Aug 26 18:24:15.632346: FIPS Product: YES Aug 26 18:24:15.632472: FIPS Kernel: NO Aug 26 18:24:15.632475: FIPS Mode: NO Aug 26 18:24:15.632478: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:15.632644: Initializing NSS Aug 26 18:24:15.632652: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:15.670412: NSS initialized Aug 26 18:24:15.670429: NSS crypto library initialized Aug 26 18:24:15.670432: FIPS HMAC integrity support [enabled] Aug 26 18:24:15.670435: FIPS mode disabled for pluto daemon Aug 26 18:24:15.717085: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:15.718619: libcap-ng support [enabled] Aug 26 18:24:15.718640: Linux audit support [enabled] Aug 26 18:24:15.718667: Linux audit activated Aug 26 18:24:15.718675: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:485 Aug 26 18:24:15.718679: core dump dir: /tmp Aug 26 18:24:15.718682: secrets file: /etc/ipsec.secrets Aug 26 18:24:15.718685: leak-detective enabled Aug 26 18:24:15.718687: NSS crypto [enabled] Aug 26 18:24:15.718689: XAUTH PAM support [enabled] Aug 26 18:24:15.718767: | libevent is using pluto's memory allocator Aug 26 18:24:15.718776: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:15.718793: | libevent_malloc: new ptr-libevent@0x55af5b393188 size 40 Aug 26 18:24:15.718802: | libevent_malloc: new ptr-libevent@0x55af5b38dcd8 size 40 Aug 26 18:24:15.718806: | libevent_malloc: new ptr-libevent@0x55af5b38ddd8 size 40 Aug 26 18:24:15.718809: | creating event base Aug 26 18:24:15.718813: | libevent_malloc: new ptr-libevent@0x55af5b410b28 size 56 Aug 26 18:24:15.718819: | libevent_malloc: new ptr-libevent@0x55af5b3bcf48 size 664 Aug 26 18:24:15.718831: | libevent_malloc: new ptr-libevent@0x55af5b410b98 size 24 Aug 26 18:24:15.718835: | libevent_malloc: new ptr-libevent@0x55af5b410be8 size 384 Aug 26 18:24:15.718846: | libevent_malloc: new ptr-libevent@0x55af5b410ae8 size 16 Aug 26 18:24:15.718849: | libevent_malloc: new ptr-libevent@0x55af5b38d908 size 40 Aug 26 18:24:15.718852: | libevent_malloc: new ptr-libevent@0x55af5b38dd38 size 48 Aug 26 18:24:15.718859: | libevent_realloc: new ptr-libevent@0x55af5b3bda48 size 256 Aug 26 18:24:15.718865: | libevent_malloc: new ptr-libevent@0x55af5b410d98 size 16 Aug 26 18:24:15.718871: | libevent_free: release ptr-libevent@0x55af5b410b28 Aug 26 18:24:15.718876: | libevent initialized Aug 26 18:24:15.718880: | libevent_realloc: new ptr-libevent@0x55af5b410b28 size 64 Aug 26 18:24:15.718884: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:15.718904: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:15.718908: NAT-Traversal support [enabled] Aug 26 18:24:15.718911: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:15.718917: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:15.718921: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:15.718954: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:15.718959: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:15.718963: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:15.719011: Encryption algorithms: Aug 26 18:24:15.719021: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:15.719025: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:15.719030: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:15.719033: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:15.719037: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:15.719047: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:15.719052: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:15.719056: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:15.719060: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:15.719064: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:15.719068: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:15.719072: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:15.719075: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:15.719079: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:15.719085: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:15.719089: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:15.719093: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:15.719100: Hash algorithms: Aug 26 18:24:15.719104: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:15.719107: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:15.719110: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:15.719114: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:15.719117: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:15.719131: PRF algorithms: Aug 26 18:24:15.719134: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:15.719138: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:15.719141: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:15.719145: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:15.719149: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:15.719152: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:15.719179: Integrity algorithms: Aug 26 18:24:15.719183: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:15.719188: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:15.719192: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:15.719196: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:15.719201: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:15.719204: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:15.719208: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:15.719212: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:15.719215: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:15.719228: DH algorithms: Aug 26 18:24:15.719231: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:15.719235: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:15.719238: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:15.719244: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:15.719247: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:15.719250: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:15.719254: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:15.719257: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:15.719260: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:15.719264: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:15.719267: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:15.719270: testing CAMELLIA_CBC: Aug 26 18:24:15.719273: Camellia: 16 bytes with 128-bit key Aug 26 18:24:15.719410: Camellia: 16 bytes with 128-bit key Aug 26 18:24:15.719446: Camellia: 16 bytes with 256-bit key Aug 26 18:24:15.719480: Camellia: 16 bytes with 256-bit key Aug 26 18:24:15.719510: testing AES_GCM_16: Aug 26 18:24:15.719514: empty string Aug 26 18:24:15.719544: one block Aug 26 18:24:15.719571: two blocks Aug 26 18:24:15.719915: two blocks with associated data Aug 26 18:24:15.719946: testing AES_CTR: Aug 26 18:24:15.719950: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:15.719979: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:15.720009: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:15.720038: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:15.720068: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:15.720096: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:15.720123: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:15.720149: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:15.720178: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:15.720209: testing AES_CBC: Aug 26 18:24:15.720214: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:15.720243: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:15.720276: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:15.720312: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:15.720352: testing AES_XCBC: Aug 26 18:24:15.720357: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:15.720480: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:15.720617: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:15.720749: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:15.720884: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:15.721251: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:15.721427: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:15.721748: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:15.721882: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:15.724406: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:15.724667: testing HMAC_MD5: Aug 26 18:24:15.724672: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:15.724856: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:15.725011: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:15.725255: 8 CPU cores online Aug 26 18:24:15.725260: starting up 7 crypto helpers Aug 26 18:24:15.725295: started thread for crypto helper 0 Aug 26 18:24:15.725307: | starting up helper thread 0 Aug 26 18:24:15.725321: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:15.725325: | starting up helper thread 1 Aug 26 18:24:15.725336: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:15.725329: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:15.725354: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:15.725321: started thread for crypto helper 1 Aug 26 18:24:15.727328: started thread for crypto helper 2 Aug 26 18:24:15.727352: started thread for crypto helper 3 Aug 26 18:24:15.727373: started thread for crypto helper 4 Aug 26 18:24:15.727378: | starting up helper thread 4 Aug 26 18:24:15.727390: started thread for crypto helper 5 Aug 26 18:24:15.727391: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:15.727397: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:15.727408: started thread for crypto helper 6 Aug 26 18:24:15.727411: | starting up helper thread 6 Aug 26 18:24:15.727424: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:15.727427: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:15.727611: | starting up helper thread 5 Aug 26 18:24:15.727620: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:15.727623: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:15.727701: | starting up helper thread 2 Aug 26 18:24:15.727712: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:15.727715: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:15.727413: | checking IKEv1 state table Aug 26 18:24:15.727747: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727750: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:15.727753: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727756: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:15.727759: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:15.727762: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:15.727764: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:15.727767: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:15.727769: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:15.727772: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:15.727774: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:15.727777: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:15.727780: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:15.727782: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:15.727785: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:15.727787: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:15.727790: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:15.727792: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:15.727795: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:15.727797: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:15.727800: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:15.727803: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727806: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:15.727808: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727811: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727814: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:15.727816: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727819: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:15.727821: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:15.727824: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:15.727827: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:15.727829: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:15.727832: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:15.727834: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727837: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:15.727839: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727841: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:15.727844: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:15.727846: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:15.727848: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:15.727851: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:15.727859: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:15.727862: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:15.727865: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727868: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:15.727870: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727873: | INFO: category: informational flags: 0: Aug 26 18:24:15.727876: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727879: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:15.727881: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727884: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:15.727886: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:15.727889: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:15.727892: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:15.727895: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:15.727897: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:15.727900: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:15.727902: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:15.727905: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:15.727907: | -> UNDEFINED EVENT_NULL Aug 26 18:24:15.727910: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:15.727913: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:15.727915: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:15.727918: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:15.727921: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:15.727923: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:15.727929: | checking IKEv2 state table Aug 26 18:24:15.727936: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:15.727940: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:15.727943: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727946: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:15.727949: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:15.727952: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:15.727955: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:15.727958: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:15.727961: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:15.727964: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:15.727966: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:15.727969: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:15.727972: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:15.727975: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:15.727978: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:15.727980: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:15.727983: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727986: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:15.727989: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:15.727992: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:15.727995: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:15.727998: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:15.728001: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:15.728003: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:15.728006: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:15.728011: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:15.728014: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:15.728017: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:15.728020: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:15.728023: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:15.728026: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:15.728028: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:15.728031: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:15.728034: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:15.728037: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:15.728039: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:15.728043: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:15.728046: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:15.728048: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:15.728051: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:15.728054: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:15.728057: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:15.728060: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:15.728063: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:15.728066: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:15.728068: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:15.728071: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:15.728088: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:15.728331: | starting up helper thread 3 Aug 26 18:24:15.728344: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:15.728347: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:15.728854: | Hard-wiring algorithms Aug 26 18:24:15.728861: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:15.728865: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:15.728868: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:15.728871: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:15.728874: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:15.728876: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:15.728879: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:15.728882: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:15.728884: | adding AES_CTR to kernel algorithm db Aug 26 18:24:15.728887: | adding AES_CBC to kernel algorithm db Aug 26 18:24:15.728889: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:15.728892: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:15.728895: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:15.728897: | adding NULL to kernel algorithm db Aug 26 18:24:15.728900: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:15.728903: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:15.728906: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:15.728908: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:15.728911: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:15.728913: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:15.728916: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:15.728918: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:15.728921: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:15.728923: | adding NONE to kernel algorithm db Aug 26 18:24:15.728949: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:15.728956: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:15.728959: | setup kernel fd callback Aug 26 18:24:15.728962: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55af5b4163a8 Aug 26 18:24:15.728967: | libevent_malloc: new ptr-libevent@0x55af5b3f9bf8 size 128 Aug 26 18:24:15.728971: | libevent_malloc: new ptr-libevent@0x55af5b415908 size 16 Aug 26 18:24:15.728977: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55af5b4157f8 Aug 26 18:24:15.728982: | libevent_malloc: new ptr-libevent@0x55af5b3c0138 size 128 Aug 26 18:24:15.728985: | libevent_malloc: new ptr-libevent@0x55af5b4162f8 size 16 Aug 26 18:24:15.729230: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:15.729239: selinux support is enabled. Aug 26 18:24:15.729844: | unbound context created - setting debug level to 5 Aug 26 18:24:15.729876: | /etc/hosts lookups activated Aug 26 18:24:15.729893: | /etc/resolv.conf usage activated Aug 26 18:24:15.729958: | outgoing-port-avoid set 0-65535 Aug 26 18:24:15.729990: | outgoing-port-permit set 32768-60999 Aug 26 18:24:15.729994: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:15.729998: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:15.730001: | Setting up events, loop start Aug 26 18:24:15.730005: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55af5b416338 Aug 26 18:24:15.730008: | libevent_malloc: new ptr-libevent@0x55af5b422578 size 128 Aug 26 18:24:15.730012: | libevent_malloc: new ptr-libevent@0x55af5b42d808 size 16 Aug 26 18:24:15.730020: | libevent_realloc: new ptr-libevent@0x55af5b3bcbd8 size 256 Aug 26 18:24:15.730023: | libevent_malloc: new ptr-libevent@0x55af5b42d848 size 8 Aug 26 18:24:15.730027: | libevent_realloc: new ptr-libevent@0x55af5b3bd488 size 144 Aug 26 18:24:15.730030: | libevent_malloc: new ptr-libevent@0x55af5b3bd8e8 size 152 Aug 26 18:24:15.730034: | libevent_malloc: new ptr-libevent@0x55af5b42d888 size 16 Aug 26 18:24:15.730039: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:15.730042: | libevent_malloc: new ptr-libevent@0x55af5b42d8c8 size 8 Aug 26 18:24:15.730045: | libevent_malloc: new ptr-libevent@0x55af5b42d908 size 152 Aug 26 18:24:15.730049: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:15.730052: | libevent_malloc: new ptr-libevent@0x55af5b42d9d8 size 8 Aug 26 18:24:15.730055: | libevent_malloc: new ptr-libevent@0x55af5b42da18 size 152 Aug 26 18:24:15.730058: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:15.730062: | libevent_malloc: new ptr-libevent@0x55af5b42dae8 size 8 Aug 26 18:24:15.730065: | libevent_realloc: release ptr-libevent@0x55af5b3bd488 Aug 26 18:24:15.730068: | libevent_realloc: new ptr-libevent@0x55af5b42db28 size 256 Aug 26 18:24:15.730072: | libevent_malloc: new ptr-libevent@0x55af5b42dc58 size 152 Aug 26 18:24:15.730075: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:15.730465: | created addconn helper (pid:696) using fork+execve Aug 26 18:24:15.730485: | forked child 696 Aug 26 18:24:15.730533: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:15.730550: listening for IKE messages Aug 26 18:24:15.735205: | Inspecting interface lo Aug 26 18:24:15.735236: | found lo with address 127.0.0.1 Aug 26 18:24:15.735244: | Inspecting interface eth0 Aug 26 18:24:15.735249: | found eth0 with address 192.0.1.254 Aug 26 18:24:15.735253: | Inspecting interface eth1 Aug 26 18:24:15.735258: | found eth1 with address 192.1.2.45 Aug 26 18:24:15.735350: Kernel supports NIC esp-hw-offload Aug 26 18:24:15.735370: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 18:24:15.735448: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:15.735454: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:15.735459: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 18:24:15.735492: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 18:24:15.735513: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:15.735517: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:15.735521: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 18:24:15.735543: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:15.735568: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:15.735573: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:15.735577: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:15.735668: | no interfaces to sort Aug 26 18:24:15.735674: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:15.735683: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e1b8 Aug 26 18:24:15.735687: | libevent_malloc: new ptr-libevent@0x55af5b4224c8 size 128 Aug 26 18:24:15.735692: | libevent_malloc: new ptr-libevent@0x55af5b42e228 size 16 Aug 26 18:24:15.735700: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:15.735703: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e268 Aug 26 18:24:15.735707: | libevent_malloc: new ptr-libevent@0x55af5b3be398 size 128 Aug 26 18:24:15.735709: | libevent_malloc: new ptr-libevent@0x55af5b42e2d8 size 16 Aug 26 18:24:15.735714: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:15.735717: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e318 Aug 26 18:24:15.735720: | libevent_malloc: new ptr-libevent@0x55af5b3c0238 size 128 Aug 26 18:24:15.735723: | libevent_malloc: new ptr-libevent@0x55af5b42e388 size 16 Aug 26 18:24:15.735728: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:24:15.735731: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e3c8 Aug 26 18:24:15.735734: | libevent_malloc: new ptr-libevent@0x55af5b3bd388 size 128 Aug 26 18:24:15.735737: | libevent_malloc: new ptr-libevent@0x55af5b42e438 size 16 Aug 26 18:24:15.735743: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:24:15.735746: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e478 Aug 26 18:24:15.735750: | libevent_malloc: new ptr-libevent@0x55af5b393ba8 size 128 Aug 26 18:24:15.735754: | libevent_malloc: new ptr-libevent@0x55af5b42e4e8 size 16 Aug 26 18:24:15.735759: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:24:15.735762: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e528 Aug 26 18:24:15.735766: | libevent_malloc: new ptr-libevent@0x55af5b38e1d8 size 128 Aug 26 18:24:15.735769: | libevent_malloc: new ptr-libevent@0x55af5b42e598 size 16 Aug 26 18:24:15.735774: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:24:15.735778: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:15.735781: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:15.735801: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:15.735816: | id type added to secret(0x55af5b389c48) PKK_PSK: @west Aug 26 18:24:15.735820: | id type added to secret(0x55af5b389c48) PKK_PSK: @east Aug 26 18:24:15.735825: | Processing PSK at line 1: passed Aug 26 18:24:15.735828: | certs and keys locked by 'process_secret' Aug 26 18:24:15.735832: | certs and keys unlocked by 'process_secret' Aug 26 18:24:15.735845: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:15.735854: | spent 0.779 milliseconds in whack Aug 26 18:24:15.771588: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:15.771620: listening for IKE messages Aug 26 18:24:15.771655: | Inspecting interface lo Aug 26 18:24:15.771663: | found lo with address 127.0.0.1 Aug 26 18:24:15.771666: | Inspecting interface eth0 Aug 26 18:24:15.771671: | found eth0 with address 192.0.1.254 Aug 26 18:24:15.771674: | Inspecting interface eth1 Aug 26 18:24:15.771678: | found eth1 with address 192.1.2.45 Aug 26 18:24:15.771736: | no interfaces to sort Aug 26 18:24:15.771753: | libevent_free: release ptr-libevent@0x55af5b4224c8 Aug 26 18:24:15.771757: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e1b8 Aug 26 18:24:15.771761: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e1b8 Aug 26 18:24:15.771765: | libevent_malloc: new ptr-libevent@0x55af5b4224c8 size 128 Aug 26 18:24:15.771773: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:15.771778: | libevent_free: release ptr-libevent@0x55af5b3be398 Aug 26 18:24:15.771781: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e268 Aug 26 18:24:15.771784: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e268 Aug 26 18:24:15.771787: | libevent_malloc: new ptr-libevent@0x55af5b3be398 size 128 Aug 26 18:24:15.771792: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:15.771797: | libevent_free: release ptr-libevent@0x55af5b3c0238 Aug 26 18:24:15.771800: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e318 Aug 26 18:24:15.771803: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e318 Aug 26 18:24:15.771806: | libevent_malloc: new ptr-libevent@0x55af5b3c0238 size 128 Aug 26 18:24:15.771811: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:24:15.771815: | libevent_free: release ptr-libevent@0x55af5b3bd388 Aug 26 18:24:15.771818: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e3c8 Aug 26 18:24:15.771821: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e3c8 Aug 26 18:24:15.771824: | libevent_malloc: new ptr-libevent@0x55af5b3bd388 size 128 Aug 26 18:24:15.771829: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:24:15.771834: | libevent_free: release ptr-libevent@0x55af5b393ba8 Aug 26 18:24:15.771837: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e478 Aug 26 18:24:15.771840: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e478 Aug 26 18:24:15.771843: | libevent_malloc: new ptr-libevent@0x55af5b393ba8 size 128 Aug 26 18:24:15.771848: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:24:15.771853: | libevent_free: release ptr-libevent@0x55af5b38e1d8 Aug 26 18:24:15.771855: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e528 Aug 26 18:24:15.771858: | add_fd_read_event_handler: new ethX-pe@0x55af5b42e528 Aug 26 18:24:15.771862: | libevent_malloc: new ptr-libevent@0x55af5b38e1d8 size 128 Aug 26 18:24:15.771867: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:24:15.771870: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:15.771873: forgetting secrets Aug 26 18:24:15.771880: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:15.771893: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:15.771901: | id type added to secret(0x55af5b389c48) PKK_PSK: @west Aug 26 18:24:15.771905: | id type added to secret(0x55af5b389c48) PKK_PSK: @east Aug 26 18:24:15.771910: | Processing PSK at line 1: passed Aug 26 18:24:15.771913: | certs and keys locked by 'process_secret' Aug 26 18:24:15.771916: | certs and keys unlocked by 'process_secret' Aug 26 18:24:15.771924: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:15.771932: | spent 0.351 milliseconds in whack Aug 26 18:24:15.772459: | processing signal PLUTO_SIGCHLD Aug 26 18:24:15.772481: | waitpid returned pid 696 (exited with status 0) Aug 26 18:24:15.772486: | reaped addconn helper child (status 0) Aug 26 18:24:15.772492: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:15.772497: | spent 0.0245 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:15.824630: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:15.824661: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:15.824665: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:15.824668: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:15.824670: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:15.824675: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:15.824683: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:15.824748: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:15.824754: | from whack: got --esp= Aug 26 18:24:15.824793: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:15.824798: | counting wild cards for @west is 0 Aug 26 18:24:15.824802: | counting wild cards for @east is 0 Aug 26 18:24:15.824812: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:15.824816: | new hp@0x55af5b4308b8 Aug 26 18:24:15.824820: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:15.824829: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:15.824841: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:15.824849: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:15.824855: | spent 0.228 milliseconds in whack Aug 26 18:24:15.894911: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:15.895112: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:15.895119: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:15.895182: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:15.895196: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:15.895204: | spent 0.295 milliseconds in whack Aug 26 18:24:16.025125: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:16.025160: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:24:16.025166: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:16.025172: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:16.025175: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 18:24:16.025179: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:16.025183: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:16.025207: | creating state object #1 at 0x55af5b4309d8 Aug 26 18:24:16.025211: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:16.025220: | pstats #1 ikev2.ike started Aug 26 18:24:16.025225: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:16.025229: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:16.025235: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:16.025242: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:16.025249: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:16.025253: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:16.025258: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:16.025262: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 18:24:16.025272: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 18:24:16.025286: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.025304: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.025309: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.025314: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.025319: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.025325: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.025329: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:16.025334: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.025347: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.025356: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:16.025360: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55af5b433108 Aug 26 18:24:16.025364: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:16.025369: | libevent_malloc: new ptr-libevent@0x55af5b433178 size 128 Aug 26 18:24:16.025389: | crypto helper 0 resuming Aug 26 18:24:16.025396: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:16.025401: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:16.026427: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001025 seconds Aug 26 18:24:16.026446: | (#1) spent 1 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:16.026451: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:16.026454: | scheduling resume sending helper answer for #1 Aug 26 18:24:16.026458: | libevent_malloc: new ptr-libevent@0x7fd8c4002888 size 128 Aug 26 18:24:16.026465: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:16.026476: | #1 spent 0.212 milliseconds in ikev2_parent_outI1() Aug 26 18:24:16.026481: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:16.026487: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:16.026490: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:16.026494: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:16.026498: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 18:24:16.026507: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:16.026511: | spent 0.305 milliseconds in whack Aug 26 18:24:16.026521: | processing resume sending helper answer for #1 Aug 26 18:24:16.026527: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:16.026531: | crypto helper 0 replies to request ID 1 Aug 26 18:24:16.026534: | calling continuation function 0x55af5a1e8b50 Aug 26 18:24:16.026537: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:16.026569: | **emit ISAKMP Message: Aug 26 18:24:16.026573: | initiator cookie: Aug 26 18:24:16.026575: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.026578: | responder cookie: Aug 26 18:24:16.026580: | 00 00 00 00 00 00 00 00 Aug 26 18:24:16.026583: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:16.026587: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.026590: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:16.026593: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:16.026596: | Message ID: 0 (0x0) Aug 26 18:24:16.026599: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:16.026616: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.026620: | Emitting ikev2_proposals ... Aug 26 18:24:16.026622: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:16.026625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.026627: | flags: none (0x0) Aug 26 18:24:16.026630: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:16.026633: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.026636: | discarding INTEG=NONE Aug 26 18:24:16.026639: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.026641: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.026643: | prop #: 1 (0x1) Aug 26 18:24:16.026645: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.026648: | spi size: 0 (0x0) Aug 26 18:24:16.026650: | # transforms: 11 (0xb) Aug 26 18:24:16.026652: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.026655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026659: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.026662: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.026664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026667: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.026669: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.026672: | length/value: 256 (0x100) Aug 26 18:24:16.026674: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.026676: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026679: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026681: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.026686: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.026689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026694: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026696: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026701: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.026703: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.026705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026712: | discarding INTEG=NONE Aug 26 18:24:16.026714: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026719: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026721: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.026724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026730: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026733: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026735: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026738: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026740: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.026743: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026749: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026751: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026755: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026757: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.026760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026765: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026773: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.026776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026781: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026785: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026787: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026789: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026792: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.026794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026799: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026805: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.026810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026815: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026817: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026821: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026824: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.026826: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026831: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026833: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026835: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.026837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026839: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.026842: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026847: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026850: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:16.026853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.026856: | discarding INTEG=NONE Aug 26 18:24:16.026859: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.026861: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.026863: | prop #: 2 (0x2) Aug 26 18:24:16.026865: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.026868: | spi size: 0 (0x0) Aug 26 18:24:16.026870: | # transforms: 11 (0xb) Aug 26 18:24:16.026874: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.026877: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.026880: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026886: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.026889: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.026894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026898: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.026901: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.026904: | length/value: 128 (0x80) Aug 26 18:24:16.026907: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.026909: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026913: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.026916: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.026919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026925: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026927: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026932: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.026935: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.026938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026944: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026946: | discarding INTEG=NONE Aug 26 18:24:16.026949: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026957: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.026960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026963: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026966: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026969: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026976: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.026979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.026985: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.026988: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.026990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.026993: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.026996: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.026999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027005: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027007: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027018: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.027021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027037: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.027041: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027044: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027047: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027050: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027056: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027059: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.027062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027069: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027072: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027080: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.027084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027087: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027090: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027092: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027095: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.027097: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027100: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.027103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027109: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027112: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:16.027115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.027117: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.027120: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.027123: | prop #: 3 (0x3) Aug 26 18:24:16.027125: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.027128: | spi size: 0 (0x0) Aug 26 18:24:16.027130: | # transforms: 13 (0xd) Aug 26 18:24:16.027137: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.027140: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.027143: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027148: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.027151: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.027154: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027156: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.027159: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.027162: | length/value: 256 (0x100) Aug 26 18:24:16.027164: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.027167: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027172: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.027175: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.027178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027183: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027186: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027191: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.027194: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.027197: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027200: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027202: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027205: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027210: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.027213: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.027216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027221: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027224: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027229: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.027231: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.027234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027240: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027243: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027252: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.027255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027260: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027263: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027270: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.027274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027279: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027282: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027287: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027297: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.027301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027303: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027306: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027308: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027316: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.027319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027325: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027327: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027330: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027332: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027335: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.027338: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027341: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027344: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027346: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027351: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027354: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.027357: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027363: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027369: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027377: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.027380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027384: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027386: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027389: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.027391: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027394: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.027397: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027402: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027405: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:16.027408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.027410: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.027413: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.027415: | prop #: 4 (0x4) Aug 26 18:24:16.027417: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.027420: | spi size: 0 (0x0) Aug 26 18:24:16.027422: | # transforms: 13 (0xd) Aug 26 18:24:16.027425: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.027429: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.027432: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027437: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.027440: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.027443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027446: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.027449: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.027452: | length/value: 128 (0x80) Aug 26 18:24:16.027454: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.027457: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027463: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.027465: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.027469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027472: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027475: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027478: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027483: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.027486: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:16.027491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027497: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027500: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027505: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.027508: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.027511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027514: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027517: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027520: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027526: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.027529: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.027532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027538: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027541: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027546: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027549: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.027552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027558: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027561: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027569: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:16.027572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027576: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027579: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027582: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027589: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027592: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:16.027595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027601: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027611: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027614: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:16.027617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027623: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027625: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027627: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027630: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027633: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:16.027637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027640: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027643: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027646: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027654: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:16.027658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027661: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027663: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027666: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027675: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:16.027678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027684: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027687: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.027690: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.027693: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.027695: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:16.027699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.027701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.027704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.027707: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:16.027710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.027713: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:16.027716: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:16.027719: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:16.027723: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.027726: | flags: none (0x0) Aug 26 18:24:16.027730: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.027734: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:16.027738: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.027742: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:16.027745: | ikev2 g^x 68 bf 95 55 21 d1 8c 7a 7f 86 58 b5 6b 22 e8 a3 Aug 26 18:24:16.027748: | ikev2 g^x f8 12 9d 88 a9 d1 23 e4 ea 59 4d 87 3d a4 6f 6b Aug 26 18:24:16.027751: | ikev2 g^x a2 cf 65 a2 75 e8 cb 8c 0b 02 65 ac 02 b5 60 d8 Aug 26 18:24:16.027754: | ikev2 g^x 25 36 2d a1 63 01 db 14 10 4c 42 12 f1 bd c9 fb Aug 26 18:24:16.027757: | ikev2 g^x 1c 5a c0 b2 9d 5a b8 13 fe e0 57 85 f7 34 b6 6d Aug 26 18:24:16.027760: | ikev2 g^x 3f 9c 9f b9 59 8b e0 34 7b a9 e8 47 c1 30 ab 43 Aug 26 18:24:16.027763: | ikev2 g^x 91 a9 b5 f9 50 f2 e2 95 13 6e d3 80 d9 67 dd 93 Aug 26 18:24:16.027766: | ikev2 g^x 5f be a7 bd 31 f7 18 34 70 19 2c 69 84 9d 61 8d Aug 26 18:24:16.027768: | ikev2 g^x c0 7a e1 e1 18 e3 2c 30 c6 7c a4 d1 19 fe 90 9e Aug 26 18:24:16.027772: | ikev2 g^x 96 2f 44 99 47 d3 5f 30 ca ba 01 96 8a 04 61 13 Aug 26 18:24:16.027774: | ikev2 g^x f4 c7 b6 11 f0 45 28 d3 c8 05 97 1c 51 8c 62 d8 Aug 26 18:24:16.027777: | ikev2 g^x e4 92 1b a3 0b 74 5b f8 67 20 1e 91 f5 69 80 2d Aug 26 18:24:16.027780: | ikev2 g^x 19 3c 60 e5 75 28 23 d7 09 ea 7f 60 11 74 92 ad Aug 26 18:24:16.027782: | ikev2 g^x 02 63 2e 2b b9 0b 1a 45 ab 7b 9b ad 08 f3 04 5a Aug 26 18:24:16.027818: | ikev2 g^x 21 07 93 4d 43 8d ac 20 c6 04 56 ca 98 c1 61 53 Aug 26 18:24:16.027821: | ikev2 g^x 93 59 92 96 a9 67 a1 d3 3c 74 69 e0 2c 37 fa ea Aug 26 18:24:16.027824: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:16.027827: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:16.027830: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.027832: | flags: none (0x0) Aug 26 18:24:16.027836: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:16.027839: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:16.027842: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.027846: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:16.027848: | IKEv2 nonce 93 7e d2 0d 21 0f 6b 8f 24 b1 34 1b cb 05 67 ed Aug 26 18:24:16.027851: | IKEv2 nonce 53 02 0f e4 54 a0 b7 7f 1a 55 1b a0 8e c1 a7 7e Aug 26 18:24:16.027853: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:16.027856: | Adding a v2N Payload Aug 26 18:24:16.027859: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.027862: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.027864: | flags: none (0x0) Aug 26 18:24:16.027867: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.027869: | SPI size: 0 (0x0) Aug 26 18:24:16.027873: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:16.027876: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.027879: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.027882: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:16.027885: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:16.027888: | natd_hash: rcookie is zero Aug 26 18:24:16.027907: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:16.027910: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.027913: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:16.027915: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:16.027919: | natd_hash: port=500 Aug 26 18:24:16.027922: | natd_hash: hash= aa fe 9a 48 2e 5f 25 03 be 7a dc 84 d4 bd 3e 49 Aug 26 18:24:16.027924: | natd_hash: hash= ef 92 ae 39 Aug 26 18:24:16.027927: | Adding a v2N Payload Aug 26 18:24:16.027929: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.027932: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.027935: | flags: none (0x0) Aug 26 18:24:16.027937: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.027940: | SPI size: 0 (0x0) Aug 26 18:24:16.027943: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:16.027946: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.027949: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.027952: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:16.027955: | Notify data aa fe 9a 48 2e 5f 25 03 be 7a dc 84 d4 bd 3e 49 Aug 26 18:24:16.027957: | Notify data ef 92 ae 39 Aug 26 18:24:16.027960: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:16.027962: | natd_hash: rcookie is zero Aug 26 18:24:16.027969: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:16.027972: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.027975: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:16.027977: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:16.027980: | natd_hash: port=500 Aug 26 18:24:16.027982: | natd_hash: hash= a6 8a 27 d6 65 ac f3 b2 e0 bc dc f4 c4 40 48 86 Aug 26 18:24:16.027985: | natd_hash: hash= 1c 1f 2b c9 Aug 26 18:24:16.027987: | Adding a v2N Payload Aug 26 18:24:16.027989: | ***emit IKEv2 Notify Payload: Aug 26 18:24:16.027992: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.027995: | flags: none (0x0) Aug 26 18:24:16.027997: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.028000: | SPI size: 0 (0x0) Aug 26 18:24:16.028002: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:16.028005: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:16.028008: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.028011: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:16.028014: | Notify data a6 8a 27 d6 65 ac f3 b2 e0 bc dc f4 c4 40 48 86 Aug 26 18:24:16.028016: | Notify data 1c 1f 2b c9 Aug 26 18:24:16.028019: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:16.028021: | emitting length of ISAKMP Message: 828 Aug 26 18:24:16.028029: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:16.028040: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.028044: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:16.028047: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:16.028051: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:16.028054: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:16.028057: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:16.028062: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:16.028066: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:16.028078: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:16.028089: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:16.028092: | 5f 07 16 2b f7 b1 ca 64 00 00 00 00 00 00 00 00 Aug 26 18:24:16.028096: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:16.028099: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:16.028101: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:16.028104: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:16.028106: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:16.028109: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:16.028111: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:16.028114: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:16.028116: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:16.028119: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:16.028121: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:16.028124: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:16.028126: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:16.028129: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:16.028131: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:16.028134: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:16.028136: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:16.028139: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:16.028141: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:16.028144: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:16.028146: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:16.028148: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:16.028151: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:16.028153: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:16.028156: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:16.028158: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:16.028161: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:16.028163: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:16.028166: | 28 00 01 08 00 0e 00 00 68 bf 95 55 21 d1 8c 7a Aug 26 18:24:16.028168: | 7f 86 58 b5 6b 22 e8 a3 f8 12 9d 88 a9 d1 23 e4 Aug 26 18:24:16.028171: | ea 59 4d 87 3d a4 6f 6b a2 cf 65 a2 75 e8 cb 8c Aug 26 18:24:16.028173: | 0b 02 65 ac 02 b5 60 d8 25 36 2d a1 63 01 db 14 Aug 26 18:24:16.028176: | 10 4c 42 12 f1 bd c9 fb 1c 5a c0 b2 9d 5a b8 13 Aug 26 18:24:16.028178: | fe e0 57 85 f7 34 b6 6d 3f 9c 9f b9 59 8b e0 34 Aug 26 18:24:16.028181: | 7b a9 e8 47 c1 30 ab 43 91 a9 b5 f9 50 f2 e2 95 Aug 26 18:24:16.028183: | 13 6e d3 80 d9 67 dd 93 5f be a7 bd 31 f7 18 34 Aug 26 18:24:16.028186: | 70 19 2c 69 84 9d 61 8d c0 7a e1 e1 18 e3 2c 30 Aug 26 18:24:16.028188: | c6 7c a4 d1 19 fe 90 9e 96 2f 44 99 47 d3 5f 30 Aug 26 18:24:16.028191: | ca ba 01 96 8a 04 61 13 f4 c7 b6 11 f0 45 28 d3 Aug 26 18:24:16.028193: | c8 05 97 1c 51 8c 62 d8 e4 92 1b a3 0b 74 5b f8 Aug 26 18:24:16.028196: | 67 20 1e 91 f5 69 80 2d 19 3c 60 e5 75 28 23 d7 Aug 26 18:24:16.028198: | 09 ea 7f 60 11 74 92 ad 02 63 2e 2b b9 0b 1a 45 Aug 26 18:24:16.028201: | ab 7b 9b ad 08 f3 04 5a 21 07 93 4d 43 8d ac 20 Aug 26 18:24:16.028203: | c6 04 56 ca 98 c1 61 53 93 59 92 96 a9 67 a1 d3 Aug 26 18:24:16.028206: | 3c 74 69 e0 2c 37 fa ea 29 00 00 24 93 7e d2 0d Aug 26 18:24:16.028208: | 21 0f 6b 8f 24 b1 34 1b cb 05 67 ed 53 02 0f e4 Aug 26 18:24:16.028211: | 54 a0 b7 7f 1a 55 1b a0 8e c1 a7 7e 29 00 00 08 Aug 26 18:24:16.028213: | 00 00 40 2e 29 00 00 1c 00 00 40 04 aa fe 9a 48 Aug 26 18:24:16.028216: | 2e 5f 25 03 be 7a dc 84 d4 bd 3e 49 ef 92 ae 39 Aug 26 18:24:16.028218: | 00 00 00 1c 00 00 40 05 a6 8a 27 d6 65 ac f3 b2 Aug 26 18:24:16.028221: | e0 bc dc f4 c4 40 48 86 1c 1f 2b c9 Aug 26 18:24:16.028450: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:16.028464: | libevent_free: release ptr-libevent@0x55af5b433178 Aug 26 18:24:16.028468: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55af5b433108 Aug 26 18:24:16.028471: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:16.028476: | event_schedule: new EVENT_RETRANSMIT-pe@0x55af5b433108 Aug 26 18:24:16.028480: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:24:16.028483: | libevent_malloc: new ptr-libevent@0x55af5b433178 size 128 Aug 26 18:24:16.028489: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29141.770941 Aug 26 18:24:16.028494: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:16.028501: | #1 spent 1.73 milliseconds in resume sending helper answer Aug 26 18:24:16.028507: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:16.028511: | libevent_free: release ptr-libevent@0x7fd8c4002888 Aug 26 18:24:16.033984: | spent 0.00319 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:16.034013: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:16.034018: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.034021: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:24:16.034023: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:16.034026: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:16.034028: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b8 f6 3f 56 Aug 26 18:24:16.034031: | e5 3b 84 5b eb 9b e8 ca a2 d2 3c 1b 2b 67 f7 02 Aug 26 18:24:16.034033: | 21 fc a9 1f 0b df 73 19 bc f8 dd 82 e8 a8 bc 95 Aug 26 18:24:16.034036: | 10 98 4f b6 80 58 de ca ba a6 74 1c 97 01 d8 7f Aug 26 18:24:16.034038: | 7d 91 88 74 41 67 b4 5b ed 42 af 28 4d 54 78 51 Aug 26 18:24:16.034041: | 7f 5d f9 0c e9 ed 3d 64 09 ab 0e 7b 55 c4 ea 2c Aug 26 18:24:16.034044: | 04 49 42 45 70 89 a1 d3 1d a3 70 d8 e7 ab 7e 45 Aug 26 18:24:16.034046: | 9c 33 dd 2a 26 bd 92 1f 24 2a ae 2b 6a de 94 a9 Aug 26 18:24:16.034049: | 84 48 3c 77 3b ea 2a ef 11 d9 37 02 86 7b c1 0e Aug 26 18:24:16.034051: | d4 48 40 5b 4c 04 00 c8 a8 3b bd 54 35 51 3d b7 Aug 26 18:24:16.034054: | 71 41 55 7c 70 af eb ff 65 88 20 3e b0 16 e0 4f Aug 26 18:24:16.034056: | 4d cc 0e c9 a0 60 01 f6 09 c5 1b f8 af 5d 7d 17 Aug 26 18:24:16.034059: | 52 06 7c 39 e6 0b b4 b8 1f d0 17 99 2e 5a be 87 Aug 26 18:24:16.034062: | e9 73 b3 cd 5f 4f 0d 71 7b 6f 1f 26 80 46 77 c9 Aug 26 18:24:16.034064: | be e6 e5 4c a7 f0 ab 90 68 3b 01 00 85 09 f0 52 Aug 26 18:24:16.034067: | 94 00 2a dc bd 10 d8 a9 8a 31 03 9e b8 31 f3 41 Aug 26 18:24:16.034069: | d7 ef f1 93 b2 14 76 78 14 74 44 e9 29 00 00 24 Aug 26 18:24:16.034072: | 3e 38 51 73 a7 f8 5c fc 09 95 7c 43 03 fd fa 5d Aug 26 18:24:16.034075: | fb 1a 24 d3 ed 48 92 a5 2d 67 4d 1c ab 8d c6 2b Aug 26 18:24:16.034077: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:16.034080: | 1e a2 d2 9b 6a 2b e5 be a5 ca 81 09 68 f2 ea e1 Aug 26 18:24:16.034082: | e1 91 ee 92 00 00 00 1c 00 00 40 05 f9 3d 51 af Aug 26 18:24:16.034085: | e7 70 1d 17 c8 15 d5 41 0f 2b 15 8f e6 48 94 dd Aug 26 18:24:16.034090: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:16.034094: | **parse ISAKMP Message: Aug 26 18:24:16.034097: | initiator cookie: Aug 26 18:24:16.034100: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.034103: | responder cookie: Aug 26 18:24:16.034105: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.034108: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:16.034111: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.034114: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:16.034119: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:16.034122: | Message ID: 0 (0x0) Aug 26 18:24:16.034125: | length: 432 (0x1b0) Aug 26 18:24:16.034128: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:16.034132: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:16.034136: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:16.034143: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:16.034148: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:16.034151: | #1 is idle Aug 26 18:24:16.034153: | #1 idle Aug 26 18:24:16.034156: | unpacking clear payload Aug 26 18:24:16.034159: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:16.034162: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:16.034165: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:16.034168: | flags: none (0x0) Aug 26 18:24:16.034170: | length: 40 (0x28) Aug 26 18:24:16.034173: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:16.034176: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:16.034179: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:16.034182: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:16.034184: | flags: none (0x0) Aug 26 18:24:16.034187: | length: 264 (0x108) Aug 26 18:24:16.034190: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.034193: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:16.034195: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:16.034198: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:16.034201: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.034203: | flags: none (0x0) Aug 26 18:24:16.034206: | length: 36 (0x24) Aug 26 18:24:16.034208: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:16.034211: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.034214: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.034217: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.034219: | flags: none (0x0) Aug 26 18:24:16.034222: | length: 8 (0x8) Aug 26 18:24:16.034225: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.034227: | SPI size: 0 (0x0) Aug 26 18:24:16.034230: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:16.034233: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:16.034236: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.034238: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.034241: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:16.034244: | flags: none (0x0) Aug 26 18:24:16.034246: | length: 28 (0x1c) Aug 26 18:24:16.034249: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.034251: | SPI size: 0 (0x0) Aug 26 18:24:16.034254: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:16.034257: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:16.034260: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:16.034262: | ***parse IKEv2 Notify Payload: Aug 26 18:24:16.034265: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.034268: | flags: none (0x0) Aug 26 18:24:16.034270: | length: 28 (0x1c) Aug 26 18:24:16.034273: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:16.034276: | SPI size: 0 (0x0) Aug 26 18:24:16.034278: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:16.034281: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:16.034284: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:16.034293: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:16.034298: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:16.034303: | Now let's proceed with state specific processing Aug 26 18:24:16.034306: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:16.034310: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:16.034327: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:16.034332: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:16.034336: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:16.034339: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:16.034341: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:16.034344: | local proposal 1 type DH has 8 transforms Aug 26 18:24:16.034347: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:16.034351: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:16.034353: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:16.034356: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:16.034359: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:16.034362: | local proposal 2 type DH has 8 transforms Aug 26 18:24:16.034364: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:16.034368: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:16.034370: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:16.034373: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:16.034376: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:16.034378: | local proposal 3 type DH has 8 transforms Aug 26 18:24:16.034381: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:16.034384: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:16.034387: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:16.034390: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:16.034393: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:16.034395: | local proposal 4 type DH has 8 transforms Aug 26 18:24:16.034398: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:16.034401: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:16.034404: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.034407: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.034410: | length: 36 (0x24) Aug 26 18:24:16.034413: | prop #: 1 (0x1) Aug 26 18:24:16.034415: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:16.034418: | spi size: 0 (0x0) Aug 26 18:24:16.034421: | # transforms: 3 (0x3) Aug 26 18:24:16.034425: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:16.034428: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.034431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.034433: | length: 12 (0xc) Aug 26 18:24:16.034436: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.034439: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.034442: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.034445: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.034448: | length/value: 256 (0x100) Aug 26 18:24:16.034452: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:16.034456: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.034459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.034462: | length: 8 (0x8) Aug 26 18:24:16.034464: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:16.034467: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:16.034471: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:16.034474: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.034476: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.034479: | length: 8 (0x8) Aug 26 18:24:16.034482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:16.034484: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:16.034488: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:16.034492: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:16.034497: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:16.034500: | remote proposal 1 matches local proposal 1 Aug 26 18:24:16.034503: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:16.034506: | converting proposal to internal trans attrs Aug 26 18:24:16.034524: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:16.034527: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.034530: | natd_hash: rcookie= 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.034532: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:16.034535: | natd_hash: port=500 Aug 26 18:24:16.034537: | natd_hash: hash= f9 3d 51 af e7 70 1d 17 c8 15 d5 41 0f 2b 15 8f Aug 26 18:24:16.034540: | natd_hash: hash= e6 48 94 dd Aug 26 18:24:16.034546: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:16.034549: | natd_hash: icookie= 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.034551: | natd_hash: rcookie= 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.034554: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:16.034556: | natd_hash: port=500 Aug 26 18:24:16.034559: | natd_hash: hash= 1e a2 d2 9b 6a 2b e5 be a5 ca 81 09 68 f2 ea e1 Aug 26 18:24:16.034561: | natd_hash: hash= e1 91 ee 92 Aug 26 18:24:16.034564: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:16.034567: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:16.034569: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:16.034573: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:16.034577: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:16.034581: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:16.034584: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:16.034587: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:16.034591: | libevent_free: release ptr-libevent@0x55af5b433178 Aug 26 18:24:16.034594: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55af5b433108 Aug 26 18:24:16.034598: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55af5b433108 Aug 26 18:24:16.034602: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:16.034605: | libevent_malloc: new ptr-libevent@0x55af5b432ee8 size 128 Aug 26 18:24:16.034617: | #1 spent 0.306 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:16.034623: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.034627: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:16.034632: | suspending state #1 and saving MD Aug 26 18:24:16.034623: | crypto helper 1 resuming Aug 26 18:24:16.034647: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:24:16.034653: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:16.035625: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:16.036048: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001395 seconds Aug 26 18:24:16.036059: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:16.036063: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:16.036067: | scheduling resume sending helper answer for #1 Aug 26 18:24:16.036071: | libevent_malloc: new ptr-libevent@0x7fd8bc000f48 size 128 Aug 26 18:24:16.036078: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:16.034636: | #1 is busy; has a suspended MD Aug 26 18:24:16.036093: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:16.036099: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:16.036105: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:16.036111: | #1 spent 0.663 milliseconds in ikev2_process_packet() Aug 26 18:24:16.036117: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:16.036121: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:16.036125: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:16.036130: | spent 0.682 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:16.036140: | processing resume sending helper answer for #1 Aug 26 18:24:16.036146: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:16.036151: | crypto helper 1 replies to request ID 2 Aug 26 18:24:16.036154: | calling continuation function 0x55af5a1e8b50 Aug 26 18:24:16.036158: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:16.036165: | creating state object #2 at 0x55af5b435d88 Aug 26 18:24:16.036170: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:16.036174: | pstats #2 ikev2.child started Aug 26 18:24:16.036178: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 18:24:16.036184: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:16.036192: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:16.036199: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:16.036205: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:16.036208: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:16.036212: | libevent_free: release ptr-libevent@0x55af5b432ee8 Aug 26 18:24:16.036216: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55af5b433108 Aug 26 18:24:16.036220: | event_schedule: new EVENT_SA_REPLACE-pe@0x55af5b433108 Aug 26 18:24:16.036224: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:16.036228: | libevent_malloc: new ptr-libevent@0x55af5b432ee8 size 128 Aug 26 18:24:16.036232: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:16.036239: | **emit ISAKMP Message: Aug 26 18:24:16.036242: | initiator cookie: Aug 26 18:24:16.036245: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.036248: | responder cookie: Aug 26 18:24:16.036251: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.036255: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:16.036258: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.036266: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:16.036270: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:16.036273: | Message ID: 1 (0x1) Aug 26 18:24:16.036277: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:16.036281: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:16.036284: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.036291: | flags: none (0x0) Aug 26 18:24:16.036298: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:16.036302: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.036306: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:16.036314: | IKEv2 CERT: send a certificate? Aug 26 18:24:16.036318: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:24:16.036321: | IDr payload will be sent Aug 26 18:24:16.036335: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:16.036339: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.036342: | flags: none (0x0) Aug 26 18:24:16.036345: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.036350: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:16.036354: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.036358: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:16.036361: | my identity 77 65 73 74 Aug 26 18:24:16.036364: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:24:16.036373: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:16.036377: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:16.036380: | flags: none (0x0) Aug 26 18:24:16.036383: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.036387: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:16.036392: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:16.036396: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.036400: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:16.036403: | IDr 65 61 73 74 Aug 26 18:24:16.036406: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:24:16.036409: | not sending INITIAL_CONTACT Aug 26 18:24:16.036413: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:16.036416: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.036419: | flags: none (0x0) Aug 26 18:24:16.036422: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:16.036427: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:16.036431: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.036435: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:24:16.036440: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 18:24:16.036444: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 18:24:16.036448: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 18:24:16.036452: | 1: compared key @east to @west / @east -> 004 Aug 26 18:24:16.036455: | 2: compared key @west to @west / @east -> 014 Aug 26 18:24:16.036459: | line 1: match=014 Aug 26 18:24:16.036465: | match 014 beats previous best_match 000 match=0x55af5b389c48 (line=1) Aug 26 18:24:16.036469: | concluding with best_match=014 best=0x55af5b389c48 (lineno=1) Aug 26 18:24:16.036527: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:24:16.036532: | PSK auth 8c 6a 03 22 f8 e3 64 6e 40 e0 58 37 81 0c 8d 12 Aug 26 18:24:16.036535: | PSK auth 82 e4 58 0d c5 1b 71 a3 29 ec c0 ae b3 d8 ad d9 Aug 26 18:24:16.036538: | PSK auth 4e 13 56 6e 81 28 98 0c ad 26 32 88 a3 20 c1 d9 Aug 26 18:24:16.036541: | PSK auth 76 44 bc f1 17 b5 79 b0 76 93 21 36 df 73 05 d7 Aug 26 18:24:16.036545: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:24:16.036548: | getting first pending from state #1 Aug 26 18:24:16.036930: | netlink_get_spi: allocated 0x12b3085d for esp.0@192.1.2.45 Aug 26 18:24:16.036937: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:16.036945: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:16.036952: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:16.036956: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:16.036961: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:16.036966: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:16.036971: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.036975: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:16.036981: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.036992: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.037003: | Emitting ikev2_proposals ... Aug 26 18:24:16.037007: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:16.037010: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.037013: | flags: none (0x0) Aug 26 18:24:16.037018: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:16.037022: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.037025: | discarding INTEG=NONE Aug 26 18:24:16.037028: | discarding DH=NONE Aug 26 18:24:16.037031: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.037035: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037038: | prop #: 1 (0x1) Aug 26 18:24:16.037041: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.037044: | spi size: 4 (0x4) Aug 26 18:24:16.037047: | # transforms: 2 (0x2) Aug 26 18:24:16.037051: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.037055: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:16.037058: | our spi 12 b3 08 5d Aug 26 18:24:16.037061: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037068: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.037071: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.037075: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037078: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.037084: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.037087: | length/value: 256 (0x100) Aug 26 18:24:16.037091: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.037094: | discarding INTEG=NONE Aug 26 18:24:16.037096: | discarding DH=NONE Aug 26 18:24:16.037099: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037103: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.037106: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.037109: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.037113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037121: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037125: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:16.037128: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.037132: | discarding INTEG=NONE Aug 26 18:24:16.037135: | discarding DH=NONE Aug 26 18:24:16.037138: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.037141: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037144: | prop #: 2 (0x2) Aug 26 18:24:16.037147: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.037150: | spi size: 4 (0x4) Aug 26 18:24:16.037153: | # transforms: 2 (0x2) Aug 26 18:24:16.037157: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037161: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.037165: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:16.037168: | our spi 12 b3 08 5d Aug 26 18:24:16.037171: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037178: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.037181: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.037185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037188: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.037191: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.037194: | length/value: 128 (0x80) Aug 26 18:24:16.037198: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.037200: | discarding INTEG=NONE Aug 26 18:24:16.037203: | discarding DH=NONE Aug 26 18:24:16.037206: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037209: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.037212: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.037215: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.037220: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037224: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037227: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037231: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:16.037235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.037237: | discarding DH=NONE Aug 26 18:24:16.037241: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.037245: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037248: | prop #: 3 (0x3) Aug 26 18:24:16.037251: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.037254: | spi size: 4 (0x4) Aug 26 18:24:16.037257: | # transforms: 4 (0x4) Aug 26 18:24:16.037261: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037265: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.037269: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:16.037272: | our spi 12 b3 08 5d Aug 26 18:24:16.037275: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037282: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.037285: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.037292: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037298: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.037302: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.037305: | length/value: 256 (0x100) Aug 26 18:24:16.037308: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.037312: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037318: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.037321: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.037326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037330: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037333: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037337: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037343: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.037346: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.037350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037358: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037361: | discarding DH=NONE Aug 26 18:24:16.037364: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037367: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.037370: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.037373: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.037378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037385: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037388: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:16.037392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.037395: | discarding DH=NONE Aug 26 18:24:16.037398: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.037401: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.037404: | prop #: 4 (0x4) Aug 26 18:24:16.037409: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.037412: | spi size: 4 (0x4) Aug 26 18:24:16.037415: | # transforms: 4 (0x4) Aug 26 18:24:16.037419: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:16.037423: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:16.037427: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:16.037430: | our spi 12 b3 08 5d Aug 26 18:24:16.037433: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037440: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.037443: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:16.037447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037451: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.037454: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.037457: | length/value: 128 (0x80) Aug 26 18:24:16.037461: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:16.037464: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037467: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037470: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.037473: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:16.037478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037485: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037488: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037495: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:16.037498: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:16.037502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037510: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037513: | discarding DH=NONE Aug 26 18:24:16.037516: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:16.037519: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.037522: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.037525: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.037529: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.037534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:16.037537: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:16.037540: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:16.037544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:16.037548: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:16.037552: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:16.037555: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:16.037561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.037564: | flags: none (0x0) Aug 26 18:24:16.037567: | number of TS: 1 (0x1) Aug 26 18:24:16.037571: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:16.037575: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.037579: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:16.037582: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.037585: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.037588: | start port: 0 (0x0) Aug 26 18:24:16.037591: | end port: 65535 (0xffff) Aug 26 18:24:16.037595: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:16.037598: | ipv4 start c0 00 01 00 Aug 26 18:24:16.037601: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:16.037604: | ipv4 end c0 00 01 ff Aug 26 18:24:16.037607: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:16.037611: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:16.037614: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:16.037617: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.037620: | flags: none (0x0) Aug 26 18:24:16.037623: | number of TS: 1 (0x1) Aug 26 18:24:16.037628: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:16.037632: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:16.037635: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:16.037639: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.037642: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.037645: | start port: 0 (0x0) Aug 26 18:24:16.037648: | end port: 65535 (0xffff) Aug 26 18:24:16.037651: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:16.037654: | ipv4 start c0 00 02 00 Aug 26 18:24:16.037658: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:16.037661: | ipv4 end c0 00 02 ff Aug 26 18:24:16.037664: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:16.037667: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:16.037670: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:16.037674: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:16.037677: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:16.037682: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:16.037686: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:16.037689: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 18:24:16.037692: | emitting length of ISAKMP Message: 365 Aug 26 18:24:16.037710: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.037716: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.037722: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:16.037726: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:16.037731: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:16.037734: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:16.037741: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:16.037749: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:16.037754: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:16.037765: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:16.037773: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:16.037776: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.037780: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 18:24:16.037783: | 59 d8 5d cc 41 84 87 18 1d 4e 87 d9 93 8e 8c 31 Aug 26 18:24:16.037786: | 56 d2 1f 12 e1 8f 45 14 a7 37 f2 3c 6f 7e 97 ef Aug 26 18:24:16.037789: | 15 6c 57 42 93 fc d3 20 a7 45 bc cd 50 a1 38 1b Aug 26 18:24:16.037792: | 7a 52 54 a4 59 e1 55 af 3e a1 f5 54 15 ab e4 e2 Aug 26 18:24:16.037795: | ea ed 7b e5 61 38 3b 5f 95 18 27 14 b7 5a 88 fe Aug 26 18:24:16.037798: | 63 35 cd 7a b7 95 05 24 93 f8 d6 b1 ca a4 05 51 Aug 26 18:24:16.037801: | 1e 5a c3 2b f8 21 73 cf 25 30 32 8b 51 51 58 86 Aug 26 18:24:16.037804: | 5a 56 df 3e c9 49 8e ff 84 6a e7 72 51 0b c2 3e Aug 26 18:24:16.037807: | e3 1c df cd a7 05 7c 90 1a b8 18 e5 3d 2f c9 0d Aug 26 18:24:16.037810: | d3 d1 ba 77 06 ba 42 60 34 14 45 15 7a 94 d1 36 Aug 26 18:24:16.037813: | 00 4a 0b 9e 82 ab 6c ca f3 c4 b8 fb 13 c3 3b c8 Aug 26 18:24:16.037816: | 97 0e 75 bd 79 5a 58 8e 6b 44 88 ac 74 fc 76 1d Aug 26 18:24:16.037819: | 16 6e 03 37 60 83 a8 88 b9 4a 25 95 7b c5 ce d1 Aug 26 18:24:16.037822: | a8 1a e4 81 f5 50 71 8d 40 85 dc cd 01 d4 6a 41 Aug 26 18:24:16.037825: | 28 8f 79 39 62 30 0c 5d 10 09 40 65 c6 56 ba 45 Aug 26 18:24:16.037828: | b3 a7 90 e2 2a 31 05 4b 2c ad 38 c3 72 1d 9f f1 Aug 26 18:24:16.037831: | ed d4 3b bf bc 1b 1d ab e5 e1 c0 66 22 9d 30 8a Aug 26 18:24:16.037834: | b7 0a 5b 25 99 e4 df 6f 2e 8d 92 56 97 d2 ed a0 Aug 26 18:24:16.037837: | 37 10 c4 e3 f8 88 d8 59 f4 fd ce e1 66 53 0b f6 Aug 26 18:24:16.037840: | f0 ab 5e 97 bf 8c 88 1a 4d 54 d8 a8 f8 5e d9 05 Aug 26 18:24:16.037843: | c0 21 db 17 ea 39 47 f4 fd f7 8c cd da Aug 26 18:24:16.037884: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:16.037889: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd8c4002b78 Aug 26 18:24:16.037894: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:24:16.037898: | libevent_malloc: new ptr-libevent@0x55af5b436a58 size 128 Aug 26 18:24:16.037905: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29141.780355 Aug 26 18:24:16.037910: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:16.037916: | #1 spent 1.74 milliseconds in resume sending helper answer Aug 26 18:24:16.037923: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:16.037927: | libevent_free: release ptr-libevent@0x7fd8bc000f48 Aug 26 18:24:16.084949: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:16.084976: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:16.084982: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.084986: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 18:24:16.084989: | f2 14 f5 a2 b2 a8 2c b8 f6 d1 d0 c6 2f 54 0c 86 Aug 26 18:24:16.084993: | 81 25 78 f9 f4 e0 d8 25 a8 d8 ff 20 fd 29 c0 15 Aug 26 18:24:16.084996: | 67 6c e2 06 78 7a d6 4e 5a 4f ac aa 29 ef 0b 3d Aug 26 18:24:16.084999: | 94 a8 6e b9 12 43 19 70 50 25 57 5b 64 aa ef d4 Aug 26 18:24:16.085005: | 33 a4 56 53 63 ed 3a 39 04 79 20 d3 6e 35 ed ce Aug 26 18:24:16.085008: | 91 4e 02 1f 2c ce 76 cb c8 5a 01 3d ff 5d f0 8c Aug 26 18:24:16.085011: | e9 f0 64 e9 df 79 6c 61 b3 93 01 c7 1b a3 49 cf Aug 26 18:24:16.085014: | a5 35 76 3a 68 b2 68 9e 83 67 f2 63 90 49 86 3c Aug 26 18:24:16.085016: | 96 36 d9 8c fa 55 cc 8d 8d d6 a0 1a e0 03 87 fb Aug 26 18:24:16.085019: | 88 71 01 90 91 7f 21 14 4e 2c 91 72 94 c9 07 1b Aug 26 18:24:16.085021: | 79 e5 92 c9 a6 88 8e 29 06 ac f2 52 66 99 25 b4 Aug 26 18:24:16.085024: | 04 b8 3b fe 1e 7b ae 9f da 84 06 e4 8b 0b 2b 74 Aug 26 18:24:16.085026: | aa Aug 26 18:24:16.085031: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:16.085035: | **parse ISAKMP Message: Aug 26 18:24:16.085038: | initiator cookie: Aug 26 18:24:16.085041: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:16.085044: | responder cookie: Aug 26 18:24:16.085046: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:16.085050: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:16.085053: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:16.085055: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:16.085059: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:16.085061: | Message ID: 1 (0x1) Aug 26 18:24:16.085064: | length: 225 (0xe1) Aug 26 18:24:16.085068: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:16.085072: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:16.085076: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:16.085083: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:16.085087: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:16.085092: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:16.085097: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:16.085100: | #2 is idle Aug 26 18:24:16.085102: | #2 idle Aug 26 18:24:16.085105: | unpacking clear payload Aug 26 18:24:16.085108: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:16.085111: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:16.085114: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:16.085117: | flags: none (0x0) Aug 26 18:24:16.085120: | length: 197 (0xc5) Aug 26 18:24:16.085122: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 18:24:16.085125: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:16.085143: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:16.085148: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:16.085152: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:16.085154: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:16.085157: | flags: none (0x0) Aug 26 18:24:16.085160: | length: 12 (0xc) Aug 26 18:24:16.085163: | ID type: ID_FQDN (0x2) Aug 26 18:24:16.085166: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:24:16.085169: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:16.085173: | **parse IKEv2 Authentication Payload: Aug 26 18:24:16.085176: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:16.085179: | flags: none (0x0) Aug 26 18:24:16.085182: | length: 72 (0x48) Aug 26 18:24:16.085185: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:16.085188: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:24:16.085191: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:16.085195: | **parse IKEv2 Security Association Payload: Aug 26 18:24:16.085198: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:16.085201: | flags: none (0x0) Aug 26 18:24:16.085204: | length: 36 (0x24) Aug 26 18:24:16.085210: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:16.085213: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:16.085216: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:16.085218: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:16.085221: | flags: none (0x0) Aug 26 18:24:16.085223: | length: 24 (0x18) Aug 26 18:24:16.085226: | number of TS: 1 (0x1) Aug 26 18:24:16.085229: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:16.085231: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:16.085234: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:16.085237: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:16.085239: | flags: none (0x0) Aug 26 18:24:16.085241: | length: 24 (0x18) Aug 26 18:24:16.085244: | number of TS: 1 (0x1) Aug 26 18:24:16.085247: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:16.085251: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:16.085254: | Now let's proceed with state specific processing Aug 26 18:24:16.085257: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:16.085265: | offered CA: '%none' Aug 26 18:24:16.085270: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:24:16.085339: | verifying AUTH payload Aug 26 18:24:16.085350: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:24:16.085355: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 18:24:16.085359: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 18:24:16.085364: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 18:24:16.085368: | 1: compared key @east to @west / @east -> 004 Aug 26 18:24:16.085372: | 2: compared key @west to @west / @east -> 014 Aug 26 18:24:16.085375: | line 1: match=014 Aug 26 18:24:16.085379: | match 014 beats previous best_match 000 match=0x55af5b389c48 (line=1) Aug 26 18:24:16.085381: | concluding with best_match=014 best=0x55af5b389c48 (lineno=1) Aug 26 18:24:16.085453: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 18:24:16.085464: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:16.085471: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:16.085475: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:16.085481: | libevent_free: release ptr-libevent@0x55af5b432ee8 Aug 26 18:24:16.085485: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55af5b433108 Aug 26 18:24:16.085489: | event_schedule: new EVENT_SA_REKEY-pe@0x55af5b433108 Aug 26 18:24:16.085494: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:16.085498: | libevent_malloc: new ptr-libevent@0x7fd8bc000f48 size 128 Aug 26 18:24:16.085593: | pstats #1 ikev2.ike established Aug 26 18:24:16.085602: | TSi: parsing 1 traffic selectors Aug 26 18:24:16.085606: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:16.085609: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.085612: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.085615: | length: 16 (0x10) Aug 26 18:24:16.085618: | start port: 0 (0x0) Aug 26 18:24:16.085620: | end port: 65535 (0xffff) Aug 26 18:24:16.085623: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:16.085625: | TS low c0 00 01 00 Aug 26 18:24:16.085628: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:16.085630: | TS high c0 00 01 ff Aug 26 18:24:16.085632: | TSi: parsed 1 traffic selectors Aug 26 18:24:16.085635: | TSr: parsing 1 traffic selectors Aug 26 18:24:16.085638: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:16.085640: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:16.085643: | IP Protocol ID: 0 (0x0) Aug 26 18:24:16.085646: | length: 16 (0x10) Aug 26 18:24:16.085648: | start port: 0 (0x0) Aug 26 18:24:16.085651: | end port: 65535 (0xffff) Aug 26 18:24:16.085656: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:16.085659: | TS low c0 00 02 00 Aug 26 18:24:16.085662: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:16.085664: | TS high c0 00 02 ff Aug 26 18:24:16.085666: | TSr: parsed 1 traffic selectors Aug 26 18:24:16.085672: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:16.085678: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.085685: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:24:16.085688: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:16.085690: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:16.085693: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:16.085695: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.085699: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:16.085704: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:16.085707: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:16.085709: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:16.085711: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:16.085714: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:16.085716: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:16.085718: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:16.085721: | printing contents struct traffic_selector Aug 26 18:24:16.085723: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:16.085725: | ipprotoid: 0 Aug 26 18:24:16.085727: | port range: 0-65535 Aug 26 18:24:16.085730: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:24:16.085732: | printing contents struct traffic_selector Aug 26 18:24:16.085734: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:16.085736: | ipprotoid: 0 Aug 26 18:24:16.085738: | port range: 0-65535 Aug 26 18:24:16.085741: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:16.085755: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:16.085758: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:16.085762: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:16.085765: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:16.085767: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:16.085769: | local proposal 1 type DH has 1 transforms Aug 26 18:24:16.085771: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:16.085774: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:16.085776: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:16.085779: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:16.085781: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:16.085783: | local proposal 2 type DH has 1 transforms Aug 26 18:24:16.085785: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:16.085788: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:16.085790: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:16.085792: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:16.085794: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:16.085796: | local proposal 3 type DH has 1 transforms Aug 26 18:24:16.085799: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:16.085801: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:16.085806: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:16.085808: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:16.085810: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:16.085812: | local proposal 4 type DH has 1 transforms Aug 26 18:24:16.085815: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:16.085817: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:16.085820: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:16.085822: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:16.085825: | length: 32 (0x20) Aug 26 18:24:16.085827: | prop #: 1 (0x1) Aug 26 18:24:16.085829: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:16.085831: | spi size: 4 (0x4) Aug 26 18:24:16.085833: | # transforms: 2 (0x2) Aug 26 18:24:16.085836: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:16.085838: | remote SPI 94 db dd 87 Aug 26 18:24:16.085841: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:16.085844: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.085846: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:16.085848: | length: 12 (0xc) Aug 26 18:24:16.085850: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:16.085852: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:16.085855: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:16.085857: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:16.085860: | length/value: 256 (0x100) Aug 26 18:24:16.085864: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:16.085866: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:16.085868: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:16.085871: | length: 8 (0x8) Aug 26 18:24:16.085873: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:16.085876: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:16.085879: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:16.085883: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:16.085888: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:16.085890: | remote proposal 1 matches local proposal 1 Aug 26 18:24:16.085894: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:16.085898: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=94dbdd87;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:16.085901: | converting proposal to internal trans attrs Aug 26 18:24:16.085909: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:16.086169: | #1 spent 1.11 milliseconds Aug 26 18:24:16.086176: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:16.086180: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 18:24:16.086183: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:16.086186: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:16.086190: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:16.086195: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:16.086199: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:16.086203: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:16.086206: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:16.086210: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:16.086233: | setting IPsec SA replay-window to 32 Aug 26 18:24:16.086237: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:24:16.086243: | netlink: enabling tunnel mode Aug 26 18:24:16.086247: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:16.086251: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:16.086362: | netlink response for Add SA esp.94dbdd87@192.1.2.23 included non-error error Aug 26 18:24:16.086371: | set up outgoing SA, ref=0/0 Aug 26 18:24:16.086375: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:16.086379: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:16.086381: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:16.086384: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:16.086388: | setting IPsec SA replay-window to 32 Aug 26 18:24:16.086392: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:24:16.086395: | netlink: enabling tunnel mode Aug 26 18:24:16.086398: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:16.086401: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:16.086437: | netlink response for Add SA esp.12b3085d@192.1.2.45 included non-error error Aug 26 18:24:16.086443: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:16.086451: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:16.086455: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:16.086479: | raw_eroute result=success Aug 26 18:24:16.086483: | set up incoming SA, ref=0/0 Aug 26 18:24:16.086486: | sr for #2: unrouted Aug 26 18:24:16.086490: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:16.086492: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:16.086496: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:16.086499: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:16.086503: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:16.086507: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:16.086512: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:16.086519: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:16.086523: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:16.086535: | raw_eroute result=success Aug 26 18:24:16.086540: | running updown command "ipsec _updown" for verb up Aug 26 18:24:16.086543: | command executing up-client Aug 26 18:24:16.086573: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 18:24:16.086577: | popen cmd is 1049 chars long Aug 26 18:24:16.086581: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 18:24:16.086584: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 18:24:16.086589: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 18:24:16.086593: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 18:24:16.086596: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 18:24:16.086598: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 18:24:16.086601: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:16.086604: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 18:24:16.086607: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 18:24:16.086610: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 18:24:16.086613: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 18:24:16.086616: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 18:24:16.086619: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x94dbdd87 SPI_OUT=0x12b3085d ipsec _up: Aug 26 18:24:16.086622: | cmd(1040):down 2>&1: Aug 26 18:24:16.098074: | route_and_eroute: firewall_notified: true Aug 26 18:24:16.098097: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:16.098101: | command executing prepare-client Aug 26 18:24:16.098134: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 18:24:16.098139: | popen cmd is 1054 chars long Aug 26 18:24:16.098143: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:16.098146: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 18:24:16.098149: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:24:16.098152: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:24:16.098154: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 18:24:16.098157: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 18:24:16.098160: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 18:24:16.098163: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 18:24:16.098166: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 18:24:16.098168: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 18:24:16.098171: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 18:24:16.098174: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 18:24:16.098180: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x94dbdd87 SPI_OUT=0x12b3085d ipse: Aug 26 18:24:16.098182: | cmd(1040):c _updown 2>&1: Aug 26 18:24:16.110532: | running updown command "ipsec _updown" for verb route Aug 26 18:24:16.110557: | command executing route-client Aug 26 18:24:16.110594: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Aug 26 18:24:16.110600: | popen cmd is 1052 chars long Aug 26 18:24:16.110604: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:24:16.110608: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 18:24:16.110611: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 18:24:16.110613: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 18:24:16.110616: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Aug 26 18:24:16.110619: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:24:16.110621: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:24:16.110624: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:24:16.110627: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 18:24:16.110629: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:24:16.110632: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:24:16.110634: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:24:16.110637: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x94dbdd87 SPI_OUT=0x12b3085d ipsec : Aug 26 18:24:16.110639: | cmd(1040):_updown 2>&1: Aug 26 18:24:16.131906: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55af5b42ed78,sr=0x55af5b42ed78} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:16.133881: | #1 spent 2.45 milliseconds in install_ipsec_sa() Aug 26 18:24:16.133903: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:16.133908: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:16.133913: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:16.133926: | libevent_free: release ptr-libevent@0x55af5b436a58 Aug 26 18:24:16.134200: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd8c4002b78 Aug 26 18:24:16.134209: | #2 spent 3.33 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:16.134217: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:16.134220: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:16.134227: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:16.134232: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:16.134234: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:16.134240: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:16.134245: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:16.134248: | pstats #2 ikev2.child established Aug 26 18:24:16.134258: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:16.134269: | NAT-T: encaps is 'auto' Aug 26 18:24:16.134274: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x94dbdd87 <0x12b3085d xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:16.134279: | releasing whack for #2 (sock=fd@25) Aug 26 18:24:16.134283: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:24:16.134286: | releasing whack and unpending for parent #1 Aug 26 18:24:16.134293: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:16.134302: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:16.134306: | removing pending policy for no connection {0x55af5b4164b8} Aug 26 18:24:16.134314: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:24:16.134320: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:16.134323: | event_schedule: new EVENT_SA_REKEY-pe@0x7fd8c4002b78 Aug 26 18:24:16.134327: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:16.134330: | libevent_malloc: new ptr-libevent@0x55af5b4351b8 size 128 Aug 26 18:24:16.134337: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:16.134343: | #1 spent 3.77 milliseconds in ikev2_process_packet() Aug 26 18:24:16.134351: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:16.134357: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:16.134360: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:16.134364: | spent 3.79 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:16.134380: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.134386: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.134390: | spent 0.00554 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:16.134393: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.134397: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.134401: | spent 0.00371 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:16.134403: | processing signal PLUTO_SIGCHLD Aug 26 18:24:16.134407: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:16.134410: | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:17.290509: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:17.290527: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:17.290530: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:17.290537: | get_sa_info esp.12b3085d@192.1.2.45 Aug 26 18:24:17.290855: | get_sa_info esp.94dbdd87@192.1.2.23 Aug 26 18:24:17.290881: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:17.290889: | spent 0.387 milliseconds in whack Aug 26 18:24:18.310721: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:18.310936: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:18.310947: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:18.311013: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:18.311018: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:18.311032: | get_sa_info esp.12b3085d@192.1.2.45 Aug 26 18:24:18.311433: | get_sa_info esp.94dbdd87@192.1.2.23 Aug 26 18:24:18.311463: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:18.311472: | spent 0.731 milliseconds in whack Aug 26 18:24:18.813417: | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:18.813443: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:18.813449: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813452: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:18.813454: | ef ee 28 79 39 df ab d9 8c 62 5c bc e4 a3 9c 3b Aug 26 18:24:18.813457: | ec 08 23 06 62 ad 42 90 b6 98 72 75 46 37 19 ec Aug 26 18:24:18.813459: | 4e df fa 29 18 Aug 26 18:24:18.813464: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:18.813468: | **parse ISAKMP Message: Aug 26 18:24:18.813471: | initiator cookie: Aug 26 18:24:18.813474: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.813476: | responder cookie: Aug 26 18:24:18.813479: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813482: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:18.813485: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.813487: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.813492: | flags: none (0x0) Aug 26 18:24:18.813495: | Message ID: 0 (0x0) Aug 26 18:24:18.813498: | length: 69 (0x45) Aug 26 18:24:18.813501: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:18.813505: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:18.813510: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:18.813517: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:18.813521: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:18.813526: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:18.813529: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:18.813535: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:18.813538: | unpacking clear payload Aug 26 18:24:18.813542: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:18.813545: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:18.813548: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:18.813550: | flags: none (0x0) Aug 26 18:24:18.813553: | length: 41 (0x29) Aug 26 18:24:18.813556: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:18.813560: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:18.813563: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:18.813590: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:18.813594: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:18.813597: | **parse IKEv2 Delete Payload: Aug 26 18:24:18.813600: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.813602: | flags: none (0x0) Aug 26 18:24:18.813605: | length: 12 (0xc) Aug 26 18:24:18.813608: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:18.813610: | SPI size: 4 (0x4) Aug 26 18:24:18.813613: | number of SPIs: 1 (0x1) Aug 26 18:24:18.813616: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:18.813618: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:18.813624: | Now let's proceed with state specific processing Aug 26 18:24:18.813627: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:18.813631: | an informational request should send a response Aug 26 18:24:18.813656: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:18.813660: | **emit ISAKMP Message: Aug 26 18:24:18.813663: | initiator cookie: Aug 26 18:24:18.813665: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.813668: | responder cookie: Aug 26 18:24:18.813670: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813673: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:18.813675: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.813678: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.813681: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:18.813683: | Message ID: 0 (0x0) Aug 26 18:24:18.813686: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:18.813689: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:18.813691: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.813694: | flags: none (0x0) Aug 26 18:24:18.813697: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:18.813699: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:18.813702: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:18.813713: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:18.813716: | SPI 94 db dd 87 Aug 26 18:24:18.813718: | delete PROTO_v2_ESP SA(0x94dbdd87) Aug 26 18:24:18.813722: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:18.813724: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:18.813727: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x94dbdd87) Aug 26 18:24:18.813731: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:24:18.813734: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:18.813738: | libevent_free: release ptr-libevent@0x55af5b4351b8 Aug 26 18:24:18.813741: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fd8c4002b78 Aug 26 18:24:18.813745: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fd8c4002b78 Aug 26 18:24:18.813748: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:24:18.813752: | libevent_malloc: new ptr-libevent@0x55af5b436a58 size 128 Aug 26 18:24:18.813755: | ****emit IKEv2 Delete Payload: Aug 26 18:24:18.813758: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.813760: | flags: none (0x0) Aug 26 18:24:18.813763: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:18.813765: | SPI size: 4 (0x4) Aug 26 18:24:18.813767: | number of SPIs: 1 (0x1) Aug 26 18:24:18.813770: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:18.813773: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:18.813776: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:18.813779: | local SPIs 12 b3 08 5d Aug 26 18:24:18.813781: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:18.813784: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:18.813787: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:18.813790: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:18.813793: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:18.813795: | emitting length of ISAKMP Message: 69 Aug 26 18:24:18.813812: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:18.813823: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.813825: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:18.813828: | ed 34 4c 2f 29 0c 60 24 8e 46 d9 cc d9 ca d9 87 Aug 26 18:24:18.813830: | 74 59 9f 28 11 f7 00 ff fe 4a 81 01 84 d3 fa ee Aug 26 18:24:18.813832: | fe ca be 29 d2 Aug 26 18:24:18.813859: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:18.813866: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:18.813872: | #1 spent 0.229 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:18.813878: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:18.813882: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:18.813885: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:18.813889: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:18.813893: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:18.813896: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:18.813900: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:18.813905: | #1 spent 0.463 milliseconds in ikev2_process_packet() Aug 26 18:24:18.813909: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:18.813913: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:18.813916: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:18.813920: | spent 0.478 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:18.813927: | timer_event_cb: processing event@0x7fd8c4002b78 Aug 26 18:24:18.813930: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:24:18.813935: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:18.813939: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:18.813942: | replacing stale CHILD SA Aug 26 18:24:18.813946: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:18.813948: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:18.813952: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:18.813956: | creating state object #3 at 0x55af5b43b248 Aug 26 18:24:18.813959: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:18.813968: | pstats #3 ikev2.child started Aug 26 18:24:18.813971: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 18:24:18.813975: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:18.813985: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:18.813990: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:18.813995: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:18.813998: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:18.814004: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:18.814008: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 18:24:18.814013: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:18.814020: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:18.814023: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:18.814028: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:18.814031: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:18.814036: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:18.814040: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:18.814044: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:18.814053: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:18.814059: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:24:18.814063: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55af5b433278 Aug 26 18:24:18.814067: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:24:18.814071: | libevent_malloc: new ptr-libevent@0x55af5b4351b8 size 128 Aug 26 18:24:18.814076: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:18.814080: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55af5b435b68 Aug 26 18:24:18.814084: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:24:18.814088: | libevent_malloc: new ptr-libevent@0x55af5b432e38 size 128 Aug 26 18:24:18.814092: | libevent_free: release ptr-libevent@0x55af5b436a58 Aug 26 18:24:18.814095: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fd8c4002b78 Aug 26 18:24:18.814100: | #2 spent 0.172 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:18.814104: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:18.814109: | timer_event_cb: processing event@0x55af5b433278 Aug 26 18:24:18.814112: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:24:18.814116: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:18.814123: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:24:18.814127: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fd8c4002b78 Aug 26 18:24:18.814130: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:18.814133: | libevent_malloc: new ptr-libevent@0x55af5b436a58 size 128 Aug 26 18:24:18.814142: | libevent_free: release ptr-libevent@0x55af5b4351b8 Aug 26 18:24:18.814145: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55af5b433278 Aug 26 18:24:18.814150: | crypto helper 4 resuming Aug 26 18:24:18.814150: | #3 spent 0.0403 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:18.814181: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:18.814187: | timer_event_cb: processing event@0x55af5b435b68 Aug 26 18:24:18.814191: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:24:18.814200: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:18.814205: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:18.814208: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:18.814211: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:24:18.814214: | pstats #2 ikev2.child deleted completed Aug 26 18:24:18.814218: | #2 spent 3.51 milliseconds in total Aug 26 18:24:18.814223: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:18.814227: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 2.778s and NOT sending notification Aug 26 18:24:18.814231: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:18.814236: | get_sa_info esp.94dbdd87@192.1.2.23 Aug 26 18:24:18.814251: | get_sa_info esp.12b3085d@192.1.2.45 Aug 26 18:24:18.814259: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:18.814263: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:18.814171: | crypto helper 4 starting work-order 3 for state #3 Aug 26 18:24:18.814334: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:24:18.815035: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000701 seconds Aug 26 18:24:18.815045: | (#3) spent 0.712 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:18.815048: | crypto helper 4 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:18.815050: | scheduling resume sending helper answer for #3 Aug 26 18:24:18.815053: | libevent_malloc: new ptr-libevent@0x7fd8c0002888 size 128 Aug 26 18:24:18.815057: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:18.815065: | running updown command "ipsec _updown" for verb down Aug 26 18:24:18.815068: | command executing down-client Aug 26 18:24:18.815086: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843856' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:24:18.815089: | popen cmd is 1060 chars long Aug 26 18:24:18.815091: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 18:24:18.815093: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 18:24:18.815095: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 18:24:18.815096: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 18:24:18.815098: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Aug 26 18:24:18.815100: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:24:18.815102: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:18.815108: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843856' PLUTO_CO: Aug 26 18:24:18.815110: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 18:24:18.815111: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 18:24:18.815113: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 18:24:18.815115: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 18:24:18.815117: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x94dbdd87 SPI_OUT=0x12b3085: Aug 26 18:24:18.815118: | cmd(1040):d ipsec _updown 2>&1: Aug 26 18:24:18.828732: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:18.828751: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:18.828756: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.828762: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:18.828808: | delete esp.94dbdd87@192.1.2.23 Aug 26 18:24:18.828828: | netlink response for Del SA esp.94dbdd87@192.1.2.23 included non-error error Aug 26 18:24:18.828833: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.828840: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:18.828861: | raw_eroute result=success Aug 26 18:24:18.828866: | delete esp.12b3085d@192.1.2.45 Aug 26 18:24:18.828876: | netlink response for Del SA esp.12b3085d@192.1.2.45 included non-error error Aug 26 18:24:18.828889: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:18.828894: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:24:18.828898: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:18.828908: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:18.828924: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:18.828927: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:24:18.828935: | libevent_free: release ptr-libevent@0x55af5b432e38 Aug 26 18:24:18.828939: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55af5b435b68 Aug 26 18:24:18.828942: | in statetime_stop() and could not find #2 Aug 26 18:24:18.828945: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:18.828971: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:18.828991: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:18.828996: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.828999: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:24:18.829002: | 8a 25 2c aa 97 ca b8 50 8a 3b 90 a9 e9 61 f5 59 Aug 26 18:24:18.829004: | 79 d1 93 43 a0 42 2c 59 ff a3 ca 97 a5 a1 44 f9 Aug 26 18:24:18.829007: | 01 Aug 26 18:24:18.829013: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:18.829018: | **parse ISAKMP Message: Aug 26 18:24:18.829021: | initiator cookie: Aug 26 18:24:18.829024: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.829026: | responder cookie: Aug 26 18:24:18.829029: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.829033: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:18.829036: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.829039: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.829043: | flags: none (0x0) Aug 26 18:24:18.829046: | Message ID: 1 (0x1) Aug 26 18:24:18.829049: | length: 65 (0x41) Aug 26 18:24:18.829052: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:18.829056: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:18.829063: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:18.829071: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:18.829075: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:18.829080: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:18.829084: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:18.829089: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 18:24:18.829091: | unpacking clear payload Aug 26 18:24:18.829094: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:18.829098: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:18.829101: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:18.829104: | flags: none (0x0) Aug 26 18:24:18.829107: | length: 37 (0x25) Aug 26 18:24:18.829111: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:24:18.829116: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:18.829120: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:18.829147: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:18.829150: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:18.829152: | **parse IKEv2 Delete Payload: Aug 26 18:24:18.829154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.829155: | flags: none (0x0) Aug 26 18:24:18.829157: | length: 8 (0x8) Aug 26 18:24:18.829159: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:18.829160: | SPI size: 0 (0x0) Aug 26 18:24:18.829162: | number of SPIs: 0 (0x0) Aug 26 18:24:18.829164: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:24:18.829165: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:18.829167: | Now let's proceed with state specific processing Aug 26 18:24:18.829169: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:18.829171: | an informational request should send a response Aug 26 18:24:18.829192: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:18.829195: | **emit ISAKMP Message: Aug 26 18:24:18.829197: | initiator cookie: Aug 26 18:24:18.829199: | 5f 07 16 2b f7 b1 ca 64 Aug 26 18:24:18.829200: | responder cookie: Aug 26 18:24:18.829202: | 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.829204: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:18.829205: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.829207: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:18.829209: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:18.829211: | Message ID: 1 (0x1) Aug 26 18:24:18.829213: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:18.829216: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:18.829218: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.829220: | flags: none (0x0) Aug 26 18:24:18.829223: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:18.829227: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:18.829230: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:18.829247: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:18.829251: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:18.829255: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:18.829258: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:24:18.829263: | emitting length of ISAKMP Message: 57 Aug 26 18:24:18.829279: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:18.829284: | 5f 07 16 2b f7 b1 ca 64 75 c6 1a b0 05 57 aa bb Aug 26 18:24:18.829286: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:24:18.829316: | a5 e1 32 f2 7e cb c3 2b 5b e2 ee 9e 8c 54 47 c7 Aug 26 18:24:18.829320: | 21 e0 e6 0f af 6b ba 21 da Aug 26 18:24:18.829355: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:18.829360: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:18.829363: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:18.829365: | pstats #3 ikev2.child deleted other Aug 26 18:24:18.829368: | #3 spent 0.0403 milliseconds in total Aug 26 18:24:18.829371: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:18.829374: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:18.829377: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.015s and NOT sending notification Aug 26 18:24:18.829379: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:24:18.829381: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:18.829384: | libevent_free: release ptr-libevent@0x55af5b436a58 Aug 26 18:24:18.829388: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fd8c4002b78 Aug 26 18:24:18.829391: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:18.829395: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:18.829405: | raw_eroute result=success Aug 26 18:24:18.829408: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:18.829410: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:24:18.829415: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:18.829418: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:18.829421: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:18.829424: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:24:18.829426: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:24:18.829428: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:18.829432: | #1 spent 11 milliseconds in total Aug 26 18:24:18.829435: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:18.829437: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 2.804s and NOT sending notification Aug 26 18:24:18.829439: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:24:18.829500: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:18.829507: | libevent_free: release ptr-libevent@0x7fd8bc000f48 Aug 26 18:24:18.829512: | free_event_entry: release EVENT_SA_REKEY-pe@0x55af5b433108 Aug 26 18:24:18.829516: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:18.829519: | picked newest_isakmp_sa #0 for #1 Aug 26 18:24:18.829522: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:18.829525: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 18:24:18.829549: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:24:18.829554: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:18.829557: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:24:18.829560: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:18.829596: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:18.829623: | in statetime_stop() and could not find #1 Aug 26 18:24:18.829628: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:18.829632: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:24:18.829635: | STF_OK but no state object remains Aug 26 18:24:18.829638: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:18.829641: | in statetime_stop() and could not find #1 Aug 26 18:24:18.829646: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:18.829649: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:18.829653: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:18.829658: | spent 0.624 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:18.829668: | processing resume sending helper answer for #3 Aug 26 18:24:18.829673: | crypto helper 4 replies to request ID 3 Aug 26 18:24:18.829676: | calling continuation function 0x55af5a1e8b50 Aug 26 18:24:18.829679: | work-order 3 state #3 crypto result suppressed Aug 26 18:24:18.829702: | (#3) spent 0.0278 milliseconds in resume sending helper answer Aug 26 18:24:18.829706: | libevent_free: release ptr-libevent@0x7fd8c0002888 Aug 26 18:24:18.829710: | processing signal PLUTO_SIGCHLD Aug 26 18:24:18.829717: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:18.829721: | spent 0.0064 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:18.829752: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:24:18.829788: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 18:24:18.829793: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:18.829798: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:18.829801: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 18:24:18.829804: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:18.829807: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:18.829812: | creating state object #4 at 0x55af5b435d88 Aug 26 18:24:18.829815: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:24:18.829822: | pstats #4 ikev2.ike started Aug 26 18:24:18.829826: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:18.829829: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:18.829835: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:18.829842: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:18.829847: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:18.829851: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:18.829856: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:24:18.829860: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 18:24:18.829878: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:18.829886: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:24:18.829891: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fd8bc001f18 Aug 26 18:24:18.829895: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:24:18.829899: | libevent_malloc: new ptr-libevent@0x55af5b432e38 size 128 Aug 26 18:24:18.829947: | crypto helper 6 resuming Aug 26 18:24:18.829947: | #4 spent 0.117 milliseconds in ikev2_parent_outI1() Aug 26 18:24:18.829965: | crypto helper 6 starting work-order 4 for state #4 Aug 26 18:24:18.829969: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:18.829969: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:24:18.829975: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:18.829979: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:18.829985: | spent 0.16 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:24:18.830853: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000882 seconds Aug 26 18:24:18.830868: | (#4) spent 0.859 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:24:18.830872: | crypto helper 6 sending results from work-order 4 for state #4 to event queue Aug 26 18:24:18.830876: | scheduling resume sending helper answer for #4 Aug 26 18:24:18.830880: | libevent_malloc: new ptr-libevent@0x7fd8b4002888 size 128 Aug 26 18:24:18.830889: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:18.830896: | processing resume sending helper answer for #4 Aug 26 18:24:18.830907: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:18.830913: | crypto helper 6 replies to request ID 4 Aug 26 18:24:18.830916: | calling continuation function 0x55af5a1e8b50 Aug 26 18:24:18.830920: | ikev2_parent_outI1_continue for #4 Aug 26 18:24:18.830925: | **emit ISAKMP Message: Aug 26 18:24:18.830929: | initiator cookie: Aug 26 18:24:18.830931: | c4 1e 50 d1 c7 e1 a3 71 Aug 26 18:24:18.830934: | responder cookie: Aug 26 18:24:18.830936: | 00 00 00 00 00 00 00 00 Aug 26 18:24:18.830939: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:18.830942: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:18.830945: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:18.830949: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:18.830951: | Message ID: 0 (0x0) Aug 26 18:24:18.830955: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:18.830969: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:18.830975: | Emitting ikev2_proposals ... Aug 26 18:24:18.830979: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:18.830982: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.830985: | flags: none (0x0) Aug 26 18:24:18.830988: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:18.830992: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.830995: | discarding INTEG=NONE Aug 26 18:24:18.830998: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:18.831001: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831003: | prop #: 1 (0x1) Aug 26 18:24:18.831006: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:18.831008: | spi size: 0 (0x0) Aug 26 18:24:18.831011: | # transforms: 11 (0xb) Aug 26 18:24:18.831014: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:18.831017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831022: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:18.831025: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:18.831028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831031: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:18.831034: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:18.831104: | length/value: 256 (0x100) Aug 26 18:24:18.831109: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:18.831112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831117: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831120: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:18.831123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831126: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831130: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831133: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831139: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831141: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:18.831144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831148: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831151: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831153: | discarding INTEG=NONE Aug 26 18:24:18.831156: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831161: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831164: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:18.831167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831175: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831177: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831182: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831185: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:18.831188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831194: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831197: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831205: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:18.831208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831217: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831224: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:18.831227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831236: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831243: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:18.831246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831252: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831255: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831260: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831262: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:18.831266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831269: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831271: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831274: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831276: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831279: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831282: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:18.831285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831314: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831317: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831320: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:18.831323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831325: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:18.831328: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831334: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831337: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:18.831340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:18.831343: | discarding INTEG=NONE Aug 26 18:24:18.831345: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:18.831348: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831351: | prop #: 2 (0x2) Aug 26 18:24:18.831354: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:18.831356: | spi size: 0 (0x0) Aug 26 18:24:18.831359: | # transforms: 11 (0xb) Aug 26 18:24:18.831362: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831365: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:18.831368: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831374: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:18.831377: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:18.831380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831383: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:18.831385: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:18.831388: | length/value: 128 (0x80) Aug 26 18:24:18.831391: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:18.831394: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831399: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831402: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:18.831405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831411: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831414: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831419: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831422: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:18.831425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831431: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831435: | discarding INTEG=NONE Aug 26 18:24:18.831438: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831443: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831446: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:18.831449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831452: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831457: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831465: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:18.831468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831474: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831477: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831485: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:18.831488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831495: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831497: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831505: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:18.831508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831514: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831522: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831524: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:18.831527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831536: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831544: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:18.831547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831555: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831557: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831565: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:18.831568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831574: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831577: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831579: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:18.831582: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831585: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:18.831588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831594: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831597: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:18.831600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:18.831603: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:18.831606: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831608: | prop #: 3 (0x3) Aug 26 18:24:18.831611: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:18.831614: | spi size: 0 (0x0) Aug 26 18:24:18.831616: | # transforms: 13 (0xd) Aug 26 18:24:18.831620: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831623: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:18.831626: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831631: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:18.831634: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:18.831637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831640: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:18.831643: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:18.831645: | length/value: 256 (0x100) Aug 26 18:24:18.831648: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:18.831651: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831654: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831656: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831659: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:18.831662: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831665: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831668: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831671: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831678: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831680: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:18.831684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831687: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831690: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831692: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831697: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:18.831700: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:18.831703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831706: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831709: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831717: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:18.831719: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:18.831722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831731: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831739: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:18.831742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831751: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831759: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:18.831762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831768: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831770: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831778: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:18.831781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831788: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831791: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831794: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831799: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:18.831803: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831819: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:18.831822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831828: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831831: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831838: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:18.831842: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831847: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831850: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:18.831861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831864: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831867: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831869: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831872: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:18.831875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.831877: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:18.831881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831889: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:18.831892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:18.831895: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:18.831898: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:18.831901: | prop #: 4 (0x4) Aug 26 18:24:18.831905: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:18.831908: | spi size: 0 (0x0) Aug 26 18:24:18.831911: | # transforms: 13 (0xd) Aug 26 18:24:18.831914: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:18.831917: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:18.831920: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831923: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831926: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:18.831929: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:18.831932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831934: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:18.831937: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:18.831940: | length/value: 128 (0x80) Aug 26 18:24:18.831943: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:18.831945: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831951: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831953: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:18.831957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831960: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831963: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831965: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831971: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:18.831973: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:18.831977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.831982: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.831985: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.831988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831990: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:18.831993: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:18.831996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.831999: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832002: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832005: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832010: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:18.832012: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:18.832015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832021: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832033: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:18.832036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832045: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832052: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:18.832055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832062: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832065: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832070: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832073: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:18.832076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832083: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832085: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832091: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832093: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:18.832096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832102: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832105: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832113: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:18.832116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832122: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832124: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832133: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:18.832137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832146: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832154: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:18.832157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832163: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832166: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:18.832168: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:18.832171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:18.832173: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:18.832177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:18.832180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:18.832182: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:18.832185: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:18.832188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:18.832191: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:18.832194: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:18.832197: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:18.832200: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.832202: | flags: none (0x0) Aug 26 18:24:18.832205: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:18.832208: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:18.832212: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.832215: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:18.832219: | ikev2 g^x b7 17 e7 b2 e9 10 2f ca fa e7 16 23 35 bf 45 ae Aug 26 18:24:18.832221: | ikev2 g^x 90 e3 3b a7 ae be f4 b3 ab 41 50 eb 2c a9 64 e6 Aug 26 18:24:18.832224: | ikev2 g^x 44 1c b4 8c b2 f3 d0 a1 40 45 4f d5 f0 80 86 22 Aug 26 18:24:18.832226: | ikev2 g^x d4 61 1b cc 32 99 51 84 31 c7 5d c8 7c b3 b5 a6 Aug 26 18:24:18.832229: | ikev2 g^x c5 53 26 87 78 65 7c e3 48 b1 18 b5 83 1c a2 7e Aug 26 18:24:18.832231: | ikev2 g^x 1c a2 e9 4a 96 df 7a 75 39 c9 ab 29 ad 21 a0 58 Aug 26 18:24:18.832234: | ikev2 g^x cc 62 e9 66 df 7e 3b b8 d9 7b cb 1f a5 2e 8f 12 Aug 26 18:24:18.832236: | ikev2 g^x 80 b1 44 68 b0 26 27 41 72 f2 13 a7 da 99 5b a8 Aug 26 18:24:18.832239: | ikev2 g^x 55 18 c8 f5 e4 7f 30 47 92 7c e8 59 59 a0 8d 98 Aug 26 18:24:18.832241: | ikev2 g^x 08 c9 70 03 81 b2 6b 80 90 12 16 f8 aa d3 37 24 Aug 26 18:24:18.832244: | ikev2 g^x f2 9f 2c 5f c3 74 a1 eb c5 fd 07 73 b7 6b 22 1d Aug 26 18:24:18.832246: | ikev2 g^x 1d 5b 53 0c ce c3 57 72 3f 60 aa 44 80 74 c8 6a Aug 26 18:24:18.832249: | ikev2 g^x 05 82 d7 36 39 05 ea ea ee c1 b7 02 c8 72 ab 38 Aug 26 18:24:18.832252: | ikev2 g^x ce 73 54 2e 32 16 83 10 f1 c8 3d d7 4b f4 63 87 Aug 26 18:24:18.832254: | ikev2 g^x 36 24 25 f9 f8 5d 77 87 a5 ca 14 21 01 b6 f0 fc Aug 26 18:24:18.832257: | ikev2 g^x 97 2d 51 3d f2 c3 25 49 79 8f e3 69 2b 49 42 f0 Aug 26 18:24:18.832265: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:18.832268: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:18.832271: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:18.832273: | flags: none (0x0) Aug 26 18:24:18.832277: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:18.832280: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:18.832283: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.832286: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:18.832295: | IKEv2 nonce 2e 93 d3 a5 bf 3d b4 3e 71 4e 37 17 84 68 9d 16 Aug 26 18:24:18.832298: | IKEv2 nonce d7 f7 97 ab c5 1e c5 5b 9b ef 1d 8d f8 f0 e5 18 Aug 26 18:24:18.832301: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:18.832304: | Adding a v2N Payload Aug 26 18:24:18.832307: | ***emit IKEv2 Notify Payload: Aug 26 18:24:18.832309: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.832312: | flags: none (0x0) Aug 26 18:24:18.832315: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:18.832318: | SPI size: 0 (0x0) Aug 26 18:24:18.832321: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:18.832324: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:18.832327: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.832330: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:18.832334: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:18.832337: | natd_hash: rcookie is zero Aug 26 18:24:18.832351: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:18.832354: | natd_hash: icookie= c4 1e 50 d1 c7 e1 a3 71 Aug 26 18:24:18.832357: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:18.832360: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:18.832362: | natd_hash: port=500 Aug 26 18:24:18.832365: | natd_hash: hash= 14 59 dc e6 66 f7 e2 cf ea 5d 04 1f 06 f6 d0 12 Aug 26 18:24:18.832368: | natd_hash: hash= 35 0f e0 89 Aug 26 18:24:18.832371: | Adding a v2N Payload Aug 26 18:24:18.832373: | ***emit IKEv2 Notify Payload: Aug 26 18:24:18.832377: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.832379: | flags: none (0x0) Aug 26 18:24:18.832382: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:18.832385: | SPI size: 0 (0x0) Aug 26 18:24:18.832388: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:18.832391: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:18.832394: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.832397: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:18.832399: | Notify data 14 59 dc e6 66 f7 e2 cf ea 5d 04 1f 06 f6 d0 12 Aug 26 18:24:18.832402: | Notify data 35 0f e0 89 Aug 26 18:24:18.832405: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:18.832407: | natd_hash: rcookie is zero Aug 26 18:24:18.832415: | natd_hash: hasher=0x55af5a2bd800(20) Aug 26 18:24:18.832418: | natd_hash: icookie= c4 1e 50 d1 c7 e1 a3 71 Aug 26 18:24:18.832421: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:18.832423: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:18.832426: | natd_hash: port=500 Aug 26 18:24:18.832428: | natd_hash: hash= 2d b5 6a fd 51 ac 58 a5 16 06 c0 e1 e8 05 23 f0 Aug 26 18:24:18.832431: | natd_hash: hash= 6b e5 42 c2 Aug 26 18:24:18.832433: | Adding a v2N Payload Aug 26 18:24:18.832436: | ***emit IKEv2 Notify Payload: Aug 26 18:24:18.832439: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:18.832443: | flags: none (0x0) Aug 26 18:24:18.832446: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:18.832448: | SPI size: 0 (0x0) Aug 26 18:24:18.832451: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:18.832455: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:18.832458: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:18.832461: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:18.832464: | Notify data 2d b5 6a fd 51 ac 58 a5 16 06 c0 e1 e8 05 23 f0 Aug 26 18:24:18.832466: | Notify data 6b e5 42 c2 Aug 26 18:24:18.832469: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:18.832472: | emitting length of ISAKMP Message: 828 Aug 26 18:24:18.832480: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:18.832488: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:18.832492: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:18.832495: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:18.832499: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:18.832502: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:24:18.832505: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:24:18.832510: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:18.832514: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:18.832519: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:18.832526: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:24:18.832529: | c4 1e 50 d1 c7 e1 a3 71 00 00 00 00 00 00 00 00 Aug 26 18:24:18.832532: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:18.832534: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:18.832537: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:18.832539: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:18.832542: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:18.832544: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:18.832547: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:18.832549: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:18.832552: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:18.832554: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:18.832557: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:18.832560: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:18.832562: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:18.832565: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:18.832567: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:18.832570: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:18.832572: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:18.832575: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:18.832577: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:18.832580: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:18.832582: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:18.832585: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:18.832587: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:18.832591: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:18.832594: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:18.832597: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:18.832599: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:18.832602: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:18.832604: | 28 00 01 08 00 0e 00 00 b7 17 e7 b2 e9 10 2f ca Aug 26 18:24:18.832607: | fa e7 16 23 35 bf 45 ae 90 e3 3b a7 ae be f4 b3 Aug 26 18:24:18.832610: | ab 41 50 eb 2c a9 64 e6 44 1c b4 8c b2 f3 d0 a1 Aug 26 18:24:18.832612: | 40 45 4f d5 f0 80 86 22 d4 61 1b cc 32 99 51 84 Aug 26 18:24:18.832615: | 31 c7 5d c8 7c b3 b5 a6 c5 53 26 87 78 65 7c e3 Aug 26 18:24:18.832617: | 48 b1 18 b5 83 1c a2 7e 1c a2 e9 4a 96 df 7a 75 Aug 26 18:24:18.832620: | 39 c9 ab 29 ad 21 a0 58 cc 62 e9 66 df 7e 3b b8 Aug 26 18:24:18.832622: | d9 7b cb 1f a5 2e 8f 12 80 b1 44 68 b0 26 27 41 Aug 26 18:24:18.832625: | 72 f2 13 a7 da 99 5b a8 55 18 c8 f5 e4 7f 30 47 Aug 26 18:24:18.832627: | 92 7c e8 59 59 a0 8d 98 08 c9 70 03 81 b2 6b 80 Aug 26 18:24:18.832630: | 90 12 16 f8 aa d3 37 24 f2 9f 2c 5f c3 74 a1 eb Aug 26 18:24:18.832632: | c5 fd 07 73 b7 6b 22 1d 1d 5b 53 0c ce c3 57 72 Aug 26 18:24:18.832635: | 3f 60 aa 44 80 74 c8 6a 05 82 d7 36 39 05 ea ea Aug 26 18:24:18.832637: | ee c1 b7 02 c8 72 ab 38 ce 73 54 2e 32 16 83 10 Aug 26 18:24:18.832640: | f1 c8 3d d7 4b f4 63 87 36 24 25 f9 f8 5d 77 87 Aug 26 18:24:18.832642: | a5 ca 14 21 01 b6 f0 fc 97 2d 51 3d f2 c3 25 49 Aug 26 18:24:18.832645: | 79 8f e3 69 2b 49 42 f0 29 00 00 24 2e 93 d3 a5 Aug 26 18:24:18.832647: | bf 3d b4 3e 71 4e 37 17 84 68 9d 16 d7 f7 97 ab Aug 26 18:24:18.832650: | c5 1e c5 5b 9b ef 1d 8d f8 f0 e5 18 29 00 00 08 Aug 26 18:24:18.832652: | 00 00 40 2e 29 00 00 1c 00 00 40 04 14 59 dc e6 Aug 26 18:24:18.832655: | 66 f7 e2 cf ea 5d 04 1f 06 f6 d0 12 35 0f e0 89 Aug 26 18:24:18.832657: | 00 00 00 1c 00 00 40 05 2d b5 6a fd 51 ac 58 a5 Aug 26 18:24:18.832660: | 16 06 c0 e1 e8 05 23 f0 6b e5 42 c2 Aug 26 18:24:18.832700: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:18.832705: | libevent_free: release ptr-libevent@0x55af5b432e38 Aug 26 18:24:18.832709: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fd8bc001f18 Aug 26 18:24:18.832712: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:18.832716: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd8bc001f18 Aug 26 18:24:18.832720: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:24:18.832724: | libevent_malloc: new ptr-libevent@0x55af5b436a58 size 128 Aug 26 18:24:18.832730: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29144.575182 Aug 26 18:24:18.832735: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:18.832742: | #4 spent 1.73 milliseconds in resume sending helper answer Aug 26 18:24:18.832748: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:18.832751: | libevent_free: release ptr-libevent@0x7fd8b4002888 Aug 26 18:24:19.333274: | timer_event_cb: processing event@0x7fd8bc001f18 Aug 26 18:24:19.333302: | handling event EVENT_RETRANSMIT for parent state #4 Aug 26 18:24:19.333314: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:19.333318: | IKEv2 retransmit event Aug 26 18:24:19.333323: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 18:24:19.333328: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Aug 26 18:24:19.333333: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 1 Aug 26 18:24:19.333342: | retransmits: current time 29145.075806; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500624 exceeds limit? NO Aug 26 18:24:19.333347: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd8b4002b78 Aug 26 18:24:19.333351: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:24:19.333355: | libevent_malloc: new ptr-libevent@0x7fd8b4002888 size 128 Aug 26 18:24:19.333359: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:24:19.333367: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:24:19.333370: | c4 1e 50 d1 c7 e1 a3 71 00 00 00 00 00 00 00 00 Aug 26 18:24:19.333373: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:19.333375: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:19.333377: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:19.333380: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:19.333382: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:19.333385: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:19.333388: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:19.333390: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:19.333393: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:19.333396: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:19.333398: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:19.333400: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:19.333403: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:19.333405: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:19.333408: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:19.333410: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:19.333413: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:19.333416: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:19.333418: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:19.333421: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:19.333424: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:19.333426: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:19.333429: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:19.333431: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:19.333434: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:19.333437: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:19.333439: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:19.333442: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:19.333444: | 28 00 01 08 00 0e 00 00 b7 17 e7 b2 e9 10 2f ca Aug 26 18:24:19.333447: | fa e7 16 23 35 bf 45 ae 90 e3 3b a7 ae be f4 b3 Aug 26 18:24:19.333450: | ab 41 50 eb 2c a9 64 e6 44 1c b4 8c b2 f3 d0 a1 Aug 26 18:24:19.333452: | 40 45 4f d5 f0 80 86 22 d4 61 1b cc 32 99 51 84 Aug 26 18:24:19.333455: | 31 c7 5d c8 7c b3 b5 a6 c5 53 26 87 78 65 7c e3 Aug 26 18:24:19.333457: | 48 b1 18 b5 83 1c a2 7e 1c a2 e9 4a 96 df 7a 75 Aug 26 18:24:19.333460: | 39 c9 ab 29 ad 21 a0 58 cc 62 e9 66 df 7e 3b b8 Aug 26 18:24:19.333462: | d9 7b cb 1f a5 2e 8f 12 80 b1 44 68 b0 26 27 41 Aug 26 18:24:19.333465: | 72 f2 13 a7 da 99 5b a8 55 18 c8 f5 e4 7f 30 47 Aug 26 18:24:19.333467: | 92 7c e8 59 59 a0 8d 98 08 c9 70 03 81 b2 6b 80 Aug 26 18:24:19.333470: | 90 12 16 f8 aa d3 37 24 f2 9f 2c 5f c3 74 a1 eb Aug 26 18:24:19.333473: | c5 fd 07 73 b7 6b 22 1d 1d 5b 53 0c ce c3 57 72 Aug 26 18:24:19.333475: | 3f 60 aa 44 80 74 c8 6a 05 82 d7 36 39 05 ea ea Aug 26 18:24:19.333478: | ee c1 b7 02 c8 72 ab 38 ce 73 54 2e 32 16 83 10 Aug 26 18:24:19.333482: | f1 c8 3d d7 4b f4 63 87 36 24 25 f9 f8 5d 77 87 Aug 26 18:24:19.333485: | a5 ca 14 21 01 b6 f0 fc 97 2d 51 3d f2 c3 25 49 Aug 26 18:24:19.333488: | 79 8f e3 69 2b 49 42 f0 29 00 00 24 2e 93 d3 a5 Aug 26 18:24:19.333490: | bf 3d b4 3e 71 4e 37 17 84 68 9d 16 d7 f7 97 ab Aug 26 18:24:19.333492: | c5 1e c5 5b 9b ef 1d 8d f8 f0 e5 18 29 00 00 08 Aug 26 18:24:19.333495: | 00 00 40 2e 29 00 00 1c 00 00 40 04 14 59 dc e6 Aug 26 18:24:19.333498: | 66 f7 e2 cf ea 5d 04 1f 06 f6 d0 12 35 0f e0 89 Aug 26 18:24:19.333500: | 00 00 00 1c 00 00 40 05 2d b5 6a fd 51 ac 58 a5 Aug 26 18:24:19.333503: | 16 06 c0 e1 e8 05 23 f0 6b e5 42 c2 Aug 26 18:24:19.333534: | libevent_free: release ptr-libevent@0x55af5b436a58 Aug 26 18:24:19.333538: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd8bc001f18 Aug 26 18:24:19.333545: | #4 spent 0.256 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:24:19.333551: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:19.815276: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:19.815330: shutting down Aug 26 18:24:19.815343: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:19.815348: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:19.815351: forgetting secrets Aug 26 18:24:19.815358: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:19.815364: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 18:24:19.815369: | removing pending policy for no connection {0x55af5b4164b8} Aug 26 18:24:19.815373: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:19.815376: | pass 0 Aug 26 18:24:19.815379: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:19.815382: | state #4 Aug 26 18:24:19.815386: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:19.815392: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:19.815396: | pstats #4 ikev2.ike deleted other Aug 26 18:24:19.815401: | #4 spent 2.96 milliseconds in total Aug 26 18:24:19.815405: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:19.815408: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.985s and NOT sending notification Aug 26 18:24:19.815410: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:24:19.815413: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:19.815419: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:19.815426: | libevent_free: release ptr-libevent@0x7fd8b4002888 Aug 26 18:24:19.815430: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd8b4002b78 Aug 26 18:24:19.815435: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:19.815438: | picked newest_isakmp_sa #0 for #4 Aug 26 18:24:19.815442: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:19.815447: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 18:24:19.815452: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:24:19.815459: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:19.815464: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:19.815467: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:24:19.815475: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:24:19.815480: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:24:19.815502: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:19.815509: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:19.815512: | pass 1 Aug 26 18:24:19.815515: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:19.815520: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:19.815524: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:19.815529: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:19.815555: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:24:19.815563: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:19.815565: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:19.815567: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:19.815570: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 18:24:19.815572: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:19.815574: | command executing unroute-client Aug 26 18:24:19.815605: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 18:24:19.815610: | popen cmd is 1041 chars long Aug 26 18:24:19.815614: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:19.815618: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 18:24:19.815622: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:24:19.815625: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:24:19.815629: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Aug 26 18:24:19.815633: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 18:24:19.815636: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 18:24:19.815639: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 18:24:19.815642: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 18:24:19.815646: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:24:19.815649: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:24:19.815652: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:24:19.815654: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 18:24:19.815658: | cmd(1040):1: Aug 26 18:24:19.827165: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827189: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827193: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827196: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827200: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827209: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827220: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827229: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827238: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827247: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827256: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827267: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827358: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827365: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827367: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827368: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827370: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827371: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827374: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827375: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827382: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827397: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827410: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827423: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827435: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827448: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827463: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827478: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827640: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.827651: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:19.832069: | free hp@0x55af5b4308b8 Aug 26 18:24:19.832083: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 18:24:19.832088: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:19.832103: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:19.832105: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:19.832115: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:19.832117: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:19.832120: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 18:24:19.832122: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 18:24:19.832124: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 18:24:19.832126: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 18:24:19.832129: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:19.832139: | libevent_free: release ptr-libevent@0x55af5b4224c8 Aug 26 18:24:19.832142: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e1b8 Aug 26 18:24:19.832149: | libevent_free: release ptr-libevent@0x55af5b3be398 Aug 26 18:24:19.832151: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e268 Aug 26 18:24:19.832157: | libevent_free: release ptr-libevent@0x55af5b3c0238 Aug 26 18:24:19.832159: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e318 Aug 26 18:24:19.832167: | libevent_free: release ptr-libevent@0x55af5b3bd388 Aug 26 18:24:19.832169: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e3c8 Aug 26 18:24:19.832174: | libevent_free: release ptr-libevent@0x55af5b393ba8 Aug 26 18:24:19.832176: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e478 Aug 26 18:24:19.832181: | libevent_free: release ptr-libevent@0x55af5b38e1d8 Aug 26 18:24:19.832183: | free_event_entry: release EVENT_NULL-pe@0x55af5b42e528 Aug 26 18:24:19.832187: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:19.832632: | libevent_free: release ptr-libevent@0x55af5b422578 Aug 26 18:24:19.832640: | free_event_entry: release EVENT_NULL-pe@0x55af5b416338 Aug 26 18:24:19.832645: | libevent_free: release ptr-libevent@0x55af5b3c0138 Aug 26 18:24:19.832647: | free_event_entry: release EVENT_NULL-pe@0x55af5b4157f8 Aug 26 18:24:19.832651: | libevent_free: release ptr-libevent@0x55af5b3f9bf8 Aug 26 18:24:19.832653: | free_event_entry: release EVENT_NULL-pe@0x55af5b4163a8 Aug 26 18:24:19.832656: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:19.832657: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:19.832659: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:19.832661: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:19.832662: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:19.832664: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:19.832665: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:19.832667: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:19.832669: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:19.832673: | libevent_free: release ptr-libevent@0x55af5b3bd8e8 Aug 26 18:24:19.832676: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:19.832678: | libevent_free: release ptr-libevent@0x55af5b42d908 Aug 26 18:24:19.832679: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:19.832682: | libevent_free: release ptr-libevent@0x55af5b42da18 Aug 26 18:24:19.832683: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:19.832685: | libevent_free: release ptr-libevent@0x55af5b42dc58 Aug 26 18:24:19.832687: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:19.832689: | releasing event base Aug 26 18:24:19.832699: | libevent_free: release ptr-libevent@0x55af5b42db28 Aug 26 18:24:19.832701: | libevent_free: release ptr-libevent@0x55af5b410be8 Aug 26 18:24:19.832703: | libevent_free: release ptr-libevent@0x55af5b410b98 Aug 26 18:24:19.832705: | libevent_free: release ptr-libevent@0x55af5b410b28 Aug 26 18:24:19.832707: | libevent_free: release ptr-libevent@0x55af5b410ae8 Aug 26 18:24:19.832709: | libevent_free: release ptr-libevent@0x55af5b42d808 Aug 26 18:24:19.832710: | libevent_free: release ptr-libevent@0x55af5b42d888 Aug 26 18:24:19.832712: | libevent_free: release ptr-libevent@0x55af5b410d98 Aug 26 18:24:19.832714: | libevent_free: release ptr-libevent@0x55af5b415908 Aug 26 18:24:19.832715: | libevent_free: release ptr-libevent@0x55af5b4162f8 Aug 26 18:24:19.832718: | libevent_free: release ptr-libevent@0x55af5b42e598 Aug 26 18:24:19.832721: | libevent_free: release ptr-libevent@0x55af5b42e4e8 Aug 26 18:24:19.832723: | libevent_free: release ptr-libevent@0x55af5b42e438 Aug 26 18:24:19.832725: | libevent_free: release ptr-libevent@0x55af5b42e388 Aug 26 18:24:19.832728: | libevent_free: release ptr-libevent@0x55af5b42e2d8 Aug 26 18:24:19.832731: | libevent_free: release ptr-libevent@0x55af5b42e228 Aug 26 18:24:19.832734: | libevent_free: release ptr-libevent@0x55af5b3bda48 Aug 26 18:24:19.832737: | libevent_free: release ptr-libevent@0x55af5b42d9d8 Aug 26 18:24:19.832740: | libevent_free: release ptr-libevent@0x55af5b42d8c8 Aug 26 18:24:19.832742: | libevent_free: release ptr-libevent@0x55af5b42d848 Aug 26 18:24:19.832745: | libevent_free: release ptr-libevent@0x55af5b42dae8 Aug 26 18:24:19.832748: | libevent_free: release ptr-libevent@0x55af5b3bcbd8 Aug 26 18:24:19.832752: | libevent_free: release ptr-libevent@0x55af5b38d908 Aug 26 18:24:19.832757: | libevent_free: release ptr-libevent@0x55af5b38dd38 Aug 26 18:24:19.832760: | libevent_free: release ptr-libevent@0x55af5b3bcf48 Aug 26 18:24:19.832763: | releasing global libevent data Aug 26 18:24:19.832766: | libevent_free: release ptr-libevent@0x55af5b393188 Aug 26 18:24:19.832769: | libevent_free: release ptr-libevent@0x55af5b38dcd8 Aug 26 18:24:19.832772: | libevent_free: release ptr-libevent@0x55af5b38ddd8 Aug 26 18:24:19.832806: leak detective found no leaks