498: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55814d55abe8,sr=0x55814d55abe8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:16.084599: | #1 spent 2 milliseconds in install_ipsec_sa() Aug 26 18:24:16.084609: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:16.084613: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:16.084618: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:16.084624: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:16.084626: | emitting length of IKEv2 Encryption Payload: 197 Aug 26 18:24:16.084629: | emitting length of ISAKMP Message: 225 Aug 26 18:24:16.084664: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 18:24:16.084670: | #1 spent 4.65 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 18:24:16.084679: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.084686: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.084691: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 18:24:16.084695: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 18:24:16.084699: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 18:24:16.084703: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:16.084709: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:16.084715: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:24:16.084718: | pstats #2 ikev2.child established Aug 26 18:24:16.084728: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 18:24:16.084733: | NAT-T: encaps is 'auto' Aug 26 18:24:16.084739: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x12b3085d <0x94dbdd87 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:16.084745: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 18:24:16.084754: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:24:16.084757: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.084759: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 18:24:16.084762: | f2 14 f5 a2 b2 a8 2c b8 f6 d1 d0 c6 2f 54 0c 86 Aug 26 18:24:16.084765: | 81 25 78 f9 f4 e0 d8 25 a8 d8 ff 20 fd 29 c0 15 Aug 26 18:24:16.084767: | 67 6c e2 06 78 7a d6 4e 5a 4f ac aa 29 ef 0b 3d Aug 26 18:24:16.084770: | 94 a8 6e b9 12 43 19 70 50 25 57 5b 64 aa ef d4 Aug 26 18:24:16.084773: | 33 a4 56 53 63 ed 3a 39 04 79 20 d3 6e 35 ed ce Aug 26 18:24:16.084775: | 91 4e 02 1f 2c ce 76 cb c8 5a 01 3d ff 5d f0 8c Aug 26 18:24:16.084778: | e9 f0 64 e9 df 79 6c 61 b3 93 01 c7 1b a3 49 cf Aug 26 18:24:16.084781: | a5 35 76 3a 68 b2 68 9e 83 67 f2 63 90 49 86 3c Aug 26 18:24:16.084783: | 96 36 d9 8c fa 55 cc 8d 8d d6 a0 1a e0 03 87 fb Aug 26 18:24:16.084786: | 88 71 01 90 91 7f 21 14 4e 2c 91 72 94 c9 07 1b Aug 26 18:24:16.084789: | 79 e5 92 c9 a6 88 8e 29 06 ac f2 52 66 99 25 b4 Aug 26 18:24:16.084794: | 04 b8 3b fe 1e 7b ae 9f da 84 06 e4 8b 0b 2b 74 Aug 26 18:24:16.084796: | aa Aug 26 18:24:16.084844: | releasing whack for #2 (sock=fd@-1) Aug 26 18:24:16.084849: | releasing whack and unpending for parent #1 Aug 26 18:24:16.084852: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:16.084857: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:16.084861: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc084002b78 Aug 26 18:24:16.084865: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 18:24:16.084869: | libevent_malloc: new ptr-libevent@0x55814d562478 size 128 Aug 26 18:24:16.084885: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:16.084892: | #1 spent 5.02 milliseconds in resume sending helper answer Aug 26 18:24:16.084898: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 18:24:16.084903: | libevent_free: release ptr-libevent@0x7fc07c000f48 Aug 26 18:24:16.084918: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.084924: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.084929: | spent 0.00511 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:16.084932: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.084935: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.084939: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:16.084942: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.084946: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.084950: | spent 0.00391 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:17.678753: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:17.678964: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:17.678971: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:17.679035: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:17.679041: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:17.679055: | get_sa_info esp.94dbdd87@192.1.2.23 Aug 26 18:24:17.679072: | get_sa_info esp.12b3085d@192.1.2.45 Aug 26 18:24:17.679097: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:17.679105: | spent 0.36 milliseconds in whack Aug 26 18:24:18.812593: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:18.812615: shutting down Aug 26 18:24:18.812623: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:18.812631: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:18.812634: forgetting secrets Aug 26 18:24:18.812642: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:18.812647: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 18:24:18.812650: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:18.812652: | pass 0 Aug 26 18:24:18.812654: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:18.812657: | state #2 Aug 26 18:24:18.812661: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:18.812667: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:18.812670: | pstats #2 ikev2.child deleted completed Aug 26 18:24:18.812675: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 18:24:18.812679: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_R) aged 2.770s and sending notification Aug 26 18:24:18.812683: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:24:18.812692: | get_sa_info esp.12b3085d@192.1.2.45 Aug 26 18:24:18.812971: | get_sa_info esp.94dbdd87@192.1.2.23 Aug 26 18:24:18.812982: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:18.812987: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:24:18.812991: | Opening output PBS informational exchange delete request Aug 26 18:24:18.812994: | **emit ISAKMP Message: Aug 26 18:24:18.812998: | initiator cookie: Aug 26 18:24:18.813001: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.813004: | responder cookie: Aug 26 18:24:18.813006: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813010: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:18.813013: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.813015: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.813017: | flags: none (0x0) Aug 26 18:24:18.813019: | Message ID: 0 (0x0) Aug 26 18:24:18.813021: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:18.813024: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:18.813026: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.813027: | flags: none (0x0) Aug 26 18:24:18.813030: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:18.813031: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:18.813034: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:18.813047: | ****emit IKEv2 Delete Payload: Aug 26 18:24:18.813049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.813051: | flags: none (0x0) Aug 26 18:24:18.813053: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:18.813054: | SPI size: 4 (0x4) Aug 26 18:24:18.813056: | number of SPIs: 1 (0x1) Aug 26 18:24:18.813058: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:18.813060: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:18.813062: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:24:18.813064: | local spis 94 db dd 87 Aug 26 18:24:18.813066: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:18.813068: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:18.813070: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:18.813072: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:18.813074: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:18.813075: | emitting length of ISAKMP Message: 69 Aug 26 18:24:18.813095: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Aug 26 18:24:18.813098: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813099: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:18.813101: | ef ee 28 79 39 df ab d9 8c 62 5c bc e4 a3 9c 3b Aug 26 18:24:18.813102: | ec 08 23 06 62 ad 42 90 b6 98 72 75 46 37 19 ec Aug 26 18:24:18.813104: | 4e df fa 29 18 Aug 26 18:24:18.813398: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 18:24:18.813408: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 18:24:18.813414: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:18.813417: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:18.813422: | libevent_free: release ptr-libevent@0x55814d562478 Aug 26 18:24:18.813425: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc084002b78 Aug 26 18:24:18.813575: | running updown command "ipsec _updown" for verb down Aug 26 18:24:18.813581: | command executing down-client Aug 26 18:24:18.813610: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843856' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 18:24:18.813615: | popen cmd is 1057 chars long Aug 26 18:24:18.813619: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 18:24:18.813621: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.: Aug 26 18:24:18.813624: | cmd( 160):1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 18:24:18.813627: | cmd( 240):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 18:24:18.813630: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO: Aug 26 18:24:18.813633: | cmd( 400):_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1: Aug 26 18:24:18.813636: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:18.813639: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843856' PLUTO_CO: Aug 26 18:24:18.813642: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Aug 26 18:24:18.813645: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 18:24:18.813648: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 18:24:18.813650: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 18:24:18.813653: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x12b3085d SPI_OUT=0x94dbdd87 i: Aug 26 18:24:18.813656: | cmd(1040):psec _updown 2>&1: Aug 26 18:24:18.826534: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:18.826550: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:18.826555: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.826560: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:18.826601: | delete esp.12b3085d@192.1.2.45 Aug 26 18:24:18.826623: | netlink response for Del SA esp.12b3085d@192.1.2.45 included non-error error Aug 26 18:24:18.826627: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.826635: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:18.826656: | raw_eroute result=success Aug 26 18:24:18.826661: | delete esp.94dbdd87@192.1.2.23 Aug 26 18:24:18.826671: | netlink response for Del SA esp.94dbdd87@192.1.2.23 included non-error error Aug 26 18:24:18.826683: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:18.826688: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:18.826694: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:18.826698: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 18:24:18.826705: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:24:18.826716: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 18:24:18.826731: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:18.826734: | state #1 Aug 26 18:24:18.826737: | pass 1 Aug 26 18:24:18.826740: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:18.826742: | state #1 Aug 26 18:24:18.826747: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:18.826751: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:18.826759: | #1 spent 10.2 milliseconds in total Aug 26 18:24:18.826764: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 18:24:18.826769: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_PARENT_R2) aged 2.797s and sending notification Aug 26 18:24:18.826772: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 18:24:18.826820: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 18:24:18.826825: | Opening output PBS informational exchange delete request Aug 26 18:24:18.826828: | **emit ISAKMP Message: Aug 26 18:24:18.826832: | initiator cookie: Aug 26 18:24:18.826834: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.826837: | responder cookie: Aug 26 18:24:18.826840: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.826843: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:18.826846: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.826849: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.826853: | flags: none (0x0) Aug 26 18:24:18.826856: | Message ID: 1 (0x1) Aug 26 18:24:18.826859: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:18.826863: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:18.826866: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.826869: | flags: none (0x0) Aug 26 18:24:18.826872: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:18.826875: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:18.826879: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:18.826894: | ****emit IKEv2 Delete Payload: Aug 26 18:24:18.826897: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.826900: | flags: none (0x0) Aug 26 18:24:18.826903: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:18.826906: | SPI size: 0 (0x0) Aug 26 18:24:18.826908: | number of SPIs: 0 (0x0) Aug 26 18:24:18.826912: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:18.826915: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:18.826918: | emitting length of IKEv2 Delete Payload: 8 Aug 26 18:24:18.826921: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:18.826924: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:18.826928: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:18.826931: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 18:24:18.826933: | emitting length of ISAKMP Message: 65 Aug 26 18:24:18.826961: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:24:18.826967: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.826970: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:24:18.826973: | 8a 25 2c aa 97 ca b8 50 8a 3b 90 a9 e9 61 f5 59 Aug 26 18:24:18.826975: | 79 d1 93 43 a0 42 2c 59 ff a3 ca 97 a5 a1 44 f9 Aug 26 18:24:18.826977: | 01 Aug 26 18:24:18.827020: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 18:24:18.827025: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 18:24:18.827030: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Aug 26 18:24:18.827037: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Aug 26 18:24:18.827040: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:18.827049: | libevent_free: release ptr-libevent@0x55814d5619c8 Aug 26 18:24:18.827053: | free_event_entry: release EVENT_SA_REKEY-pe@0x55814d55e138 Aug 26 18:24:18.827058: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:18.827061: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:18.827064: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 18:24:18.827068: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:18.827102: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 18:24:18.827132: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:18.827137: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:18.827140: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:18.827143: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.827162: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.827173: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:18.827177: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:18.827180: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:18.827184: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 18:24:18.827187: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:18.827189: | command executing unroute-client Aug 26 18:24:18.827217: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Aug 26 18:24:18.827221: | popen cmd is 1038 chars long Aug 26 18:24:18.827224: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:18.827227: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 18:24:18.827232: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:24:18.827235: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:24:18.827237: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' P: Aug 26 18:24:18.827240: | cmd( 400):LUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 18:24:18.827243: | cmd( 480):.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 18:24:18.827245: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 18:24:18.827248: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 18:24:18.827251: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:24:18.827254: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:24:18.827256: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:24:18.827259: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:18.840458: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840511: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840545: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840578: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840611: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840644: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840680: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840715: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840748: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840781: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840811: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840844: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840877: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840907: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840939: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.840969: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841002: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841034: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841066: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841099: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841131: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841165: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841196: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841227: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841514: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.841527: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:18.855845: | free hp@0x55814d55c848 Aug 26 18:24:18.855864: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list Aug 26 18:24:18.855868: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:18.855885: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:18.855887: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:18.855898: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:18.855902: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:18.855909: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:18.855912: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:24:18.855914: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:18.855917: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:24:18.855921: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:18.855933: | libevent_free: release ptr-libevent@0x55814d54e2b8 Aug 26 18:24:18.855936: | free_event_entry: release EVENT_NULL-pe@0x55814d55a148 Aug 26 18:24:18.855951: | libevent_free: release ptr-libevent@0x55814d4ea1d8 Aug 26 18:24:18.855955: | free_event_entry: release EVENT_NULL-pe@0x55814d55a1f8 Aug 26 18:24:18.855965: | libevent_free: release ptr-libevent@0x55814d4ec078 Aug 26 18:24:18.855968: | free_event_entry: release EVENT_NULL-pe@0x55814d55a2a8 Aug 26 18:24:18.855975: | libevent_free: release ptr-libevent@0x55814d4e91c8 Aug 26 18:24:18.855978: | free_event_entry: release EVENT_NULL-pe@0x55814d55a358 Aug 26 18:24:18.855985: | libevent_free: release ptr-libevent@0x55814d4ba4e8 Aug 26 18:24:18.855988: | free_event_entry: release EVENT_NULL-pe@0x55814d55a408 Aug 26 18:24:18.855995: | libevent_free: release ptr-libevent@0x55814d4ba1d8 Aug 26 18:24:18.855998: | free_event_entry: release EVENT_NULL-pe@0x55814d55a4b8 Aug 26 18:24:18.856003: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:18.856495: | libevent_free: release ptr-libevent@0x55814d54e368 Aug 26 18:24:18.856508: | free_event_entry: release EVENT_NULL-pe@0x55814d5420a8 Aug 26 18:24:18.856515: | libevent_free: release ptr-libevent@0x55814d4ebf78 Aug 26 18:24:18.856520: | free_event_entry: release EVENT_NULL-pe@0x55814d541568 Aug 26 18:24:18.856526: | libevent_free: release ptr-libevent@0x55814d525b18 Aug 26 18:24:18.856529: | free_event_entry: release EVENT_NULL-pe@0x55814d542118 Aug 26 18:24:18.856534: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:18.856537: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:18.856540: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:18.856542: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:18.856545: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:18.856547: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:18.856550: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:18.856552: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:18.856555: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:18.856560: | libevent_free: release ptr-libevent@0x55814d4ed3f8 Aug 26 18:24:18.856563: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:18.856566: | libevent_free: release ptr-libevent@0x55814d5598a8 Aug 26 18:24:18.856569: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:18.856572: | libevent_free: release ptr-libevent@0x55814d5599b8 Aug 26 18:24:18.856574: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:18.856577: | libevent_free: release ptr-libevent@0x55814d559bf8 Aug 26 18:24:18.856580: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:18.856582: | releasing event base Aug 26 18:24:18.856596: | libevent_free: release ptr-libevent@0x55814d559ac8 Aug 26 18:24:18.856600: | libevent_free: release ptr-libevent@0x55814d53c958 Aug 26 18:24:18.856604: | libevent_free: release ptr-libevent@0x55814d53c908 Aug 26 18:24:18.856608: | libevent_free: release ptr-libevent@0x55814d53c898 Aug 26 18:24:18.856611: | libevent_free: release ptr-libevent@0x55814d53c858 Aug 26 18:24:18.856614: | libevent_free: release ptr-libevent@0x55814d559678 Aug 26 18:24:18.856617: | libevent_free: release ptr-libevent@0x55814d559828 Aug 26 18:24:18.856620: | libevent_free: release ptr-libevent@0x55814d53cb08 Aug 26 18:24:18.856623: | libevent_free: release ptr-libevent@0x55814d541678 Aug 26 18:24:18.856625: | libevent_free: release ptr-libevent@0x55814d542068 Aug 26 18:24:18.856628: | libevent_free: release ptr-libevent@0x55814d55a528 Aug 26 18:24:18.856631: | libevent_free: release ptr-libevent@0x55814d55a478 Aug 26 18:24:18.856637: | libevent_free: release ptr-libevent@0x55814d55a3c8 Aug 26 18:24:18.856640: | libevent_free: release ptr-libevent@0x55814d55a318 Aug 26 18:24:18.856642: | libevent_free: release ptr-libevent@0x55814d55a268 Aug 26 18:24:18.856645: | libevent_free: release ptr-libevent@0x55814d55a1b8 Aug 26 18:24:18.856647: | libevent_free: release ptr-libevent@0x55814d4e8a18 Aug 26 18:24:18.856650: | libevent_free: release ptr-libevent@0x55814d559978 Aug 26 18:24:18.856653: | libevent_free: release ptr-libevent@0x55814d559868 Aug 26 18:24:18.856655: | libevent_free: release ptr-libevent@0x55814d5597e8 Aug 26 18:24:18.856658: | libevent_free: release ptr-libevent@0x55814d559a88 Aug 26 18:24:18.856660: | libevent_free: release ptr-libevent@0x55814d5596b8 Aug 26 18:24:18.856663: | libevent_free: release ptr-libevent@0x55814d4b9908 Aug 26 18:24:18.856666: | libevent_free: release ptr-libevent@0x55814d4b9d38 Aug 26 18:24:18.856669: | libevent_free: release ptr-libevent@0x55814d4e8d88 Aug 26 18:24:18.856671: | releasing global libevent data Aug 26 18:24:18.856674: | libevent_free: release ptr-libevent@0x55814d4ea598 Aug 26 18:24:18.856677: | libevent_free: release ptr-libevent@0x55814d4b9cd8 Aug 26 18:24:18.856680: | libevent_free: release ptr-libevent@0x55814d4b9dd8 Aug 26 18:24:18.856719: leak detective found no leaks