Aug 26 18:24:22.176164: FIPS Product: YES Aug 26 18:24:22.176273: FIPS Kernel: NO Aug 26 18:24:22.176276: FIPS Mode: NO Aug 26 18:24:22.176279: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:22.176429: Initializing NSS Aug 26 18:24:22.176439: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:22.206968: NSS initialized Aug 26 18:24:22.206985: NSS crypto library initialized Aug 26 18:24:22.206987: FIPS HMAC integrity support [enabled] Aug 26 18:24:22.206988: FIPS mode disabled for pluto daemon Aug 26 18:24:22.245512: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:22.245618: libcap-ng support [enabled] Aug 26 18:24:22.245626: Linux audit support [enabled] Aug 26 18:24:22.245662: Linux audit activated Aug 26 18:24:22.245672: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13410 Aug 26 18:24:22.245675: core dump dir: /tmp Aug 26 18:24:22.245677: secrets file: /etc/ipsec.secrets Aug 26 18:24:22.245680: leak-detective enabled Aug 26 18:24:22.245682: NSS crypto [enabled] Aug 26 18:24:22.245684: XAUTH PAM support [enabled] Aug 26 18:24:22.245756: | libevent is using pluto's memory allocator Aug 26 18:24:22.245766: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:22.245781: | libevent_malloc: new ptr-libevent@0x557656574998 size 40 Aug 26 18:24:22.245785: | libevent_malloc: new ptr-libevent@0x557656574918 size 40 Aug 26 18:24:22.245788: | libevent_malloc: new ptr-libevent@0x557656574898 size 40 Aug 26 18:24:22.245791: | creating event base Aug 26 18:24:22.245795: | libevent_malloc: new ptr-libevent@0x5576565664c8 size 56 Aug 26 18:24:22.245800: | libevent_malloc: new ptr-libevent@0x5576564e7da8 size 664 Aug 26 18:24:22.245812: | libevent_malloc: new ptr-libevent@0x5576565aefb8 size 24 Aug 26 18:24:22.245816: | libevent_malloc: new ptr-libevent@0x5576565af008 size 384 Aug 26 18:24:22.245827: | libevent_malloc: new ptr-libevent@0x5576565aef78 size 16 Aug 26 18:24:22.245831: | libevent_malloc: new ptr-libevent@0x557656574818 size 40 Aug 26 18:24:22.245833: | libevent_malloc: new ptr-libevent@0x557656574798 size 48 Aug 26 18:24:22.245838: | libevent_realloc: new ptr-libevent@0x5576564e7a38 size 256 Aug 26 18:24:22.245841: | libevent_malloc: new ptr-libevent@0x5576565af1b8 size 16 Aug 26 18:24:22.245847: | libevent_free: release ptr-libevent@0x5576565664c8 Aug 26 18:24:22.245851: | libevent initialized Aug 26 18:24:22.245855: | libevent_realloc: new ptr-libevent@0x5576565664c8 size 64 Aug 26 18:24:22.245861: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:22.245876: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:22.245880: NAT-Traversal support [enabled] Aug 26 18:24:22.245882: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:22.245888: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:22.245892: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:22.245927: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:22.245932: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:22.245935: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:22.245980: Encryption algorithms: Aug 26 18:24:22.245990: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:22.245994: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:22.245998: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:22.246002: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:22.246005: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:22.246014: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:22.246018: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:22.246022: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:22.246025: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:22.246029: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:22.246032: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:22.246035: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:22.246039: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:22.246043: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:22.246046: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:22.246050: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:22.246053: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:22.246060: Hash algorithms: Aug 26 18:24:22.246064: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:22.246067: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:22.246070: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:22.246072: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:22.246075: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:22.246088: PRF algorithms: Aug 26 18:24:22.246092: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:22.246095: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:22.246098: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:22.246101: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:22.246105: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:22.246108: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:22.246134: Integrity algorithms: Aug 26 18:24:22.246139: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:22.246143: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:22.246147: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:22.246152: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:22.246156: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:22.246159: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:22.246163: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:22.246167: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:22.246170: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:22.246181: DH algorithms: Aug 26 18:24:22.246185: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:22.246188: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:22.246191: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:22.246196: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:22.246200: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:22.246203: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:22.246205: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:22.246208: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:22.246212: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:22.246215: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:22.246217: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:22.246220: testing CAMELLIA_CBC: Aug 26 18:24:22.246223: Camellia: 16 bytes with 128-bit key Aug 26 18:24:22.246360: Camellia: 16 bytes with 128-bit key Aug 26 18:24:22.246395: Camellia: 16 bytes with 256-bit key Aug 26 18:24:22.246427: Camellia: 16 bytes with 256-bit key Aug 26 18:24:22.246451: testing AES_GCM_16: Aug 26 18:24:22.246454: empty string Aug 26 18:24:22.246478: one block Aug 26 18:24:22.246500: two blocks Aug 26 18:24:22.246523: two blocks with associated data Aug 26 18:24:22.246553: testing AES_CTR: Aug 26 18:24:22.246558: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:22.246587: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:22.246616: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:22.246643: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:22.246665: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:22.246688: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:22.246712: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:22.246738: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:22.246768: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:22.246800: testing AES_CBC: Aug 26 18:24:22.246804: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:22.246833: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.248044: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.248105: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.248147: testing AES_XCBC: Aug 26 18:24:22.248153: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:22.248284: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:22.248433: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:22.248565: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:22.248702: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:22.248839: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:22.248977: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:22.250659: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:22.250816: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:22.250997: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:22.251252: testing HMAC_MD5: Aug 26 18:24:22.251258: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:22.251445: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:22.251609: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:22.252013: 8 CPU cores online Aug 26 18:24:22.252020: starting up 7 crypto helpers Aug 26 18:24:22.252056: started thread for crypto helper 0 Aug 26 18:24:22.252076: started thread for crypto helper 1 Aug 26 18:24:22.252095: started thread for crypto helper 2 Aug 26 18:24:22.252114: started thread for crypto helper 3 Aug 26 18:24:22.252123: | starting up helper thread 2 Aug 26 18:24:22.252133: started thread for crypto helper 4 Aug 26 18:24:22.252139: | starting up helper thread 0 Aug 26 18:24:22.252181: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:22.252185: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:22.252190: | starting up helper thread 5 Aug 26 18:24:22.252196: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:22.252199: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:22.252146: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:22.252317: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:22.252150: | starting up helper thread 3 Aug 26 18:24:22.252336: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:22.252339: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:22.255321: | starting up helper thread 1 Aug 26 18:24:22.255345: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:22.255348: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:22.257499: | starting up helper thread 4 Aug 26 18:24:22.257520: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:22.257525: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:22.252171: started thread for crypto helper 5 Aug 26 18:24:22.258042: started thread for crypto helper 6 Aug 26 18:24:22.258051: | checking IKEv1 state table Aug 26 18:24:22.258059: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.258062: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:22.258065: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.258068: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:22.258071: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:22.258073: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:22.258076: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.258078: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.258081: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:22.258084: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:22.258086: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.258089: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.258092: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:22.258094: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.258097: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.258099: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:22.258102: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:22.258104: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.258107: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.258109: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:22.258112: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:22.258115: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258118: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:22.258120: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258123: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.258126: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:22.258129: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.258131: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:22.258134: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:22.258140: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:22.258143: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:22.258145: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:22.258148: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:22.258150: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258153: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.258156: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258159: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:22.258161: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:22.258164: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:22.258167: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:22.258170: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:22.258176: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:22.258179: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:22.258181: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258184: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:22.258187: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258190: | INFO: category: informational flags: 0: Aug 26 18:24:22.258192: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258195: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:22.258198: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258200: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:22.258203: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:22.258206: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:22.258208: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.258211: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:22.258214: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:22.258217: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:22.258220: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:22.258222: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.258225: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.258228: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:22.258230: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.258233: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.258236: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:22.258239: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:22.258241: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:22.258247: | checking IKEv2 state table Aug 26 18:24:22.258253: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:22.258256: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:22.258259: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.258262: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:22.258266: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:22.258269: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:22.258272: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:22.258275: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:22.258278: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:22.258280: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:22.258283: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:22.258286: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:22.263771: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:22.263781: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:22.263784: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:22.263787: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:22.263792: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.263796: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:22.263799: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.263803: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:22.263806: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:22.263809: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.263812: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:22.263815: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:22.263818: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:22.263828: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:22.263832: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.263835: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:22.263838: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:22.263842: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:22.263845: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.263848: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:22.263852: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:22.263855: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:22.263858: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.263861: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:22.263865: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:22.263868: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:22.263871: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:22.263875: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:22.263878: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:22.263881: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:22.263885: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:22.263888: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:22.263892: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:22.263895: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:22.263898: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:22.263913: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:22.264339: | Hard-wiring algorithms Aug 26 18:24:22.264347: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:22.264353: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:22.264356: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:22.264359: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:22.264362: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:22.264365: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:22.264368: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:22.264371: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:22.264374: | adding AES_CTR to kernel algorithm db Aug 26 18:24:22.264377: | adding AES_CBC to kernel algorithm db Aug 26 18:24:22.264380: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:22.264383: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:22.264386: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:22.264389: | adding NULL to kernel algorithm db Aug 26 18:24:22.264392: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:22.264395: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:22.264398: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:22.264401: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:22.264404: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:22.264407: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:22.264410: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:22.264413: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:22.264416: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:22.264419: | adding NONE to kernel algorithm db Aug 26 18:24:22.264442: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:22.264449: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:22.264453: | setup kernel fd callback Aug 26 18:24:22.264460: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55765656e6b8 Aug 26 18:24:22.264464: | libevent_malloc: new ptr-libevent@0x5576565ad618 size 128 Aug 26 18:24:22.264468: | libevent_malloc: new ptr-libevent@0x5576565b47b8 size 16 Aug 26 18:24:22.264475: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5576565b4748 Aug 26 18:24:22.264478: | libevent_malloc: new ptr-libevent@0x5576565ad6c8 size 128 Aug 26 18:24:22.264481: | libevent_malloc: new ptr-libevent@0x5576565b4418 size 16 Aug 26 18:24:22.260131: | starting up helper thread 6 Aug 26 18:24:22.264692: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:22.264698: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:22.270516: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:22.270535: selinux support is enabled. Aug 26 18:24:22.271330: | unbound context created - setting debug level to 5 Aug 26 18:24:22.271364: | /etc/hosts lookups activated Aug 26 18:24:22.271376: | /etc/resolv.conf usage activated Aug 26 18:24:22.271440: | outgoing-port-avoid set 0-65535 Aug 26 18:24:22.271471: | outgoing-port-permit set 32768-60999 Aug 26 18:24:22.271474: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:22.271478: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:22.271481: | Setting up events, loop start Aug 26 18:24:22.271485: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5576565b4be8 Aug 26 18:24:22.271489: | libevent_malloc: new ptr-libevent@0x5576565c0a48 size 128 Aug 26 18:24:22.271493: | libevent_malloc: new ptr-libevent@0x5576565cbd38 size 16 Aug 26 18:24:22.271501: | libevent_realloc: new ptr-libevent@0x5576565cbd78 size 256 Aug 26 18:24:22.271504: | libevent_malloc: new ptr-libevent@0x5576565cbea8 size 8 Aug 26 18:24:22.271507: | libevent_realloc: new ptr-libevent@0x5576565cbee8 size 144 Aug 26 18:24:22.271510: | libevent_malloc: new ptr-libevent@0x557656572c88 size 152 Aug 26 18:24:22.271514: | libevent_malloc: new ptr-libevent@0x5576565cbfa8 size 16 Aug 26 18:24:22.271518: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:22.271521: | libevent_malloc: new ptr-libevent@0x5576565cbfe8 size 8 Aug 26 18:24:22.271525: | libevent_malloc: new ptr-libevent@0x5576564e9308 size 152 Aug 26 18:24:22.271528: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:22.271531: | libevent_malloc: new ptr-libevent@0x5576565cc028 size 8 Aug 26 18:24:22.275202: | libevent_malloc: new ptr-libevent@0x5576564f3508 size 152 Aug 26 18:24:22.275222: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:22.275227: | libevent_malloc: new ptr-libevent@0x5576565cc068 size 8 Aug 26 18:24:22.275231: | libevent_realloc: release ptr-libevent@0x5576565cbee8 Aug 26 18:24:22.275234: | libevent_realloc: new ptr-libevent@0x5576565cc0a8 size 256 Aug 26 18:24:22.275237: | libevent_malloc: new ptr-libevent@0x5576564eb3b8 size 152 Aug 26 18:24:22.275240: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:22.275652: | created addconn helper (pid:13560) using fork+execve Aug 26 18:24:22.275674: | forked child 13560 Aug 26 18:24:22.275848: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.275868: listening for IKE messages Aug 26 18:24:22.275913: | Inspecting interface lo Aug 26 18:24:22.275920: | found lo with address 127.0.0.1 Aug 26 18:24:22.275928: | Inspecting interface eth0 Aug 26 18:24:22.275933: | found eth0 with address 192.0.2.254 Aug 26 18:24:22.275937: | Inspecting interface eth0 Aug 26 18:24:22.275941: | found eth0 with address 192.0.22.254 Aug 26 18:24:22.275943: | Inspecting interface eth1 Aug 26 18:24:22.275947: | found eth1 with address 192.1.2.23 Aug 26 18:24:22.276014: Kernel supports NIC esp-hw-offload Aug 26 18:24:22.276026: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:24:22.276098: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.276104: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.276115: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:22.276145: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.254:500 Aug 26 18:24:22.276168: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.276173: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.276178: adding interface eth0/eth0 192.0.22.254:4500 Aug 26 18:24:22.276204: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:24:22.276227: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.276232: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.276236: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:22.276263: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:22.276284: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.276294: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.276301: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:22.276361: | no interfaces to sort Aug 26 18:24:22.276366: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:22.276378: | add_fd_read_event_handler: new ethX-pe@0x5576565cc7c8 Aug 26 18:24:22.276382: | libevent_malloc: new ptr-libevent@0x5576565c0998 size 128 Aug 26 18:24:22.276386: | libevent_malloc: new ptr-libevent@0x5576565cc838 size 16 Aug 26 18:24:22.276394: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:24:22.276397: | add_fd_read_event_handler: new ethX-pe@0x5576565cc878 Aug 26 18:24:22.276403: | libevent_malloc: new ptr-libevent@0x557656567178 size 128 Aug 26 18:24:22.276406: | libevent_malloc: new ptr-libevent@0x5576565cc8e8 size 16 Aug 26 18:24:22.276412: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:24:22.276415: | add_fd_read_event_handler: new ethX-pe@0x5576565cc928 Aug 26 18:24:22.276418: | libevent_malloc: new ptr-libevent@0x557656567228 size 128 Aug 26 18:24:22.276421: | libevent_malloc: new ptr-libevent@0x5576565cc998 size 16 Aug 26 18:24:22.276426: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Aug 26 18:24:22.276429: | add_fd_read_event_handler: new ethX-pe@0x5576565cc9d8 Aug 26 18:24:22.276434: | libevent_malloc: new ptr-libevent@0x5576565661e8 size 128 Aug 26 18:24:22.276437: | libevent_malloc: new ptr-libevent@0x5576565cca48 size 16 Aug 26 18:24:22.276442: | setup callback for interface eth0 192.0.2.254:500 fd 21 Aug 26 18:24:22.276445: | add_fd_read_event_handler: new ethX-pe@0x5576565cca88 Aug 26 18:24:22.276453: | libevent_malloc: new ptr-libevent@0x55765656e4f8 size 128 Aug 26 18:24:22.276457: | libevent_malloc: new ptr-libevent@0x5576565ccaf8 size 16 Aug 26 18:24:22.276462: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Aug 26 18:24:22.276466: | add_fd_read_event_handler: new ethX-pe@0x5576565ccb38 Aug 26 18:24:22.276471: | libevent_malloc: new ptr-libevent@0x55765656f018 size 128 Aug 26 18:24:22.276474: | libevent_malloc: new ptr-libevent@0x5576565ccba8 size 16 Aug 26 18:24:22.276478: | setup callback for interface eth0 192.0.22.254:500 fd 19 Aug 26 18:24:22.276481: | add_fd_read_event_handler: new ethX-pe@0x5576565ccbe8 Aug 26 18:24:22.276484: | libevent_malloc: new ptr-libevent@0x5576565cd198 size 128 Aug 26 18:24:22.276487: | libevent_malloc: new ptr-libevent@0x5576565cd248 size 16 Aug 26 18:24:22.276492: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:22.276495: | add_fd_read_event_handler: new ethX-pe@0x5576565cd288 Aug 26 18:24:22.276498: | libevent_malloc: new ptr-libevent@0x5576565cd2f8 size 128 Aug 26 18:24:22.276501: | libevent_malloc: new ptr-libevent@0x5576565cd3a8 size 16 Aug 26 18:24:22.276505: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:22.276511: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:22.276514: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:22.276541: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:22.276556: | saving Modulus Aug 26 18:24:22.276560: | saving PublicExponent Aug 26 18:24:22.276563: | ignoring PrivateExponent Aug 26 18:24:22.276566: | ignoring Prime1 Aug 26 18:24:22.276569: | ignoring Prime2 Aug 26 18:24:22.276571: | ignoring Exponent1 Aug 26 18:24:22.276574: | ignoring Exponent2 Aug 26 18:24:22.276577: | ignoring Coefficient Aug 26 18:24:22.276580: | ignoring CKAIDNSS Aug 26 18:24:22.276625: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:22.276629: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:22.276634: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:22.276640: | certs and keys locked by 'process_secret' Aug 26 18:24:22.276646: | certs and keys unlocked by 'process_secret' Aug 26 18:24:22.276656: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.276664: | spent 0.824 milliseconds in whack Aug 26 18:24:22.356066: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.356099: listening for IKE messages Aug 26 18:24:22.363307: | Inspecting interface lo Aug 26 18:24:22.363333: | found lo with address 127.0.0.1 Aug 26 18:24:22.363337: | Inspecting interface eth0 Aug 26 18:24:22.363342: | found eth0 with address 192.0.2.254 Aug 26 18:24:22.363345: | Inspecting interface eth0 Aug 26 18:24:22.363349: | found eth0 with address 192.0.22.254 Aug 26 18:24:22.363352: | Inspecting interface eth1 Aug 26 18:24:22.363356: | found eth1 with address 192.1.2.23 Aug 26 18:24:22.363417: | no interfaces to sort Aug 26 18:24:22.363429: | libevent_free: release ptr-libevent@0x5576565c0998 Aug 26 18:24:22.363433: | free_event_entry: release EVENT_NULL-pe@0x5576565cc7c8 Aug 26 18:24:22.363436: | add_fd_read_event_handler: new ethX-pe@0x5576565cc7c8 Aug 26 18:24:22.363440: | libevent_malloc: new ptr-libevent@0x5576565c0998 size 128 Aug 26 18:24:22.363448: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:24:22.363452: | libevent_free: release ptr-libevent@0x557656567178 Aug 26 18:24:22.363455: | free_event_entry: release EVENT_NULL-pe@0x5576565cc878 Aug 26 18:24:22.363458: | add_fd_read_event_handler: new ethX-pe@0x5576565cc878 Aug 26 18:24:22.363461: | libevent_malloc: new ptr-libevent@0x557656567178 size 128 Aug 26 18:24:22.363466: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:24:22.363471: | libevent_free: release ptr-libevent@0x557656567228 Aug 26 18:24:22.363474: | free_event_entry: release EVENT_NULL-pe@0x5576565cc928 Aug 26 18:24:22.363477: | add_fd_read_event_handler: new ethX-pe@0x5576565cc928 Aug 26 18:24:22.363480: | libevent_malloc: new ptr-libevent@0x557656567228 size 128 Aug 26 18:24:22.363485: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Aug 26 18:24:22.363489: | libevent_free: release ptr-libevent@0x5576565661e8 Aug 26 18:24:22.363492: | free_event_entry: release EVENT_NULL-pe@0x5576565cc9d8 Aug 26 18:24:22.363495: | add_fd_read_event_handler: new ethX-pe@0x5576565cc9d8 Aug 26 18:24:22.363498: | libevent_malloc: new ptr-libevent@0x5576565661e8 size 128 Aug 26 18:24:22.363503: | setup callback for interface eth0 192.0.2.254:500 fd 21 Aug 26 18:24:22.363506: | libevent_free: release ptr-libevent@0x55765656e4f8 Aug 26 18:24:22.363509: | free_event_entry: release EVENT_NULL-pe@0x5576565cca88 Aug 26 18:24:22.363512: | add_fd_read_event_handler: new ethX-pe@0x5576565cca88 Aug 26 18:24:22.363515: | libevent_malloc: new ptr-libevent@0x55765656e4f8 size 128 Aug 26 18:24:22.363521: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Aug 26 18:24:22.363524: | libevent_free: release ptr-libevent@0x55765656f018 Aug 26 18:24:22.363527: | free_event_entry: release EVENT_NULL-pe@0x5576565ccb38 Aug 26 18:24:22.363530: | add_fd_read_event_handler: new ethX-pe@0x5576565ccb38 Aug 26 18:24:22.363534: | libevent_malloc: new ptr-libevent@0x55765656f018 size 128 Aug 26 18:24:22.363539: | setup callback for interface eth0 192.0.22.254:500 fd 19 Aug 26 18:24:22.363548: | libevent_free: release ptr-libevent@0x5576565cd198 Aug 26 18:24:22.363551: | free_event_entry: release EVENT_NULL-pe@0x5576565ccbe8 Aug 26 18:24:22.363554: | add_fd_read_event_handler: new ethX-pe@0x5576565ccbe8 Aug 26 18:24:22.363557: | libevent_malloc: new ptr-libevent@0x5576565cd198 size 128 Aug 26 18:24:22.363562: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:22.363566: | libevent_free: release ptr-libevent@0x5576565cd2f8 Aug 26 18:24:22.363569: | free_event_entry: release EVENT_NULL-pe@0x5576565cd288 Aug 26 18:24:22.363572: | add_fd_read_event_handler: new ethX-pe@0x5576565cd288 Aug 26 18:24:22.363574: | libevent_malloc: new ptr-libevent@0x5576565cd2f8 size 128 Aug 26 18:24:22.363580: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:22.363584: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:22.363586: forgetting secrets Aug 26 18:24:22.363600: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:22.363614: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:22.363628: | saving Modulus Aug 26 18:24:22.363632: | saving PublicExponent Aug 26 18:24:22.363636: | ignoring PrivateExponent Aug 26 18:24:22.363639: | ignoring Prime1 Aug 26 18:24:22.363643: | ignoring Prime2 Aug 26 18:24:22.363646: | ignoring Exponent1 Aug 26 18:24:22.363650: | ignoring Exponent2 Aug 26 18:24:22.363653: | ignoring Coefficient Aug 26 18:24:22.363657: | ignoring CKAIDNSS Aug 26 18:24:22.363681: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:22.363684: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:22.363688: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:22.363693: | certs and keys locked by 'process_secret' Aug 26 18:24:22.363695: | certs and keys unlocked by 'process_secret' Aug 26 18:24:22.363705: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.363713: | spent 0.49 milliseconds in whack Aug 26 18:24:22.364376: | processing signal PLUTO_SIGCHLD Aug 26 18:24:22.364393: | waitpid returned pid 13560 (exited with status 0) Aug 26 18:24:22.364397: | reaped addconn helper child (status 0) Aug 26 18:24:22.364402: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:22.364407: | spent 0.0171 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:22.418266: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.418294: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.418301: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.418304: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.418307: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.418313: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.418321: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.418325: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:22.418411: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:22.418416: | from whack: got --esp= Aug 26 18:24:22.418476: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:22.419346: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.419364: | loading left certificate 'north' pubkey Aug 26 18:24:22.419465: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d3df8 Aug 26 18:24:22.419472: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d3ef8 Aug 26 18:24:22.419480: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d4908 Aug 26 18:24:22.419614: | unreference key: 0x5576564bac48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.419730: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:24:22.419743: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:22.420055: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.420063: | loading right certificate 'east' pubkey Aug 26 18:24:22.420149: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d4d78 Aug 26 18:24:22.420155: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d4218 Aug 26 18:24:22.420159: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d0658 Aug 26 18:24:22.420162: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d4808 Aug 26 18:24:22.420166: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565d0258 Aug 26 18:24:22.420429: | unreference key: 0x5576565d8948 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.420613: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:24:22.420619: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:24:22.420629: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:22.420642: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 18:24:22.420645: | new hp@0x5576565db2e8 Aug 26 18:24:22.420650: added connection description "northnet-eastnets/0x1" Aug 26 18:24:22.420666: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.420690: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:24:22.420701: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.420709: | spent 2.66 milliseconds in whack Aug 26 18:24:22.423585: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.423613: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.423618: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.423623: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.423625: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.423631: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.423639: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.423643: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:22.423753: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:22.423761: | from whack: got --esp= Aug 26 18:24:22.423808: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:22.423950: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.423959: | loading left certificate 'north' pubkey Aug 26 18:24:22.424033: | unreference key: 0x5576565d4dc8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424052: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dbcf8 Aug 26 18:24:22.424057: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dbca8 Aug 26 18:24:22.424060: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dcdc8 Aug 26 18:24:22.424118: | unreference key: 0x5576565d4438 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:22.424174: | unreference key: 0x5576565d4ba8 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424234: | unreference key: 0x5576565dbef8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424379: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:24:22.424394: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:22.424486: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.424493: | loading right certificate 'east' pubkey Aug 26 18:24:22.424547: | unreference key: 0x5576565dae68 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424564: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dbca8 Aug 26 18:24:22.424568: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dcdc8 Aug 26 18:24:22.424571: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dc128 Aug 26 18:24:22.424574: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dc0d8 Aug 26 18:24:22.424576: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565dc088 Aug 26 18:24:22.424625: | unreference key: 0x5576565d9dc8 192.1.2.23 cnt 1-- Aug 26 18:24:22.424675: | unreference key: 0x5576565da2d8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424727: | unreference key: 0x5576565da538 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:22.424777: | unreference key: 0x5576565dac58 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424833: | unreference key: 0x5576565dc2a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.424887: | secrets entry for east already exists Aug 26 18:24:22.424896: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:22.424907: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:22.424912: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x5576565db2e8: northnet-eastnets/0x1 Aug 26 18:24:22.424915: added connection description "northnet-eastnets/0x2" Aug 26 18:24:22.424931: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.424956: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:24:22.424973: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.424982: | spent 1.36 milliseconds in whack Aug 26 18:24:22.502763: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.503437: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:22.503452: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:22.503804: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:22.503820: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.503829: | spent 0.881 milliseconds in whack Aug 26 18:24:22.562562: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.562588: | old debugging base+cpu-usage + none Aug 26 18:24:22.562592: | base debugging = base+cpu-usage Aug 26 18:24:22.562595: | old impairing none + suppress-retransmits Aug 26 18:24:22.562598: | base impairing = suppress-retransmits Aug 26 18:24:22.562607: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.562615: | spent 0.0611 milliseconds in whack Aug 26 18:24:25.180531: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.180567: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.180572: | e1 aa 77 0d bc 9a a4 2e 00 00 00 00 00 00 00 00 Aug 26 18:24:25.180575: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:25.180578: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:25.180581: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:25.180584: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:25.180587: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:25.180590: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:25.180593: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:25.180596: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:25.180599: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:25.180602: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:25.180605: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:25.180608: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:25.180611: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:25.180613: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:25.180617: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:25.180619: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:25.180622: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:25.180625: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:25.180628: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:25.180631: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:25.180634: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:25.180637: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:25.180640: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:25.180643: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:25.180646: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:25.180649: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:25.180652: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:25.180655: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:25.180658: | 28 00 01 08 00 0e 00 00 f4 65 ad e2 90 a6 f0 43 Aug 26 18:24:25.180661: | 26 b4 04 d6 fd 35 83 bf 10 e5 f5 e0 b8 51 9f 80 Aug 26 18:24:25.180664: | 96 5d 91 14 f5 d9 9d aa 8f c8 9e f8 07 c6 7f 94 Aug 26 18:24:25.180666: | a0 37 bb d5 53 0e 69 94 75 f8 38 2a 51 ca 2e 75 Aug 26 18:24:25.180669: | b2 a9 d9 49 b6 75 e5 24 f7 ae 60 d5 e8 9d 13 32 Aug 26 18:24:25.180676: | b6 2e 31 ec 1a d8 4f f1 3a 09 d0 4a 93 97 41 62 Aug 26 18:24:25.180679: | f1 b8 44 ee e2 a3 8a 6e 17 15 01 a5 57 d8 56 ff Aug 26 18:24:25.180682: | 8c 38 cd 3b 3e 4c ae c9 de 1a a0 c5 4a 20 4e 31 Aug 26 18:24:25.180685: | 33 79 93 ee 97 0c db 50 cb 67 74 95 af 1e 36 b2 Aug 26 18:24:25.180688: | 82 49 ca 19 aa 89 be 02 48 29 91 0b a7 a5 ed 78 Aug 26 18:24:25.180691: | 25 c5 d7 5a cb 18 fe 60 88 62 72 43 32 7a a3 3d Aug 26 18:24:25.180694: | 50 c4 69 03 26 82 67 49 43 53 be 03 17 28 84 37 Aug 26 18:24:25.180697: | aa 24 37 f4 62 a6 e1 86 85 c7 75 2e 7d 82 18 49 Aug 26 18:24:25.180699: | 2c b1 14 0b 7e 85 a9 bb 81 cc fa 49 51 e5 56 f2 Aug 26 18:24:25.180702: | f1 28 d1 b2 a7 16 c5 73 6c d2 c8 c6 b5 26 2e 00 Aug 26 18:24:25.180705: | ef 2e 92 ec e3 e3 60 87 61 8a 0d 4b 90 06 40 de Aug 26 18:24:25.180708: | 38 cf dd ef 16 21 53 7c 29 00 00 24 38 7c 82 4b Aug 26 18:24:25.180711: | 8f 76 e3 fb f1 51 f7 54 b5 22 3c 47 97 0a b6 63 Aug 26 18:24:25.180714: | 85 ac 44 49 7b 05 4c 17 08 3d 21 f4 29 00 00 08 Aug 26 18:24:25.180717: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ab d8 38 fd Aug 26 18:24:25.180720: | 4e 50 29 74 f1 a4 4f 68 b9 7c 2e e0 5f b9 d9 65 Aug 26 18:24:25.180723: | 00 00 00 1c 00 00 40 05 04 f8 aa f0 50 11 82 55 Aug 26 18:24:25.180725: | b4 a1 c0 ed 9e 39 41 9b 11 70 cc 0d Aug 26 18:24:25.180733: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.180737: | **parse ISAKMP Message: Aug 26 18:24:25.180740: | initiator cookie: Aug 26 18:24:25.180743: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.180746: | responder cookie: Aug 26 18:24:25.180748: | 00 00 00 00 00 00 00 00 Aug 26 18:24:25.180751: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.180754: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.180757: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:25.180760: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.180762: | Message ID: 0 (0x0) Aug 26 18:24:25.180765: | length: 828 (0x33c) Aug 26 18:24:25.180768: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:25.180772: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:24:25.180776: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:25.180780: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.180783: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:25.180786: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.180789: | flags: none (0x0) Aug 26 18:24:25.180791: | length: 436 (0x1b4) Aug 26 18:24:25.180794: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:24:25.180796: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.180799: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.180802: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.180804: | flags: none (0x0) Aug 26 18:24:25.180807: | length: 264 (0x108) Aug 26 18:24:25.180809: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.180811: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.180814: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.180816: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:25.180819: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.180821: | flags: none (0x0) Aug 26 18:24:25.180823: | length: 36 (0x24) Aug 26 18:24:25.180826: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.180828: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.180831: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.180833: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.180836: | flags: none (0x0) Aug 26 18:24:25.180838: | length: 8 (0x8) Aug 26 18:24:25.180840: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.180842: | SPI size: 0 (0x0) Aug 26 18:24:25.180845: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:25.180850: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:25.180852: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.180854: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.180856: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.180859: | flags: none (0x0) Aug 26 18:24:25.180861: | length: 28 (0x1c) Aug 26 18:24:25.180863: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.180865: | SPI size: 0 (0x0) Aug 26 18:24:25.180867: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:25.180869: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:25.180871: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.180873: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.180875: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.180877: | flags: none (0x0) Aug 26 18:24:25.180880: | length: 28 (0x1c) Aug 26 18:24:25.180882: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.180885: | SPI size: 0 (0x0) Aug 26 18:24:25.180887: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:25.180889: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:25.180892: | DDOS disabled and no cookie sent, continuing Aug 26 18:24:25.180898: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:25.180903: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:25.180906: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:25.180910: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 18:24:25.180913: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 18:24:25.180915: | find_next_host_connection returns empty Aug 26 18:24:25.180920: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:25.180922: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:25.180925: | find_next_host_connection returns empty Aug 26 18:24:25.180928: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:24:25.180933: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:24:25.180937: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:25.180941: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:25.180944: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 18:24:25.180947: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 18:24:25.180950: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:25.180953: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 18:24:25.180956: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 18:24:25.180959: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:25.180961: | find_next_host_connection returns empty Aug 26 18:24:25.180965: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 18:24:25.180991: | creating state object #1 at 0x5576565dd3d8 Aug 26 18:24:25.180996: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:25.181005: | pstats #1 ikev2.ike started Aug 26 18:24:25.181009: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:25.181013: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:24:25.181019: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.181029: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.181036: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:25.181041: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:25.181045: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:25.181049: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:25.181054: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:25.181057: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:24:25.181061: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:24:25.181064: | Now let's proceed with state specific processing Aug 26 18:24:25.181066: | calling processor Respond to IKE_SA_INIT Aug 26 18:24:25.181077: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.181081: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 18:24:25.181092: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.181102: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.181106: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.181112: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.181117: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.181122: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.181127: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.181132: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.181144: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.181148: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:24:25.181152: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.181155: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:25.181157: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.181160: | local proposal 1 type DH has 8 transforms Aug 26 18:24:25.181163: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:25.181167: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:25.181175: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.181178: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:25.181180: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.181183: | local proposal 2 type DH has 8 transforms Aug 26 18:24:25.181186: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:25.181189: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:25.181191: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.181194: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:25.181197: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.181199: | local proposal 3 type DH has 8 transforms Aug 26 18:24:25.181202: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:25.181205: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:25.181208: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.181211: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:25.181213: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.181216: | local proposal 4 type DH has 8 transforms Aug 26 18:24:25.181218: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:25.181221: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:25.181225: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.181228: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.181231: | length: 100 (0x64) Aug 26 18:24:25.181233: | prop #: 1 (0x1) Aug 26 18:24:25.181236: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.181239: | spi size: 0 (0x0) Aug 26 18:24:25.181241: | # transforms: 11 (0xb) Aug 26 18:24:25.181245: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:25.181248: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181254: | length: 12 (0xc) Aug 26 18:24:25.181256: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.181259: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.181262: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.181265: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.181268: | length/value: 256 (0x100) Aug 26 18:24:25.181273: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.181276: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181281: | length: 8 (0x8) Aug 26 18:24:25.181283: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181286: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.181296: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:25.181302: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:24:25.181306: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:24:25.181310: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:24:25.181312: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181317: | length: 8 (0x8) Aug 26 18:24:25.181320: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181323: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.181326: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181331: | length: 8 (0x8) Aug 26 18:24:25.181333: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181335: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.181339: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.181344: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:25.181348: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:25.181352: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:25.181354: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181360: | length: 8 (0x8) Aug 26 18:24:25.181362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181365: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.181368: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181372: | length: 8 (0x8) Aug 26 18:24:25.181375: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181378: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.181380: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181385: | length: 8 (0x8) Aug 26 18:24:25.181387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181389: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.181392: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181394: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181397: | length: 8 (0x8) Aug 26 18:24:25.181400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181402: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.181405: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181410: | length: 8 (0x8) Aug 26 18:24:25.181412: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181415: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.181418: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181422: | length: 8 (0x8) Aug 26 18:24:25.181425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181428: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.181431: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181434: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.181436: | length: 8 (0x8) Aug 26 18:24:25.181439: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181441: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.181446: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:25.181450: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:25.181453: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.181457: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.181460: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.181462: | length: 100 (0x64) Aug 26 18:24:25.181465: | prop #: 2 (0x2) Aug 26 18:24:25.181468: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.181470: | spi size: 0 (0x0) Aug 26 18:24:25.181473: | # transforms: 11 (0xb) Aug 26 18:24:25.181477: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.181480: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181485: | length: 12 (0xc) Aug 26 18:24:25.181488: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.181490: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.181493: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.181498: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.181501: | length/value: 128 (0x80) Aug 26 18:24:25.181505: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181510: | length: 8 (0x8) Aug 26 18:24:25.181513: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181516: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.181519: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181524: | length: 8 (0x8) Aug 26 18:24:25.181527: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181529: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.181532: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181537: | length: 8 (0x8) Aug 26 18:24:25.181540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181543: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.181546: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181551: | length: 8 (0x8) Aug 26 18:24:25.181554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181557: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.181560: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181565: | length: 8 (0x8) Aug 26 18:24:25.181568: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181571: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.181574: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181579: | length: 8 (0x8) Aug 26 18:24:25.181582: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181585: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.181588: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181594: | length: 8 (0x8) Aug 26 18:24:25.181596: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181599: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.181602: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181608: | length: 8 (0x8) Aug 26 18:24:25.181610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181613: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.181616: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181622: | length: 8 (0x8) Aug 26 18:24:25.181624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181627: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.181630: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181633: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.181636: | length: 8 (0x8) Aug 26 18:24:25.181638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181641: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.181646: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:24:25.181649: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:24:25.181652: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.181655: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.181658: | length: 116 (0x74) Aug 26 18:24:25.181661: | prop #: 3 (0x3) Aug 26 18:24:25.181663: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.181666: | spi size: 0 (0x0) Aug 26 18:24:25.181671: | # transforms: 13 (0xd) Aug 26 18:24:25.181675: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.181678: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181684: | length: 12 (0xc) Aug 26 18:24:25.181687: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.181689: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.181692: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.181695: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.181697: | length/value: 256 (0x100) Aug 26 18:24:25.181700: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181705: | length: 8 (0x8) Aug 26 18:24:25.181708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181710: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.181713: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181718: | length: 8 (0x8) Aug 26 18:24:25.181720: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181722: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.181725: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181730: | length: 8 (0x8) Aug 26 18:24:25.181732: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.181735: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.181737: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181742: | length: 8 (0x8) Aug 26 18:24:25.181744: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.181746: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.181749: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181754: | length: 8 (0x8) Aug 26 18:24:25.181757: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181759: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.181762: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181767: | length: 8 (0x8) Aug 26 18:24:25.181769: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181771: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.181774: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181779: | length: 8 (0x8) Aug 26 18:24:25.181782: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181784: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.181787: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181792: | length: 8 (0x8) Aug 26 18:24:25.181795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181797: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.181800: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181805: | length: 8 (0x8) Aug 26 18:24:25.181808: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181810: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.181813: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181816: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181818: | length: 8 (0x8) Aug 26 18:24:25.181821: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181823: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.181828: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181830: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181833: | length: 8 (0x8) Aug 26 18:24:25.181835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181838: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.181841: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181843: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.181846: | length: 8 (0x8) Aug 26 18:24:25.181848: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181851: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.181855: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:25.181858: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:25.181861: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.181864: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.181866: | length: 116 (0x74) Aug 26 18:24:25.181869: | prop #: 4 (0x4) Aug 26 18:24:25.181871: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.181874: | spi size: 0 (0x0) Aug 26 18:24:25.181876: | # transforms: 13 (0xd) Aug 26 18:24:25.181879: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.181882: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181887: | length: 12 (0xc) Aug 26 18:24:25.181889: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.181892: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.181895: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.181897: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.181900: | length/value: 128 (0x80) Aug 26 18:24:25.181903: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181906: | length: 8 (0x8) Aug 26 18:24:25.181908: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181910: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.181912: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181915: | length: 8 (0x8) Aug 26 18:24:25.181916: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.181918: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.181920: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181923: | length: 8 (0x8) Aug 26 18:24:25.181924: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.181926: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.181928: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181931: | length: 8 (0x8) Aug 26 18:24:25.181933: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.181934: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.181936: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181937: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181939: | length: 8 (0x8) Aug 26 18:24:25.181940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181942: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.181944: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181946: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181947: | length: 8 (0x8) Aug 26 18:24:25.181949: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181950: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.181952: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181955: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181957: | length: 8 (0x8) Aug 26 18:24:25.181958: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181960: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.181962: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181965: | length: 8 (0x8) Aug 26 18:24:25.181966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181968: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.181970: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181973: | length: 8 (0x8) Aug 26 18:24:25.181974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181976: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.181978: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181981: | length: 8 (0x8) Aug 26 18:24:25.181982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181984: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.181986: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.181989: | length: 8 (0x8) Aug 26 18:24:25.181990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.181992: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.181994: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.181996: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.181998: | length: 8 (0x8) Aug 26 18:24:25.182001: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.182003: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.182007: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:25.182009: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:25.182014: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:24:25.182020: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:24:25.182023: | converting proposal to internal trans attrs Aug 26 18:24:25.182028: | natd_hash: rcookie is zero Aug 26 18:24:25.182047: | natd_hash: hasher=0x5576560b8800(20) Aug 26 18:24:25.182050: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.182053: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:25.182055: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:25.182057: | natd_hash: port=500 Aug 26 18:24:25.182060: | natd_hash: hash= 04 f8 aa f0 50 11 82 55 b4 a1 c0 ed 9e 39 41 9b Aug 26 18:24:25.182062: | natd_hash: hash= 11 70 cc 0d Aug 26 18:24:25.182064: | natd_hash: rcookie is zero Aug 26 18:24:25.182070: | natd_hash: hasher=0x5576560b8800(20) Aug 26 18:24:25.182073: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.182075: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:25.182077: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:25.182082: | natd_hash: port=500 Aug 26 18:24:25.182085: | natd_hash: hash= ab d8 38 fd 4e 50 29 74 f1 a4 4f 68 b9 7c 2e e0 Aug 26 18:24:25.182087: | natd_hash: hash= 5f b9 d9 65 Aug 26 18:24:25.182090: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:25.182092: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:25.182095: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:25.182098: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 18:24:25.182105: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:24:25.182109: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5576565dd368 Aug 26 18:24:25.182113: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:25.182117: | libevent_malloc: new ptr-libevent@0x5576565d4858 size 128 Aug 26 18:24:25.182134: | #1 spent 1.06 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:24:25.182139: | crypto helper 0 resuming Aug 26 18:24:25.182154: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:25.182160: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:24:25.187905: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.005742 seconds Aug 26 18:24:25.187925: | (#1) spent 1.04 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:24:25.187930: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:25.187933: | scheduling resume sending helper answer for #1 Aug 26 18:24:25.187938: | libevent_malloc: new ptr-libevent@0x7f4c54002888 size 128 Aug 26 18:24:25.187946: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:25.182143: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.187959: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:25.187963: | suspending state #1 and saving MD Aug 26 18:24:25.187966: | #1 is busy; has a suspended MD Aug 26 18:24:25.187973: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.187978: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.187983: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.187989: | #1 spent 1.6 milliseconds in ikev2_process_packet() Aug 26 18:24:25.187994: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.187998: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.188001: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.188005: | spent 1.61 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.188017: | processing resume sending helper answer for #1 Aug 26 18:24:25.188023: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.188028: | crypto helper 0 replies to request ID 1 Aug 26 18:24:25.188031: | calling continuation function 0x557655fe3b50 Aug 26 18:24:25.188034: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:24:25.188066: | **emit ISAKMP Message: Aug 26 18:24:25.188070: | initiator cookie: Aug 26 18:24:25.188073: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.188075: | responder cookie: Aug 26 18:24:25.188078: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.188081: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.188084: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.188088: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:25.188091: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.188094: | Message ID: 0 (0x0) Aug 26 18:24:25.188101: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.188105: | Emitting ikev2_proposal ... Aug 26 18:24:25.188108: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:25.188111: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188113: | flags: none (0x0) Aug 26 18:24:25.188117: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.188120: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188124: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.188127: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.188130: | prop #: 1 (0x1) Aug 26 18:24:25.188133: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.188135: | spi size: 0 (0x0) Aug 26 18:24:25.188138: | # transforms: 3 (0x3) Aug 26 18:24:25.188141: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.188144: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.188147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.188150: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.188154: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.188157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.188161: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.188164: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.188167: | length/value: 256 (0x100) Aug 26 18:24:25.188170: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.188173: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.188176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.188178: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.188181: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.188184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.188188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.188191: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.188193: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.188196: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.188199: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.188202: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.188205: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.188208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.188211: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.188214: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:24:25.188217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.188220: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:24:25.188223: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.188227: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.188230: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188233: | flags: none (0x0) Aug 26 18:24:25.188235: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.188239: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.188244: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188247: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.188250: | ikev2 g^x 84 78 96 af c9 a7 40 bf 20 62 8c d7 20 2e 10 d8 Aug 26 18:24:25.188253: | ikev2 g^x db 2e 1b a7 1c 6f 2c 6d ca 65 00 31 bd 29 43 f5 Aug 26 18:24:25.188255: | ikev2 g^x 43 72 f8 c0 0e af 13 8d 2b 03 d9 2f 9d 01 b8 68 Aug 26 18:24:25.188258: | ikev2 g^x 2e c1 eb 0d d2 e4 7c 35 eb d3 8a 38 ed ce 53 58 Aug 26 18:24:25.188261: | ikev2 g^x a0 12 3e 7b af 19 95 cb 94 46 ad e4 01 d3 e8 45 Aug 26 18:24:25.188263: | ikev2 g^x 73 07 a5 01 52 89 b9 87 64 67 0f e7 5e ad 86 44 Aug 26 18:24:25.188266: | ikev2 g^x d7 24 5c 5c 47 9b 6a 98 05 6a ca 96 3e bc c2 7e Aug 26 18:24:25.188268: | ikev2 g^x f7 87 05 4a 22 aa c4 22 23 d3 47 f6 63 bb e7 cc Aug 26 18:24:25.188271: | ikev2 g^x ad 94 dc 8f 30 3f c7 65 47 90 47 17 cc af 41 68 Aug 26 18:24:25.188273: | ikev2 g^x 49 9e e0 7a 71 56 30 1a ee 15 3a 46 34 06 76 d1 Aug 26 18:24:25.188276: | ikev2 g^x 51 3c 4f f3 2b 17 ba 9d 76 fa 6e 3c 7a e2 63 86 Aug 26 18:24:25.188278: | ikev2 g^x d4 07 57 c5 85 ae 83 83 12 75 1b d2 a3 ba 94 d3 Aug 26 18:24:25.188281: | ikev2 g^x 55 08 70 0e 28 9d 1d 74 2f 39 0a a5 d0 bd 3e a0 Aug 26 18:24:25.188283: | ikev2 g^x 41 5c 52 8b fd 8e 49 83 da 91 df 48 43 c4 f6 2a Aug 26 18:24:25.188286: | ikev2 g^x 37 54 7d 4b 6f a4 28 c1 ae ec 86 cb 02 87 4c 0e Aug 26 18:24:25.188293: | ikev2 g^x dc c1 51 c6 24 72 88 48 96 11 97 63 61 d4 85 db Aug 26 18:24:25.188299: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.188302: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:25.188305: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.188308: | flags: none (0x0) Aug 26 18:24:25.188311: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:25.188315: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.188318: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188321: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.188324: | IKEv2 nonce 9f 30 78 9e 96 e8 89 6b 92 d4 99 a1 28 e2 7c 71 Aug 26 18:24:25.188326: | IKEv2 nonce 16 06 57 6a cb bf 5f 17 16 58 22 a7 60 af 9f 76 Aug 26 18:24:25.188329: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.188334: | Adding a v2N Payload Aug 26 18:24:25.188337: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.188340: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188343: | flags: none (0x0) Aug 26 18:24:25.188346: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.188348: | SPI size: 0 (0x0) Aug 26 18:24:25.188351: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:25.188355: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.188358: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188361: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:25.188364: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:25.188377: | natd_hash: hasher=0x5576560b8800(20) Aug 26 18:24:25.188380: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.188383: | natd_hash: rcookie= 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.188385: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:25.188388: | natd_hash: port=500 Aug 26 18:24:25.188391: | natd_hash: hash= 4e 30 c2 b7 84 6b 50 a0 e3 8f b7 88 f1 22 09 34 Aug 26 18:24:25.188393: | natd_hash: hash= e2 20 d2 68 Aug 26 18:24:25.188398: | Adding a v2N Payload Aug 26 18:24:25.188401: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.188404: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188406: | flags: none (0x0) Aug 26 18:24:25.188409: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.188412: | SPI size: 0 (0x0) Aug 26 18:24:25.188414: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:25.188418: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.188420: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188424: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:25.188427: | Notify data 4e 30 c2 b7 84 6b 50 a0 e3 8f b7 88 f1 22 09 34 Aug 26 18:24:25.188429: | Notify data e2 20 d2 68 Aug 26 18:24:25.188432: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:25.188438: | natd_hash: hasher=0x5576560b8800(20) Aug 26 18:24:25.188441: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.188444: | natd_hash: rcookie= 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.188447: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:25.188449: | natd_hash: port=500 Aug 26 18:24:25.188452: | natd_hash: hash= 9f 0c 55 b0 3b 51 b7 3f 8f e9 93 1f 52 fa d8 cd Aug 26 18:24:25.188455: | natd_hash: hash= 0e 9a 80 16 Aug 26 18:24:25.188457: | Adding a v2N Payload Aug 26 18:24:25.188460: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.188463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188465: | flags: none (0x0) Aug 26 18:24:25.188468: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.188471: | SPI size: 0 (0x0) Aug 26 18:24:25.188474: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:25.188477: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.188480: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.188483: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:25.188486: | Notify data 9f 0c 55 b0 3b 51 b7 3f 8f e9 93 1f 52 fa d8 cd Aug 26 18:24:25.188489: | Notify data 0e 9a 80 16 Aug 26 18:24:25.188491: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:25.188494: | going to send a certreq Aug 26 18:24:25.188497: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 18:24:25.188500: | ***emit IKEv2 Certificate Request Payload: Aug 26 18:24:25.188503: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.188506: | flags: none (0x0) Aug 26 18:24:25.188509: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.188512: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:25.188516: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.189225: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 18:24:25.189238: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 18:24:25.189242: | CA cert public key hash Aug 26 18:24:25.189245: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:25.189248: | 2b 92 25 e9 Aug 26 18:24:25.189251: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 18:24:25.189254: | emitting length of ISAKMP Message: 457 Aug 26 18:24:25.189263: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.189267: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:24:25.189271: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:24:25.189277: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:24:25.189280: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:25.189286: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:25.189295: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.189304: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:25.189310: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:25.189321: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.189324: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.189327: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 18:24:25.189329: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:25.189332: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:25.189335: | 04 00 00 0e 28 00 01 08 00 0e 00 00 84 78 96 af Aug 26 18:24:25.189337: | c9 a7 40 bf 20 62 8c d7 20 2e 10 d8 db 2e 1b a7 Aug 26 18:24:25.189340: | 1c 6f 2c 6d ca 65 00 31 bd 29 43 f5 43 72 f8 c0 Aug 26 18:24:25.189342: | 0e af 13 8d 2b 03 d9 2f 9d 01 b8 68 2e c1 eb 0d Aug 26 18:24:25.189345: | d2 e4 7c 35 eb d3 8a 38 ed ce 53 58 a0 12 3e 7b Aug 26 18:24:25.189347: | af 19 95 cb 94 46 ad e4 01 d3 e8 45 73 07 a5 01 Aug 26 18:24:25.189350: | 52 89 b9 87 64 67 0f e7 5e ad 86 44 d7 24 5c 5c Aug 26 18:24:25.189353: | 47 9b 6a 98 05 6a ca 96 3e bc c2 7e f7 87 05 4a Aug 26 18:24:25.189355: | 22 aa c4 22 23 d3 47 f6 63 bb e7 cc ad 94 dc 8f Aug 26 18:24:25.189358: | 30 3f c7 65 47 90 47 17 cc af 41 68 49 9e e0 7a Aug 26 18:24:25.189360: | 71 56 30 1a ee 15 3a 46 34 06 76 d1 51 3c 4f f3 Aug 26 18:24:25.189363: | 2b 17 ba 9d 76 fa 6e 3c 7a e2 63 86 d4 07 57 c5 Aug 26 18:24:25.189366: | 85 ae 83 83 12 75 1b d2 a3 ba 94 d3 55 08 70 0e Aug 26 18:24:25.189368: | 28 9d 1d 74 2f 39 0a a5 d0 bd 3e a0 41 5c 52 8b Aug 26 18:24:25.189371: | fd 8e 49 83 da 91 df 48 43 c4 f6 2a 37 54 7d 4b Aug 26 18:24:25.189373: | 6f a4 28 c1 ae ec 86 cb 02 87 4c 0e dc c1 51 c6 Aug 26 18:24:25.189376: | 24 72 88 48 96 11 97 63 61 d4 85 db 29 00 00 24 Aug 26 18:24:25.189378: | 9f 30 78 9e 96 e8 89 6b 92 d4 99 a1 28 e2 7c 71 Aug 26 18:24:25.189381: | 16 06 57 6a cb bf 5f 17 16 58 22 a7 60 af 9f 76 Aug 26 18:24:25.189384: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:25.189386: | 4e 30 c2 b7 84 6b 50 a0 e3 8f b7 88 f1 22 09 34 Aug 26 18:24:25.189389: | e2 20 d2 68 26 00 00 1c 00 00 40 05 9f 0c 55 b0 Aug 26 18:24:25.189391: | 3b 51 b7 3f 8f e9 93 1f 52 fa d8 cd 0e 9a 80 16 Aug 26 18:24:25.189394: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 18:24:25.189397: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:25.189456: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.189463: | libevent_free: release ptr-libevent@0x5576565d4858 Aug 26 18:24:25.189467: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5576565dd368 Aug 26 18:24:25.189470: | event_schedule: new EVENT_SO_DISCARD-pe@0x5576565dd368 Aug 26 18:24:25.189475: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:24:25.189478: | libevent_malloc: new ptr-libevent@0x5576565e5858 size 128 Aug 26 18:24:25.189483: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:25.189490: | #1 spent 1.42 milliseconds in resume sending helper answer Aug 26 18:24:25.189495: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.189499: | libevent_free: release ptr-libevent@0x7f4c54002888 Aug 26 18:24:25.211435: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.211457: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.211461: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211464: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:25.211466: | 00 01 00 05 08 b3 45 9c 78 5b be 8b ed cb 15 9e Aug 26 18:24:25.211469: | a9 0e 10 8d db e9 55 c6 78 da 79 d7 f1 98 75 17 Aug 26 18:24:25.211472: | 3a 7d 06 1a 13 d4 34 a7 5d 76 18 91 88 c9 06 c7 Aug 26 18:24:25.211474: | 47 fe ce 87 9a 35 75 ae 0a 4a e4 01 8c 36 a2 c4 Aug 26 18:24:25.211476: | 50 f4 d5 87 79 d8 fc ac 65 5a 67 73 c8 3c 9b 75 Aug 26 18:24:25.211478: | 28 06 c6 a6 3a f1 be 1d 5a 9d 0c d9 d6 dd d6 99 Aug 26 18:24:25.211480: | 4b a4 6b 05 1b d3 75 e6 39 ba aa da 07 a1 3a 2a Aug 26 18:24:25.211483: | 99 bd ed d2 13 28 f0 e6 e4 0d ad c5 42 91 27 a0 Aug 26 18:24:25.211485: | b9 a4 db ad 78 6c 39 8b 42 1e 52 53 bf 79 8c fc Aug 26 18:24:25.211487: | 58 5f 79 39 72 b2 03 6b 12 a4 7a 48 54 fc ab f8 Aug 26 18:24:25.211490: | 45 36 fb 52 81 29 39 78 74 cb 26 7f ae 02 2f 78 Aug 26 18:24:25.211492: | bb d1 c8 8c c2 66 cb ab b2 9d 82 38 e2 89 2e 26 Aug 26 18:24:25.211495: | 6b a7 ba 63 d4 57 ba 14 a7 02 cb 29 7a c3 55 e1 Aug 26 18:24:25.211497: | 9f 01 9f b2 21 0c 47 9f ab 1b ef 26 b1 72 b1 c9 Aug 26 18:24:25.211499: | 9e ef 13 c0 69 84 ee 3b 2f 04 67 5b 4b e6 df d8 Aug 26 18:24:25.211502: | 44 c8 df 41 7e cb 3d f9 7b 4d 7a 4e ae 5a 92 79 Aug 26 18:24:25.211504: | 33 ae a8 f9 d7 0b cc be 9b d7 0e e1 f9 71 37 45 Aug 26 18:24:25.211506: | ef a0 95 47 b5 c3 6c b4 9a 1c 9c 99 23 8f 1e f9 Aug 26 18:24:25.211509: | a6 13 f6 a2 1b be e7 be d2 82 36 1c 8b 40 b4 b7 Aug 26 18:24:25.211511: | da ae 92 3d 6a ef 9b 5a 0f 48 f3 3a 30 c2 72 33 Aug 26 18:24:25.211513: | f5 7b f1 e7 cc 4f 40 3b 8f b7 e9 d2 7b 50 1b fa Aug 26 18:24:25.211515: | 20 90 7c a5 0a 05 f4 ff fe c3 bf d9 c4 1a 96 dd Aug 26 18:24:25.211518: | a4 a2 8e 4c 5f 7a 3e f4 61 9e 13 82 8b 69 3b 31 Aug 26 18:24:25.211520: | 5a 3a 05 a8 53 ee 4a 8b 7e 8f 9d 11 de ca 1e 2a Aug 26 18:24:25.211522: | 56 8c d5 ae 31 1c fe 6d cf 35 ec d8 96 c7 f2 96 Aug 26 18:24:25.211525: | b4 c5 27 7f 78 24 d2 71 bf 60 d0 6f b2 ff 79 cc Aug 26 18:24:25.211527: | ed be 9d f0 38 34 c6 d4 5e 0f 2f d0 6d f4 7d 8d Aug 26 18:24:25.211530: | 2e d4 12 1c 8e 24 5b 0a 86 f5 73 6d 38 56 a3 53 Aug 26 18:24:25.211532: | eb 00 90 c5 48 50 cd ed d1 f3 29 70 dd b1 2b ce Aug 26 18:24:25.211535: | 96 49 37 0f 8d b2 42 f5 c3 57 1d c0 64 7d 45 6a Aug 26 18:24:25.211537: | d5 fb 07 5c b4 9f 20 ef f3 89 f0 62 6e 1b 23 44 Aug 26 18:24:25.211540: | ab 49 19 7f 06 57 5b 41 c6 17 a9 Aug 26 18:24:25.211546: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.211550: | **parse ISAKMP Message: Aug 26 18:24:25.211552: | initiator cookie: Aug 26 18:24:25.211555: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.211558: | responder cookie: Aug 26 18:24:25.211560: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211563: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.211566: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.211569: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.211572: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.211575: | Message ID: 1 (0x1) Aug 26 18:24:25.211577: | length: 539 (0x21b) Aug 26 18:24:25.211581: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.211584: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:25.211588: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:25.211595: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.211601: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:25.211606: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:25.211610: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:25.211614: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 18:24:25.211617: | unpacking clear payload Aug 26 18:24:25.211619: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.211623: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.211626: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:25.211628: | flags: none (0x0) Aug 26 18:24:25.211631: | length: 511 (0x1ff) Aug 26 18:24:25.211634: | fragment number: 1 (0x1) Aug 26 18:24:25.211636: | total fragments: 5 (0x5) Aug 26 18:24:25.211639: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.211644: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:25.211647: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.211650: | received IKE encrypted fragment number '1', total number '5', next payload '35' Aug 26 18:24:25.211653: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 18:24:25.211662: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.211671: | #1 spent 0.221 milliseconds in ikev2_process_packet() Aug 26 18:24:25.211676: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.211680: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.211684: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.211689: | spent 0.241 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.211855: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.211869: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.211873: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211876: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.211879: | 00 02 00 05 37 b8 9e eb 7a 04 91 16 fb 30 0e 79 Aug 26 18:24:25.211882: | e6 c5 32 44 e2 16 8a 97 22 24 4f 8e 36 47 0a 00 Aug 26 18:24:25.211886: | 44 67 33 95 77 04 39 04 8f 77 7a 00 a7 1f 4d 2a Aug 26 18:24:25.211889: | 6c f9 63 4c ed 4f 79 c7 69 d3 f3 04 7a 86 ae 4d Aug 26 18:24:25.211892: | f2 13 4a 43 1a f6 aa 97 fe e1 39 44 d7 b5 fc 56 Aug 26 18:24:25.211895: | 48 5e 79 0e 16 45 2e 4d 9f 68 9f f1 2f 91 a9 97 Aug 26 18:24:25.211898: | 52 a9 67 8a 6a 8b 0f f5 8f 0a 68 a4 04 80 3d e0 Aug 26 18:24:25.211901: | f8 fc 8d d8 a1 8d 20 66 e5 fa 05 91 96 eb aa 0c Aug 26 18:24:25.211904: | 4d 4e 50 76 ab b0 67 93 ef 67 30 ee 32 02 2c 50 Aug 26 18:24:25.211907: | e6 f3 f6 f9 a4 6a c9 74 bd 8d 0e e6 c9 b7 8e 63 Aug 26 18:24:25.211910: | e0 68 fa 10 8b 3e 8c f2 3b 9b 5d b6 c3 62 e8 2b Aug 26 18:24:25.211913: | cc ec ae a5 c5 52 b9 a9 37 90 e6 c7 e3 a1 01 8b Aug 26 18:24:25.211917: | 25 62 44 31 59 97 53 dc 21 23 c9 8f 3e 4b d9 75 Aug 26 18:24:25.211920: | 27 b6 dd aa 4a c3 1e 3e 78 6a db 11 e7 aa 88 d8 Aug 26 18:24:25.211923: | 9e 9f e8 35 72 17 4d 8e be fd 43 a7 91 49 46 de Aug 26 18:24:25.211926: | 5d 0e 4f ce 69 25 c6 25 a1 92 f0 d7 16 a2 d1 f8 Aug 26 18:24:25.211929: | 52 5d d6 4d 2f 4b d2 9d 77 f8 dd 04 0e 1e 5b f8 Aug 26 18:24:25.211932: | 6a 36 10 51 69 53 f5 b6 a1 ca 73 6f be 74 59 15 Aug 26 18:24:25.211935: | c0 6d bb 59 1e 29 7a f0 88 fa 53 96 ca 33 16 8e Aug 26 18:24:25.211938: | ff 27 94 ae 78 2d 72 1b ec f9 e0 15 ee ed 20 44 Aug 26 18:24:25.211941: | 8c 31 38 9f 66 70 67 78 eb 8d bb 9e 9a ba 98 15 Aug 26 18:24:25.211946: | 40 1b b3 b9 8f 28 81 c0 3d 2e c9 ec 64 70 be c1 Aug 26 18:24:25.211950: | 43 e0 64 a8 6a a1 67 0e 53 06 71 95 50 ff 38 f8 Aug 26 18:24:25.211953: | 06 85 f7 87 10 9e c3 0b 3c 15 a4 0d a8 6e cb 6c Aug 26 18:24:25.211956: | 95 cc 5d 1c 9a c7 70 8f e6 b8 02 8d 23 24 aa 10 Aug 26 18:24:25.211959: | 9f f3 f1 c3 49 ee bd da 0b b6 e6 b9 a6 c5 b5 84 Aug 26 18:24:25.211962: | 6c 28 bf bb 5c 49 97 96 86 6f 7d 4a b1 38 7c 38 Aug 26 18:24:25.211965: | 87 a1 8e c1 06 49 7a cd 5f b3 01 f3 4b 38 26 54 Aug 26 18:24:25.211968: | 04 b2 b1 db 60 5e 5c 82 2d 49 16 5f f3 2b bc 2b Aug 26 18:24:25.211971: | d3 1c c9 48 33 13 3c fc 9f ce 9f 8d a5 d9 eb a1 Aug 26 18:24:25.211975: | 36 1d 0d 51 97 2c b2 88 2a d5 e1 df b6 11 0d ef Aug 26 18:24:25.211978: | a8 6e 8c 5e 24 e4 68 0f 2d db cc Aug 26 18:24:25.211983: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.211987: | **parse ISAKMP Message: Aug 26 18:24:25.211990: | initiator cookie: Aug 26 18:24:25.211993: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.211996: | responder cookie: Aug 26 18:24:25.211999: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212002: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.212006: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.212009: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.212012: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.212015: | Message ID: 1 (0x1) Aug 26 18:24:25.212018: | length: 539 (0x21b) Aug 26 18:24:25.212022: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.212026: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:25.212030: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:25.212037: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.212044: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.212047: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:25.212051: | #1 is idle Aug 26 18:24:25.212054: | #1 idle Aug 26 18:24:25.212060: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:25.212063: | unpacking clear payload Aug 26 18:24:25.212066: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.212070: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.212073: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.212076: | flags: none (0x0) Aug 26 18:24:25.212079: | length: 511 (0x1ff) Aug 26 18:24:25.212082: | fragment number: 2 (0x2) Aug 26 18:24:25.212085: | total fragments: 5 (0x5) Aug 26 18:24:25.212089: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.212092: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.212096: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 18:24:25.212103: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.212108: | #1 spent 0.245 milliseconds in ikev2_process_packet() Aug 26 18:24:25.212113: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.212117: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.212121: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.212126: | spent 0.263 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.212329: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.212346: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.212350: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212355: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.212358: | 00 03 00 05 61 9a 74 84 81 cb c1 de 6b a7 81 0d Aug 26 18:24:25.212360: | 27 26 35 23 6e be a8 41 c8 42 32 cf 7e 72 8b 06 Aug 26 18:24:25.212363: | ec 89 98 f7 3b c9 90 de d3 f8 7d 5c 2b 74 aa 2f Aug 26 18:24:25.212365: | b6 5b 5b ab 56 79 1b df 6f 8b 3a b1 f4 d8 01 9e Aug 26 18:24:25.212368: | a9 97 9c 3c f4 52 44 f1 be c8 d0 3f 3a ad bd ff Aug 26 18:24:25.212373: | 50 36 43 48 02 ca 12 e8 06 7f ad 35 ae 95 aa 7e Aug 26 18:24:25.212378: | 7e 8d 4b fc af 1d 30 ce b2 f1 6c 35 27 96 ce 5c Aug 26 18:24:25.212381: | 1f 53 43 47 d4 9d 73 a5 fb 47 21 da 90 9d 9e 0b Aug 26 18:24:25.212384: | 3a 5e 2b 62 97 b7 cd 1f 4c 33 06 c5 9e ab 80 b2 Aug 26 18:24:25.212387: | 9f 01 d0 4e 03 4e c4 81 82 9c 34 1f a8 7e 24 cd Aug 26 18:24:25.212390: | 2c a0 35 1b 66 44 52 14 c3 f5 4e 8e 03 7b 25 09 Aug 26 18:24:25.212394: | a5 f5 ff 0f b4 1d 2d f7 36 f2 56 1e 43 22 c4 05 Aug 26 18:24:25.212397: | b9 6a 0c b2 8b 7f 00 45 bf c5 14 14 fd b1 01 3b Aug 26 18:24:25.212400: | 54 40 d4 bd ab 7a 31 7b 38 0f 99 f7 f0 95 0f 4f Aug 26 18:24:25.212403: | be 04 48 be 3c c4 f3 a1 15 71 09 22 c9 8f 61 27 Aug 26 18:24:25.212406: | 9f f1 73 1a a1 fd a2 02 7e 9b 62 af 6b db 0b f1 Aug 26 18:24:25.212410: | d8 b9 51 b5 92 64 e9 f0 19 4b bc 9f 32 f2 16 ce Aug 26 18:24:25.212413: | 7c 5c 9b 52 7b eb 88 36 60 03 0d 53 68 5e 53 26 Aug 26 18:24:25.212416: | 6d 90 f1 52 07 65 85 08 3c 82 fb fb 54 00 6b 54 Aug 26 18:24:25.212419: | df 54 e9 be ea 38 ee f8 1b bd d0 28 b1 98 56 4c Aug 26 18:24:25.212422: | 47 7d 3b 5b 91 e8 43 91 a6 c1 18 e3 c5 2f 55 09 Aug 26 18:24:25.212425: | f2 d1 29 ac 26 c3 c8 84 31 ee 75 9c f7 0c 32 dd Aug 26 18:24:25.212428: | a0 1e ec 7c dc a8 17 9f a8 ec 84 76 ba 94 f7 07 Aug 26 18:24:25.212431: | 14 65 f7 e6 e3 be fd 28 6d 76 d1 fb 9a 5c 4d 48 Aug 26 18:24:25.212434: | 90 dd 75 14 72 b6 8d 92 13 e1 ba 2c 93 39 4b d4 Aug 26 18:24:25.212437: | d4 f1 f2 44 44 4a e1 8f 39 3b 9c 5c ff c0 87 b0 Aug 26 18:24:25.212441: | 6b d0 1a a0 b6 24 cf 26 54 41 80 14 4f ab 6e 27 Aug 26 18:24:25.212444: | 2d 0a d2 82 94 e8 0a b3 cf 63 bc 00 be a6 fd 0f Aug 26 18:24:25.212447: | e8 78 32 70 3b 49 bc 1e 8f b5 5c ab 25 0e 0f c5 Aug 26 18:24:25.212450: | 27 1f 74 33 85 98 71 c0 72 03 8c a4 84 a9 07 43 Aug 26 18:24:25.212453: | e8 a0 5e a0 fd 9a 7d 79 0c e9 db c2 e9 b6 0f 50 Aug 26 18:24:25.212456: | d6 ac f7 06 c4 db a8 66 fd 39 2f Aug 26 18:24:25.212462: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.212466: | **parse ISAKMP Message: Aug 26 18:24:25.212469: | initiator cookie: Aug 26 18:24:25.212472: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.212475: | responder cookie: Aug 26 18:24:25.212478: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212481: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.212485: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.212488: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.212491: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.212494: | Message ID: 1 (0x1) Aug 26 18:24:25.212498: | length: 539 (0x21b) Aug 26 18:24:25.212502: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.212506: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:25.212510: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:25.212520: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.212526: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.212530: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:25.212533: | #1 is idle Aug 26 18:24:25.212535: | #1 idle Aug 26 18:24:25.212541: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:25.212544: | unpacking clear payload Aug 26 18:24:25.212547: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.212550: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.212553: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.212556: | flags: none (0x0) Aug 26 18:24:25.212558: | length: 511 (0x1ff) Aug 26 18:24:25.212561: | fragment number: 3 (0x3) Aug 26 18:24:25.212563: | total fragments: 5 (0x5) Aug 26 18:24:25.212568: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.212574: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.212579: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 18:24:25.212586: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.212592: | #1 spent 0.252 milliseconds in ikev2_process_packet() Aug 26 18:24:25.212598: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.212602: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.212605: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.212610: | spent 0.27 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.212772: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.212785: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.212789: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212792: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.212795: | 00 04 00 05 c8 ba 6d 5c 0a 73 73 7a 87 c4 04 18 Aug 26 18:24:25.212798: | eb e2 bb b7 f8 21 c2 46 d3 39 8b d6 a0 8c 85 f4 Aug 26 18:24:25.212801: | 54 d9 ec 78 bf 49 cf 75 c1 e6 ba 0d be 6c 69 cf Aug 26 18:24:25.212804: | 2a 1f 83 2b 01 9a 3f e1 26 2f 5d db 9b fe 25 ca Aug 26 18:24:25.212807: | 2a 55 b0 87 5f bc ad 0e 46 af fe e8 ec 22 24 df Aug 26 18:24:25.212810: | 0d 54 50 17 65 99 de 2b d9 98 ba a9 12 a1 62 38 Aug 26 18:24:25.212814: | bb 58 2d 94 69 6e ea 0e 7e 6e 9d 0c 84 c1 ee a6 Aug 26 18:24:25.212817: | 59 91 7d 6d b3 2e 83 c9 6f e8 80 08 3e 16 fb 7d Aug 26 18:24:25.212820: | a6 4b 55 33 11 0a fc b9 84 ad 76 40 a9 c3 09 11 Aug 26 18:24:25.212823: | b2 2f 6e 37 a0 00 3d 28 c7 f0 11 4c 43 d3 f9 41 Aug 26 18:24:25.212826: | 21 b8 47 d0 9a 0c af a9 8b 4e 79 8b be b0 13 43 Aug 26 18:24:25.212830: | 8a 7b 6b fb f3 1d 91 ae bf 48 99 64 12 cd bc 2c Aug 26 18:24:25.212833: | 90 49 d2 06 c9 d4 93 e0 cf 30 42 39 a4 86 29 27 Aug 26 18:24:25.212836: | b1 87 77 82 89 4f 74 6b 6e 35 b1 87 2c 3e fa 12 Aug 26 18:24:25.212839: | 67 e5 d6 85 57 f6 39 c1 7c cf e9 85 7a 67 91 68 Aug 26 18:24:25.212842: | 6a ca da 7e 9e 37 20 3f 1c e8 c9 72 66 1c 2b 4c Aug 26 18:24:25.212845: | 4b a6 34 53 b0 63 6e 06 44 ff c3 8c 5d fd f7 aa Aug 26 18:24:25.212848: | 85 b6 54 4f db a5 e1 16 7b 00 2e dc 33 f3 ff 6d Aug 26 18:24:25.212851: | 71 3f 4a c5 fb f7 8d 05 25 69 ea 73 7b 2d 88 dd Aug 26 18:24:25.212854: | 9b bc 87 7d c4 bd d1 8c e8 0b fc 69 42 c3 f4 52 Aug 26 18:24:25.212857: | 69 b2 93 0a 9e 06 bf 17 48 4b 04 b8 5f 1f ee b3 Aug 26 18:24:25.212861: | 13 54 40 de 50 6c fc 34 39 57 4b 1a aa 17 23 e6 Aug 26 18:24:25.212864: | b0 eb 7d c6 f8 96 60 f0 39 c1 05 6d 0d bb 5b 00 Aug 26 18:24:25.212867: | b2 a6 bf a7 45 f0 56 9c 6c 7b 53 53 d9 cd 7d 62 Aug 26 18:24:25.212870: | 52 f1 5e 7f 09 ff fb 6e 0a 7d 3f 2e a4 4b 17 eb Aug 26 18:24:25.212873: | cd dc 12 d2 5c 22 6d 08 12 b6 a6 a3 db ef 3e 70 Aug 26 18:24:25.212876: | 57 6f a6 88 6d 3d 8b ab 42 2a 33 4c 01 2b ef a6 Aug 26 18:24:25.212879: | 4e ba 09 79 5b 17 16 37 f6 fb 18 80 35 1b e6 af Aug 26 18:24:25.212884: | 46 84 90 7d 39 8b d8 c2 b4 a3 e4 4d 90 ac cd 7c Aug 26 18:24:25.212887: | 9f 97 20 41 66 aa 24 dd dd 18 38 6a dd 24 fd ac Aug 26 18:24:25.212890: | 1f 8e 94 c9 6b 5a e8 b5 70 d1 65 57 33 bb 88 94 Aug 26 18:24:25.212893: | 08 80 51 29 3d a7 44 24 3c f7 dc Aug 26 18:24:25.212899: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.212903: | **parse ISAKMP Message: Aug 26 18:24:25.212906: | initiator cookie: Aug 26 18:24:25.212909: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.212912: | responder cookie: Aug 26 18:24:25.212914: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212918: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.212921: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.212924: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.212928: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.212931: | Message ID: 1 (0x1) Aug 26 18:24:25.212934: | length: 539 (0x21b) Aug 26 18:24:25.212938: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.212941: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:25.212945: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:25.212952: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.212958: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.212962: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:25.212965: | #1 is idle Aug 26 18:24:25.212968: | #1 idle Aug 26 18:24:25.212974: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:25.212977: | unpacking clear payload Aug 26 18:24:25.212981: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.212984: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.212987: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.212990: | flags: none (0x0) Aug 26 18:24:25.212993: | length: 511 (0x1ff) Aug 26 18:24:25.212996: | fragment number: 4 (0x4) Aug 26 18:24:25.213000: | total fragments: 5 (0x5) Aug 26 18:24:25.213003: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.213006: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.213010: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 18:24:25.213017: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.213022: | #1 spent 0.243 milliseconds in ikev2_process_packet() Aug 26 18:24:25.213028: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.213032: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.213035: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.213040: | spent 0.261 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.213154: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.213165: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.213169: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.213172: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 18:24:25.213175: | 00 05 00 05 b4 01 1b a3 c9 ec 0b 88 34 ec 75 5e Aug 26 18:24:25.213178: | de 2e 20 5e af 99 2d 8a 89 33 ba e4 0c 0d e8 88 Aug 26 18:24:25.213181: | 3a 6b 25 ea 80 2c 16 64 9e ce 00 6b 1c c0 9e 86 Aug 26 18:24:25.213184: | be 5b a8 65 50 33 c2 60 32 8e df 9b 45 8e 98 be Aug 26 18:24:25.213187: | 3f 38 d1 b4 5b 45 16 65 8f af 78 60 76 5b a0 9a Aug 26 18:24:25.213190: | e4 68 6a 1b 95 39 b3 6d ba 01 06 30 51 e1 4d 59 Aug 26 18:24:25.213195: | 55 36 fe a4 96 4f 63 67 2c 94 69 df 46 88 e4 b5 Aug 26 18:24:25.213198: | 0e 48 06 6d de ed 47 17 c9 d2 ff 99 e1 b5 00 1b Aug 26 18:24:25.213201: | b9 af 10 76 5c 6f d5 d4 1b 44 62 7b 35 b7 c9 0e Aug 26 18:24:25.213204: | 98 19 fb 68 84 9d 0a e5 50 20 30 11 7e cf 44 68 Aug 26 18:24:25.213207: | 15 25 1b d5 fb 67 0c bd 67 6e 8c fb 72 18 f7 90 Aug 26 18:24:25.213210: | b1 90 b5 c7 5e 41 9f 21 59 d4 a3 2c 92 7e 11 34 Aug 26 18:24:25.213214: | d9 5d 03 da 8f 9b f1 f0 39 c4 4d 53 44 72 21 f4 Aug 26 18:24:25.213217: | e7 6a 1d 07 21 0d b3 0a cb 8c 32 34 1a e5 d8 f2 Aug 26 18:24:25.213220: | b8 6c 0d 47 c3 b4 50 7d 10 10 b7 18 c2 08 aa 0f Aug 26 18:24:25.213223: | 12 12 3f fa a3 3b b8 41 d4 46 d9 49 4b bd 4b ea Aug 26 18:24:25.213226: | 18 8c 65 45 89 f5 ec f4 db c4 a6 ba 4b 6a d3 e7 Aug 26 18:24:25.213229: | ae fb da b3 a4 8d 53 8e e9 3c 65 a7 bc 8d a7 1c Aug 26 18:24:25.213232: | 7f 6c 6e a1 3e ad 6b 59 d7 51 c3 32 d9 c6 3f 7f Aug 26 18:24:25.213235: | 73 84 98 f9 3c f7 29 29 20 15 f9 6c 0a ed 2a a8 Aug 26 18:24:25.213238: | 29 d7 82 e5 35 e1 e1 cb e6 d0 9d af b1 fb 43 ce Aug 26 18:24:25.213241: | 7f 3b 62 e2 5a 15 c8 9f 35 d7 b7 8c 3b 14 a5 ec Aug 26 18:24:25.213244: | c9 63 3a 2d 18 eb 95 63 4c 0b Aug 26 18:24:25.213249: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.213253: | **parse ISAKMP Message: Aug 26 18:24:25.213256: | initiator cookie: Aug 26 18:24:25.213259: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.213261: | responder cookie: Aug 26 18:24:25.213264: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.213267: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.213271: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.213274: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.213277: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.213281: | Message ID: 1 (0x1) Aug 26 18:24:25.213284: | length: 394 (0x18a) Aug 26 18:24:25.213291: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.213297: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:25.213301: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:25.213308: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.213314: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.213318: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:25.213321: | #1 is idle Aug 26 18:24:25.213323: | #1 idle Aug 26 18:24:25.213329: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:25.213332: | unpacking clear payload Aug 26 18:24:25.213335: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.213339: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.213342: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.213345: | flags: none (0x0) Aug 26 18:24:25.213348: | length: 366 (0x16e) Aug 26 18:24:25.213351: | fragment number: 5 (0x5) Aug 26 18:24:25.213354: | total fragments: 5 (0x5) Aug 26 18:24:25.213357: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Aug 26 18:24:25.213361: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.213365: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 18:24:25.213368: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:25.213372: | Now let's proceed with state specific processing Aug 26 18:24:25.213375: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:25.213379: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 18:24:25.213386: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:25.213390: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 18:24:25.213394: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:24:25.213398: | libevent_free: release ptr-libevent@0x5576565e5858 Aug 26 18:24:25.213402: | free_event_entry: release EVENT_SO_DISCARD-pe@0x5576565dd368 Aug 26 18:24:25.213406: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5576565dd368 Aug 26 18:24:25.213411: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:25.213415: | libevent_malloc: new ptr-libevent@0x7f4c54002888 size 128 Aug 26 18:24:25.213426: | #1 spent 0.0454 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 18:24:25.213433: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.213438: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:25.213441: | suspending state #1 and saving MD Aug 26 18:24:25.213444: | #1 is busy; has a suspended MD Aug 26 18:24:25.213450: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.213455: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.213461: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.213466: | #1 spent 0.303 milliseconds in ikev2_process_packet() Aug 26 18:24:25.213471: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.213475: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.213478: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.213483: | spent 0.32 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.216304: | crypto helper 5 resuming Aug 26 18:24:25.216322: | crypto helper 5 starting work-order 2 for state #1 Aug 26 18:24:25.216328: | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 18:24:25.217117: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:25.217546: | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001218 seconds Aug 26 18:24:25.217557: | (#1) spent 1.22 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 18:24:25.217561: | crypto helper 5 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:25.217564: | scheduling resume sending helper answer for #1 Aug 26 18:24:25.217567: | libevent_malloc: new ptr-libevent@0x7f4c4c000f48 size 128 Aug 26 18:24:25.217576: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:25.217600: | processing resume sending helper answer for #1 Aug 26 18:24:25.217613: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.217618: | crypto helper 5 replies to request ID 2 Aug 26 18:24:25.217621: | calling continuation function 0x557655fe3b50 Aug 26 18:24:25.217625: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 18:24:25.217629: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:25.217632: | already have all fragments, skipping fragment collection Aug 26 18:24:25.217636: | already have all fragments, skipping fragment collection Aug 26 18:24:25.217661: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:25.217665: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 18:24:25.217669: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 18:24:25.217672: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 18:24:25.217675: | flags: none (0x0) Aug 26 18:24:25.217681: | length: 193 (0xc1) Aug 26 18:24:25.217684: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.217687: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Aug 26 18:24:25.217690: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 18:24:25.217694: | **parse IKEv2 Certificate Payload: Aug 26 18:24:25.217697: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 18:24:25.217700: | flags: none (0x0) Aug 26 18:24:25.217703: | length: 1232 (0x4d0) Aug 26 18:24:25.217706: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.217710: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Aug 26 18:24:25.217713: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:25.217716: | **parse IKEv2 Certificate Request Payload: Aug 26 18:24:25.217719: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:25.217722: | flags: none (0x0) Aug 26 18:24:25.217725: | length: 25 (0x19) Aug 26 18:24:25.217728: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.217731: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 18:24:25.217734: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:25.217738: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:25.217741: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:25.217744: | flags: none (0x0) Aug 26 18:24:25.217747: | length: 191 (0xbf) Aug 26 18:24:25.217750: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.217753: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 18:24:25.217756: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:25.217759: | **parse IKEv2 Authentication Payload: Aug 26 18:24:25.217762: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.217765: | flags: none (0x0) Aug 26 18:24:25.217768: | length: 392 (0x188) Aug 26 18:24:25.217771: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:25.217774: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 18:24:25.217777: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.217780: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.217783: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.217786: | flags: none (0x0) Aug 26 18:24:25.217789: | length: 164 (0xa4) Aug 26 18:24:25.217792: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 18:24:25.217795: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.217799: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.217802: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.217805: | flags: none (0x0) Aug 26 18:24:25.217808: | length: 24 (0x18) Aug 26 18:24:25.217811: | number of TS: 1 (0x1) Aug 26 18:24:25.217814: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.217817: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.217820: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.217824: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.217826: | flags: none (0x0) Aug 26 18:24:25.217829: | length: 24 (0x18) Aug 26 18:24:25.217832: | number of TS: 1 (0x1) Aug 26 18:24:25.217835: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.217839: | selected state microcode Responder: process IKE_AUTH request Aug 26 18:24:25.217842: | Now let's proceed with state specific processing Aug 26 18:24:25.217845: | calling processor Responder: process IKE_AUTH request Aug 26 18:24:25.217851: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Aug 26 18:24:25.217859: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.217865: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:24:25.217868: loading root certificate cache Aug 26 18:24:25.220935: | spent 3.02 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:24:25.220988: | spent 0.0316 milliseconds in get_root_certs() filtering CAs Aug 26 18:24:25.220997: | #1 spent 3.1 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:24:25.221002: | checking for known CERT payloads Aug 26 18:24:25.221006: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:24:25.221055: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.221064: | #1 spent 0.0601 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:24:25.221070: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.221123: | #1 spent 0.0506 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:24:25.221128: | missing or expired CRL Aug 26 18:24:25.221133: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:24:25.221137: | verify_end_cert trying profile IPsec Aug 26 18:24:25.221268: | certificate is valid (profile IPsec) Aug 26 18:24:25.221277: | #1 spent 0.143 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:24:25.221284: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.221366: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565eb968 Aug 26 18:24:25.221376: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565eafa8 Aug 26 18:24:25.221379: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5576565ea998 Aug 26 18:24:25.222279: | unreference key: 0x5576565f8628 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:25.222325: | #1 spent 0.295 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:24:25.222336: | #1 spent 3.7 milliseconds in decode_certs() Aug 26 18:24:25.222341: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.222345: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.222348: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.222351: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.222354: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.222357: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.222360: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:24:25.222363: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:24:25.222366: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:24:25.222369: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:24:25.222372: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:25.222375: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.222378: | received IDr payload - extracting our alleged ID Aug 26 18:24:25.222381: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.222384: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.222387: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.222390: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.222393: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.222396: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.222399: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:25.222402: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.222405: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:25.222412: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:25.222415: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.222418: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.222434: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:25.222439: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 18:24:25.222442: | X509: CERT and ID matches current connection Aug 26 18:24:25.222445: | CERT_X509_SIGNATURE CR: Aug 26 18:24:25.222448: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:25.222451: | 2b 92 25 e9 Aug 26 18:24:25.222454: | cert blob content is not binary ASN.1 Aug 26 18:24:25.222458: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Aug 26 18:24:25.222467: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222474: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222478: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 18:24:25.222491: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:25.222497: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 18:24:25.222500: | The remote specified our ID in its IDr payload Aug 26 18:24:25.222508: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222516: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:25.222550: | received CERTREQ payload; going to decode it Aug 26 18:24:25.222555: | CERT_X509_SIGNATURE CR: Aug 26 18:24:25.222558: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:25.222561: | 2b 92 25 e9 Aug 26 18:24:25.222563: | cert blob content is not binary ASN.1 Aug 26 18:24:25.222567: | verifying AUTH payload Aug 26 18:24:25.222587: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222600: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:25.222607: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222615: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222622: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.222784: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 18:24:25.222794: | #1 spent 0.165 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:25.222798: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 18:24:25.222805: | #1 spent 0.233 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:25.222810: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 18:24:25.222815: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:25.222818: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.222824: | libevent_free: release ptr-libevent@0x7f4c54002888 Aug 26 18:24:25.222828: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5576565dd368 Aug 26 18:24:25.222831: | event_schedule: new EVENT_SA_REKEY-pe@0x5576565dd368 Aug 26 18:24:25.222835: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 18:24:25.222839: | libevent_malloc: new ptr-libevent@0x5576565f8fd8 size 128 Aug 26 18:24:25.225853: | pstats #1 ikev2.ike established Aug 26 18:24:25.225873: | **emit ISAKMP Message: Aug 26 18:24:25.225877: | initiator cookie: Aug 26 18:24:25.225880: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.225882: | responder cookie: Aug 26 18:24:25.225885: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.225889: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.225892: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.225895: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.225899: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.225902: | Message ID: 1 (0x1) Aug 26 18:24:25.225905: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.225908: | IKEv2 CERT: send a certificate? Aug 26 18:24:25.225912: | IKEv2 CERT: OK to send a certificate (always) Aug 26 18:24:25.225915: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.225918: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.225921: | flags: none (0x0) Aug 26 18:24:25.225924: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.225927: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.225930: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.225939: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:25.225967: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:25.225971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.225974: | flags: none (0x0) Aug 26 18:24:25.225977: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.225980: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:25.225984: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.225991: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 18:24:25.225996: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.225999: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.226002: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.226005: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.226008: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.226012: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.226016: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:25.226019: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.226023: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:25.226026: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:25.226029: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.226035: | my identity 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.226040: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 18:24:25.226053: | assembled IDr payload Aug 26 18:24:25.226059: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.226065: | ****emit IKEv2 Certificate Payload: Aug 26 18:24:25.226069: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.226072: | flags: none (0x0) Aug 26 18:24:25.226076: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.226081: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 18:24:25.226085: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.226090: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 18:24:25.226093: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 18:24:25.226096: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:24:25.226099: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:24:25.226102: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:24:25.226105: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:24:25.226108: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:24:25.226112: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:24:25.226115: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:24:25.226118: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:24:25.226121: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:24:25.226124: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:24:25.226130: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:24:25.226134: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:24:25.226138: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:24:25.226141: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:24:25.226143: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:24:25.226146: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:24:25.226149: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:24:25.226153: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:24:25.226156: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:24:25.226159: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:24:25.226162: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 18:24:25.226166: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:25.226171: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 18:24:25.226174: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 18:24:25.226176: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:25.226179: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 18:24:25.226181: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 18:24:25.226184: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 18:24:25.226187: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 18:24:25.226190: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 18:24:25.226192: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 18:24:25.226194: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 18:24:25.226196: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 18:24:25.226198: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 18:24:25.226201: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 18:24:25.226204: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 18:24:25.226209: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 18:24:25.226211: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 18:24:25.226214: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 18:24:25.226216: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 18:24:25.226219: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 18:24:25.226221: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 18:24:25.226224: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 18:24:25.226226: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 18:24:25.226229: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 18:24:25.226231: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 18:24:25.226234: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 18:24:25.226236: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 18:24:25.226239: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 18:24:25.226241: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 18:24:25.226244: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 18:24:25.226246: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 18:24:25.226249: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 18:24:25.226252: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 18:24:25.226254: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:25.226257: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 18:24:25.226259: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:25.226262: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 18:24:25.226264: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 18:24:25.226266: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 18:24:25.226268: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 18:24:25.226271: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 18:24:25.226273: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 18:24:25.226276: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:25.226278: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 18:24:25.226281: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 18:24:25.226283: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 18:24:25.226286: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 18:24:25.226296: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 18:24:25.226299: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 18:24:25.226301: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 18:24:25.226304: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 18:24:25.226306: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 18:24:25.226309: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 18:24:25.226311: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 18:24:25.226314: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 18:24:25.226316: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 18:24:25.226318: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 18:24:25.226321: | emitting length of IKEv2 Certificate Payload: 1265 Aug 26 18:24:25.226324: | CHILD SA proposals received Aug 26 18:24:25.226327: | going to assemble AUTH payload Aug 26 18:24:25.226330: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:25.226333: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.226336: | flags: none (0x0) Aug 26 18:24:25.226338: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:25.226342: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:24:25.226345: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:25.226350: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.226356: | #1 spent 1.03 milliseconds Aug 26 18:24:25.226370: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 18:24:25.226479: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 18:24:25.238373: | #1 spent 9.27 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:25.238388: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:25.238392: | rsa signature 3c c2 ec 69 da c5 ea fc dc 1b a7 a6 48 dc 48 87 Aug 26 18:24:25.238396: | rsa signature f8 8b 02 e5 d4 2e ef 43 84 cd b6 7a d2 a8 0e ae Aug 26 18:24:25.238399: | rsa signature 19 f4 47 37 66 b6 1c 44 40 ec 1d 8f 90 26 17 9b Aug 26 18:24:25.238402: | rsa signature 7c 38 d6 ea 71 0c 80 a0 b2 e8 13 3d d0 e5 96 bd Aug 26 18:24:25.238405: | rsa signature 1d 42 86 2f f2 a3 00 e7 95 a1 b2 32 be 64 3a 69 Aug 26 18:24:25.238408: | rsa signature 15 89 0f 0c 2a b9 08 23 fc 11 c8 7d b5 11 b6 51 Aug 26 18:24:25.238410: | rsa signature c5 1b ab fd f4 2f e3 4d 39 2e 0d fb 2d 15 40 71 Aug 26 18:24:25.238413: | rsa signature c1 df 74 3c ac 96 e4 a5 e3 98 d1 15 e1 33 a4 17 Aug 26 18:24:25.238416: | rsa signature 1e ed 11 f7 21 b3 2c 72 cb 76 1e 62 54 83 e3 ff Aug 26 18:24:25.238419: | rsa signature 88 ef 46 94 5c 5a ae c6 e5 98 bc 97 76 94 58 de Aug 26 18:24:25.238422: | rsa signature d7 a4 74 b6 b3 d5 de 7f b4 56 f8 33 dc ab 88 4d Aug 26 18:24:25.238425: | rsa signature c7 55 3f a9 ef 39 df 9f 83 1a 23 30 f5 78 25 87 Aug 26 18:24:25.238428: | rsa signature a2 80 85 fa 2b 12 c7 ee ee 51 0c c6 ec 3c 36 5d Aug 26 18:24:25.238431: | rsa signature 4d 5d 41 0a ba c3 49 d3 44 87 8e 9d a3 8c 43 f6 Aug 26 18:24:25.238434: | rsa signature 77 5f ba b8 ea d8 49 56 a9 b0 d5 6e e1 0e 0c e0 Aug 26 18:24:25.238437: | rsa signature 69 e2 95 9d 8f 6d e0 f6 18 cc 97 f4 f7 ec 28 05 Aug 26 18:24:25.238439: | rsa signature 05 04 7f a1 97 a2 fb 76 76 e5 95 fb 65 ed 95 e5 Aug 26 18:24:25.238442: | rsa signature 71 15 1c 1e 42 e2 0c e9 68 5b 05 7e 94 7d 1d f6 Aug 26 18:24:25.238445: | rsa signature 2b ac 72 1a cc ed 65 8b 70 fc 4d dd 6b a6 38 f7 Aug 26 18:24:25.238448: | rsa signature 93 bc 65 e7 cd 47 d0 12 7d ca 81 e9 0e 0f 5f aa Aug 26 18:24:25.238451: | rsa signature 24 18 58 fd 19 70 b5 80 6c 7f 17 37 64 68 ce b2 Aug 26 18:24:25.238454: | rsa signature ca 0a 29 a1 9c be bf b5 4e 27 08 fc 4d 41 61 fc Aug 26 18:24:25.238457: | rsa signature fe 17 8f 52 6c f6 2b c7 b8 67 59 93 fd 34 97 68 Aug 26 18:24:25.238459: | rsa signature d3 79 53 f4 58 5b 6d 6e 79 d5 35 0b c4 90 ac 09 Aug 26 18:24:25.238465: | #1 spent 9.51 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:25.238469: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 18:24:25.238475: | creating state object #2 at 0x5576565f16a8 Aug 26 18:24:25.238479: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:25.238484: | pstats #2 ikev2.child started Aug 26 18:24:25.238488: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 18:24:25.238495: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.238503: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.238509: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:25.238518: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:25.238521: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 18:24:25.238525: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.238529: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.238533: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.238536: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.238540: | length: 16 (0x10) Aug 26 18:24:25.238542: | start port: 0 (0x0) Aug 26 18:24:25.238545: | end port: 65535 (0xffff) Aug 26 18:24:25.238549: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.238552: | TS low c0 00 03 00 Aug 26 18:24:25.238555: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.238558: | TS high c0 00 03 ff Aug 26 18:24:25.238561: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.238564: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.238567: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.238570: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.238573: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.238576: | length: 16 (0x10) Aug 26 18:24:25.238578: | start port: 0 (0x0) Aug 26 18:24:25.238581: | end port: 65535 (0xffff) Aug 26 18:24:25.238584: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.238587: | TS low c0 00 02 00 Aug 26 18:24:25.238590: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.238593: | TS high c0 00 02 ff Aug 26 18:24:25.238595: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.238598: | looking for best SPD in current connection Aug 26 18:24:25.238605: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.238611: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238619: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.238623: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.238626: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.238630: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.238633: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.238639: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238645: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 18:24:25.238648: | looking for better host pair Aug 26 18:24:25.238654: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:25.238660: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 18:24:25.238663: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 18:24:25.238679: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.238682: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.238685: | results matched Aug 26 18:24:25.238693: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.238700: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.238707: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.238712: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238719: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.238724: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.238728: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.238731: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.238734: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.238740: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238746: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 18:24:25.238749: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 18:24:25.238762: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.238766: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.238768: | results matched Aug 26 18:24:25.238775: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.238783: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.238789: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:25.238794: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238801: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.238804: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.238807: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.238811: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.238814: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.238820: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.238826: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:25.238830: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.238833: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.238836: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.238840: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.238843: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.238846: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Aug 26 18:24:25.238849: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:25.238853: | printing contents struct traffic_selector Aug 26 18:24:25.238856: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.238858: | ipprotoid: 0 Aug 26 18:24:25.238861: | port range: 0-65535 Aug 26 18:24:25.238866: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:25.238869: | printing contents struct traffic_selector Aug 26 18:24:25.238872: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.238874: | ipprotoid: 0 Aug 26 18:24:25.238877: | port range: 0-65535 Aug 26 18:24:25.238882: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.238886: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 18:24:25.238892: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.238899: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:25.238903: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.238907: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:25.238912: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.238917: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.238922: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.238927: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.238938: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.238942: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:24:25.238946: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.238949: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.238952: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.238955: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.238958: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.238962: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:25.238965: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.238968: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.238971: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.238974: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.238977: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.238980: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:25.238983: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.238986: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.238989: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.238992: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.238994: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.238998: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:25.239001: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.239003: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.239006: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.239009: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.239012: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.239014: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:25.239017: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.239020: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.239022: | length: 32 (0x20) Aug 26 18:24:25.239024: | prop #: 1 (0x1) Aug 26 18:24:25.239027: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.239029: | spi size: 4 (0x4) Aug 26 18:24:25.239032: | # transforms: 2 (0x2) Aug 26 18:24:25.239035: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.239037: | remote SPI cc 5e 1e 56 Aug 26 18:24:25.239041: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:25.239044: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239050: | length: 12 (0xc) Aug 26 18:24:25.239052: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.239055: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.239058: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.239061: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.239063: | length/value: 256 (0x100) Aug 26 18:24:25.239068: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.239070: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239073: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.239076: | length: 8 (0x8) Aug 26 18:24:25.239079: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.239081: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.239085: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.239088: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:24:25.239091: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:24:25.239094: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:24:25.239098: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:25.239102: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:25.239105: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.239108: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.239111: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.239113: | length: 32 (0x20) Aug 26 18:24:25.239115: | prop #: 2 (0x2) Aug 26 18:24:25.239118: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.239120: | spi size: 4 (0x4) Aug 26 18:24:25.239122: | # transforms: 2 (0x2) Aug 26 18:24:25.239126: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.239128: | remote SPI cc 5e 1e 56 Aug 26 18:24:25.239131: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.239134: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239138: | length: 12 (0xc) Aug 26 18:24:25.239141: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.239144: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.239146: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.239149: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.239151: | length/value: 128 (0x80) Aug 26 18:24:25.239155: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239158: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.239160: | length: 8 (0x8) Aug 26 18:24:25.239163: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.239165: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.239169: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 18:24:25.239172: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 18:24:25.239174: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.239177: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.239179: | length: 48 (0x30) Aug 26 18:24:25.239182: | prop #: 3 (0x3) Aug 26 18:24:25.239184: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.239187: | spi size: 4 (0x4) Aug 26 18:24:25.239189: | # transforms: 4 (0x4) Aug 26 18:24:25.239193: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.239195: | remote SPI cc 5e 1e 56 Aug 26 18:24:25.239198: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.239201: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239205: | length: 12 (0xc) Aug 26 18:24:25.239207: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.239209: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.239212: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.239215: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.239217: | length/value: 256 (0x100) Aug 26 18:24:25.239220: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239227: | length: 8 (0x8) Aug 26 18:24:25.239230: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.239233: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.239236: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239239: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239241: | length: 8 (0x8) Aug 26 18:24:25.239243: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.239246: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.239249: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239252: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.239254: | length: 8 (0x8) Aug 26 18:24:25.239257: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.239260: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.239264: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:25.239267: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:25.239270: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.239273: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.239276: | length: 48 (0x30) Aug 26 18:24:25.239279: | prop #: 4 (0x4) Aug 26 18:24:25.239282: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.239284: | spi size: 4 (0x4) Aug 26 18:24:25.239287: | # transforms: 4 (0x4) Aug 26 18:24:25.239299: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.239302: | remote SPI cc 5e 1e 56 Aug 26 18:24:25.239305: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.239308: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239311: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239313: | length: 12 (0xc) Aug 26 18:24:25.239316: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.239319: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.239321: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.239325: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.239327: | length/value: 128 (0x80) Aug 26 18:24:25.239330: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239336: | length: 8 (0x8) Aug 26 18:24:25.239339: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.239342: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.239344: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239350: | length: 8 (0x8) Aug 26 18:24:25.239353: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.239355: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.239358: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239361: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.239363: | length: 8 (0x8) Aug 26 18:24:25.239366: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.239368: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.239372: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:25.239376: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:25.239382: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=cc5e1e56;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:24:25.239387: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=cc5e1e56;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:25.239392: | converting proposal to internal trans attrs Aug 26 18:24:25.239414: | netlink_get_spi: allocated 0x682f54e6 for esp.0@192.1.2.23 Aug 26 18:24:25.239418: | Emitting ikev2_proposal ... Aug 26 18:24:25.239421: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.239424: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.239427: | flags: none (0x0) Aug 26 18:24:25.239431: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.239434: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.239438: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.239441: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.239444: | prop #: 1 (0x1) Aug 26 18:24:25.239447: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.239450: | spi size: 4 (0x4) Aug 26 18:24:25.239452: | # transforms: 2 (0x2) Aug 26 18:24:25.239456: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.239460: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.239463: | our spi 68 2f 54 e6 Aug 26 18:24:25.239465: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239471: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.239474: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.239477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.239480: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.239483: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.239486: | length/value: 256 (0x100) Aug 26 18:24:25.239489: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.239492: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.239495: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.239497: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.239500: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.239503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.239506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.239509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.239512: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:25.239515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.239518: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 18:24:25.239522: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.239525: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.239529: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.239532: | flags: none (0x0) Aug 26 18:24:25.239535: | number of TS: 1 (0x1) Aug 26 18:24:25.239538: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.239542: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.239545: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.239548: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.239550: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.239552: | start port: 0 (0x0) Aug 26 18:24:25.239558: | end port: 65535 (0xffff) Aug 26 18:24:25.239562: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.239564: | ipv4 start c0 00 03 00 Aug 26 18:24:25.239567: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.239569: | ipv4 end c0 00 03 ff Aug 26 18:24:25.239571: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.239573: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.239576: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.239578: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.239581: | flags: none (0x0) Aug 26 18:24:25.239584: | number of TS: 1 (0x1) Aug 26 18:24:25.239586: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.239589: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.239592: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.239594: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.239596: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.239598: | start port: 0 (0x0) Aug 26 18:24:25.239601: | end port: 65535 (0xffff) Aug 26 18:24:25.239603: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.239606: | ipv4 start c0 00 02 00 Aug 26 18:24:25.239608: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.239610: | ipv4 end c0 00 02 ff Aug 26 18:24:25.239613: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.239615: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.239618: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:25.239622: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.239785: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:24:25.239795: | #1 spent 1.33 milliseconds Aug 26 18:24:25.239797: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:25.239799: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:24:25.239801: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.239804: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.239806: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.239807: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.239809: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.239812: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.239815: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.239817: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.239819: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.239821: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.239824: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.239826: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:25.239828: | netlink: enabling tunnel mode Aug 26 18:24:25.239830: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.239832: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.239904: | netlink response for Add SA esp.cc5e1e56@192.1.3.33 included non-error error Aug 26 18:24:25.239909: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.239913: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.239916: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.239918: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.239921: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.239928: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.239931: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:25.239933: | netlink: enabling tunnel mode Aug 26 18:24:25.239936: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.239938: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.241042: | netlink response for Add SA esp.682f54e6@192.1.2.23 included non-error error Aug 26 18:24:25.241057: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:25.241066: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:25.241069: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.241107: | raw_eroute result=success Aug 26 18:24:25.241112: | set up incoming SA, ref=0/0 Aug 26 18:24:25.241115: | sr for #2: unrouted Aug 26 18:24:25.241118: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.241121: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.241125: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.241128: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.241131: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.241134: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.241138: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.241141: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:25.241144: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:25.241152: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:24:25.241156: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.241169: | raw_eroute result=success Aug 26 18:24:25.241173: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.241178: | command executing up-client Aug 26 18:24:25.241209: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.241216: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.241232: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:24:25.241236: | popen cmd is 1403 chars long Aug 26 18:24:25.241238: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.241241: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:24:25.241243: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:24:25.241245: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:24:25.241247: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 18:24:25.241252: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 18:24:25.241255: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 18:24:25.241257: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 18:24:25.241260: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 18:24:25.241262: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:25.241265: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.241268: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 18:24:25.241270: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Aug 26 18:24:25.241273: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 18:24:25.241275: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 18:24:25.241278: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 18:24:25.241281: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcc5: Aug 26 18:24:25.241283: | cmd(1360):e1e56 SPI_OUT=0x682f54e6 ipsec _updown 2>&1: Aug 26 18:24:25.255833: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.255849: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:25.255854: | command executing prepare-client Aug 26 18:24:25.255883: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.255888: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.255903: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 18:24:25.255906: | popen cmd is 1408 chars long Aug 26 18:24:25.255908: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:25.255910: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:24:25.255912: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.255913: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:25.255915: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:25.255917: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:25.255918: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:25.255920: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 18:24:25.255925: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 18:24:25.255927: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:25.255929: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:25.255930: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:25.255932: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Aug 26 18:24:25.255934: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:24:25.255935: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:24:25.255937: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:24:25.255939: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:24:25.255940: | cmd(1360):0xcc5e1e56 SPI_OUT=0x682f54e6 ipsec _updown 2>&1: Aug 26 18:24:25.274223: | running updown command "ipsec _updown" for verb route Aug 26 18:24:25.274243: | command executing route-client Aug 26 18:24:25.274279: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.274286: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.274320: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 18:24:25.274324: | popen cmd is 1406 chars long Aug 26 18:24:25.274328: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:25.274331: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 18:24:25.274333: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 18:24:25.274336: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 18:24:25.274339: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Aug 26 18:24:25.274341: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Aug 26 18:24:25.274344: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Aug 26 18:24:25.274347: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Aug 26 18:24:25.274350: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Aug 26 18:24:25.274352: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:24:25.274355: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 18:24:25.274362: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 18:24:25.274365: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Aug 26 18:24:25.274368: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:24:25.274370: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:24:25.274373: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:24:25.274376: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:24:25.274378: | cmd(1360):cc5e1e56 SPI_OUT=0x682f54e6 ipsec _updown 2>&1: Aug 26 18:24:25.294928: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x5576565cd578,sr=0x5576565cd578} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.301398: | #1 spent 2.12 milliseconds in install_ipsec_sa() Aug 26 18:24:25.301417: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:25.301422: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.301426: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.301432: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.301435: | emitting length of IKEv2 Encryption Payload: 1961 Aug 26 18:24:25.301438: | emitting length of ISAKMP Message: 1989 Aug 26 18:24:25.301448: | **parse ISAKMP Message: Aug 26 18:24:25.301451: | initiator cookie: Aug 26 18:24:25.301453: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.301456: | responder cookie: Aug 26 18:24:25.301458: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.301461: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.301464: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.301467: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.301471: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.301474: | Message ID: 1 (0x1) Aug 26 18:24:25.301476: | length: 1989 (0x7c5) Aug 26 18:24:25.301479: | **parse IKEv2 Encryption Payload: Aug 26 18:24:25.301482: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:25.301485: | flags: none (0x0) Aug 26 18:24:25.301488: | length: 1961 (0x7a9) Aug 26 18:24:25.301490: | **emit ISAKMP Message: Aug 26 18:24:25.301493: | initiator cookie: Aug 26 18:24:25.301495: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.301498: | responder cookie: Aug 26 18:24:25.301500: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.301503: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.301505: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.301508: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.301511: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.301513: | Message ID: 1 (0x1) Aug 26 18:24:25.301516: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.301520: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.301522: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:25.301525: | flags: none (0x0) Aug 26 18:24:25.301528: | fragment number: 1 (0x1) Aug 26 18:24:25.301530: | total fragments: 5 (0x5) Aug 26 18:24:25.301533: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Aug 26 18:24:25.301537: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.301540: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.301543: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.301562: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.301567: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 18:24:25.301570: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:25.301573: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:25.301575: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:25.301578: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.301580: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:25.301583: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:25.301586: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:25.301588: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:25.301591: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:25.301593: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:25.301596: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Aug 26 18:24:25.301598: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Aug 26 18:24:25.301601: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Aug 26 18:24:25.301603: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Aug 26 18:24:25.301606: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Aug 26 18:24:25.301609: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Aug 26 18:24:25.301611: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Aug 26 18:24:25.301614: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Aug 26 18:24:25.301616: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Aug 26 18:24:25.301619: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Aug 26 18:24:25.301622: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Aug 26 18:24:25.301624: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Aug 26 18:24:25.301627: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Aug 26 18:24:25.301629: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 18:24:25.301632: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 Aug 26 18:24:25.301635: | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 Aug 26 18:24:25.301637: | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 Aug 26 18:24:25.301640: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Aug 26 18:24:25.301642: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:25.301645: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.301648: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.301651: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.301654: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.301657: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.301687: | **emit ISAKMP Message: Aug 26 18:24:25.301690: | initiator cookie: Aug 26 18:24:25.301693: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.301696: | responder cookie: Aug 26 18:24:25.301698: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.301701: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.301704: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.301706: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.301709: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.301712: | Message ID: 1 (0x1) Aug 26 18:24:25.301714: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.301719: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.301722: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.301724: | flags: none (0x0) Aug 26 18:24:25.301727: | fragment number: 2 (0x2) Aug 26 18:24:25.301729: | total fragments: 5 (0x5) Aug 26 18:24:25.301732: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.301736: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.301739: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.301742: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.301746: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.301748: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:25.301751: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.301754: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:25.301756: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:25.301759: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:25.301761: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:25.301764: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:25.301766: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:25.301769: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Aug 26 18:24:25.301772: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Aug 26 18:24:25.301774: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Aug 26 18:24:25.301777: | cleartext fragment b1 1e 7c b3 bf 11 96 94 23 ca 97 5e c7 66 36 55 Aug 26 18:24:25.301779: | cleartext fragment 71 49 95 8d 0c 2a 5c 30 4d 58 29 a3 7b 4d 3b 3f Aug 26 18:24:25.301781: | cleartext fragment 03 06 46 a6 04 63 71 0d e1 59 4f 9c ec 3a 17 24 Aug 26 18:24:25.301784: | cleartext fragment 8d 91 6a a8 e2 da 57 41 de f4 ff 65 bf f6 11 34 Aug 26 18:24:25.301787: | cleartext fragment d3 7d 5a 7f 6e 3a 3b 74 3c 51 2b e4 bf ce 6b b2 Aug 26 18:24:25.301790: | cleartext fragment 14 47 26 52 f5 57 28 bc c5 fb f9 bc 2d 4e b9 f8 Aug 26 18:24:25.301792: | cleartext fragment 46 54 c7 95 41 a7 a4 b4 d3 b3 fe 55 4b df f5 c3 Aug 26 18:24:25.301795: | cleartext fragment 78 39 8b 4e 04 57 c0 1d 5b 17 3c 28 eb 40 9d 1d Aug 26 18:24:25.301797: | cleartext fragment 7c b3 bb 0f f0 63 c7 c0 84 b0 4e e4 a9 7c c5 4b Aug 26 18:24:25.301800: | cleartext fragment 08 43 a6 2d 00 22 fd 98 d4 03 d0 ad 97 85 d1 48 Aug 26 18:24:25.301803: | cleartext fragment 15 d3 e4 e5 2d 46 7c ab 41 97 05 27 61 77 3d b6 Aug 26 18:24:25.301806: | cleartext fragment b1 58 a0 5f e0 8d 26 84 9b 03 20 ce 5e 27 7f 7d Aug 26 18:24:25.301808: | cleartext fragment 14 03 b6 9d 6b 9f fd 0c d4 c7 2d eb be ea 62 87 Aug 26 18:24:25.301811: | cleartext fragment fa 99 e0 a6 1c 85 4f 34 da 93 2e 5f db 03 10 58 Aug 26 18:24:25.301814: | cleartext fragment a8 c4 99 17 2d b1 bc e5 7b bd af 0e 28 aa a5 74 Aug 26 18:24:25.301817: | cleartext fragment ea 69 74 5e fa 2c c3 00 3c 2f 58 d0 20 cf e3 46 Aug 26 18:24:25.301820: | cleartext fragment 8d de aa f9 f7 30 5c 16 05 04 89 4c 92 9b 8a 33 Aug 26 18:24:25.301824: | cleartext fragment 11 70 83 17 58 24 2a 4b ab be b6 ec 84 9c 78 9c Aug 26 18:24:25.301827: | cleartext fragment 11 04 2a 02 ce 27 83 a1 1f 2b 38 3f 27 7d Aug 26 18:24:25.301830: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.301833: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.301836: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.301840: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.301843: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.301854: | **emit ISAKMP Message: Aug 26 18:24:25.301857: | initiator cookie: Aug 26 18:24:25.301860: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.301862: | responder cookie: Aug 26 18:24:25.301865: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.301868: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.301870: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.301873: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.301876: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.301879: | Message ID: 1 (0x1) Aug 26 18:24:25.301881: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.301884: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.301887: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.301890: | flags: none (0x0) Aug 26 18:24:25.301892: | fragment number: 3 (0x3) Aug 26 18:24:25.301895: | total fragments: 5 (0x5) Aug 26 18:24:25.301898: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.301901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.301904: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.301907: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.301910: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.301913: | cleartext fragment 46 94 63 ff 64 59 4e 6c 87 ca 3e e6 31 df 1e 7d Aug 26 18:24:25.301916: | cleartext fragment 48 88 02 c7 9d fa 4a d7 f2 5b a5 fd 7f 1b c6 dc Aug 26 18:24:25.301919: | cleartext fragment 1a bb a6 c4 f8 32 cd bf a7 0b 71 8b 2b 31 41 17 Aug 26 18:24:25.301921: | cleartext fragment 25 a4 18 52 7d 32 fc 0f 5f b8 bb ca e1 94 1a 42 Aug 26 18:24:25.301924: | cleartext fragment 4d 1f 37 16 67 84 ae b4 32 42 9c 5a 91 71 62 b4 Aug 26 18:24:25.301926: | cleartext fragment 4b 07 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Aug 26 18:24:25.301929: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Aug 26 18:24:25.301932: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Aug 26 18:24:25.301934: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 18:24:25.301937: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Aug 26 18:24:25.301939: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Aug 26 18:24:25.301942: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Aug 26 18:24:25.301945: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Aug 26 18:24:25.301947: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Aug 26 18:24:25.301950: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Aug 26 18:24:25.301953: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Aug 26 18:24:25.301955: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 18:24:25.301958: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Aug 26 18:24:25.301960: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Aug 26 18:24:25.301963: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 18:24:25.301966: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:25.301968: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Aug 26 18:24:25.301971: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Aug 26 18:24:25.301973: | cleartext fragment 03 81 81 00 3a 56 a3 7d b1 4e 62 2f 82 0d e3 fe Aug 26 18:24:25.301978: | cleartext fragment 74 40 ef cb eb 93 ea ad e4 74 8b 80 6f ae 8b 65 Aug 26 18:24:25.301980: | cleartext fragment 87 12 a6 24 0d 21 9c 5f 70 5c 6f d9 66 8d 98 8b Aug 26 18:24:25.301983: | cleartext fragment ea 59 f8 96 52 6a 6c 86 d6 7d ba 37 a9 8c 33 8c Aug 26 18:24:25.301985: | cleartext fragment 77 18 23 0b 1b 2a 66 47 e7 95 94 e6 75 84 30 d4 Aug 26 18:24:25.301988: | cleartext fragment db b8 23 eb 89 82 a9 fd ed 46 8b ce 46 7f f9 19 Aug 26 18:24:25.301991: | cleartext fragment 8f 49 da 29 2e 1e 97 cd 12 42 86 c7 57 fc Aug 26 18:24:25.301993: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.301996: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.301999: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.302002: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.302005: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.302012: | **emit ISAKMP Message: Aug 26 18:24:25.302015: | initiator cookie: Aug 26 18:24:25.302018: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.302020: | responder cookie: Aug 26 18:24:25.302023: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302025: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.302028: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.302031: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.302033: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.302036: | Message ID: 1 (0x1) Aug 26 18:24:25.302039: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.302041: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.302044: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.302046: | flags: none (0x0) Aug 26 18:24:25.302049: | fragment number: 4 (0x4) Aug 26 18:24:25.302051: | total fragments: 5 (0x5) Aug 26 18:24:25.302054: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.302057: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.302060: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.302063: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.302073: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.302076: | cleartext fragment 4f 0a 19 26 8a a1 0d 26 81 4d 53 f4 5c 92 a1 03 Aug 26 18:24:25.302079: | cleartext fragment 03 8d 6c 51 33 cc 21 00 01 88 01 00 00 00 3c c2 Aug 26 18:24:25.302081: | cleartext fragment ec 69 da c5 ea fc dc 1b a7 a6 48 dc 48 87 f8 8b Aug 26 18:24:25.302084: | cleartext fragment 02 e5 d4 2e ef 43 84 cd b6 7a d2 a8 0e ae 19 f4 Aug 26 18:24:25.302087: | cleartext fragment 47 37 66 b6 1c 44 40 ec 1d 8f 90 26 17 9b 7c 38 Aug 26 18:24:25.302089: | cleartext fragment d6 ea 71 0c 80 a0 b2 e8 13 3d d0 e5 96 bd 1d 42 Aug 26 18:24:25.302092: | cleartext fragment 86 2f f2 a3 00 e7 95 a1 b2 32 be 64 3a 69 15 89 Aug 26 18:24:25.302094: | cleartext fragment 0f 0c 2a b9 08 23 fc 11 c8 7d b5 11 b6 51 c5 1b Aug 26 18:24:25.302097: | cleartext fragment ab fd f4 2f e3 4d 39 2e 0d fb 2d 15 40 71 c1 df Aug 26 18:24:25.302100: | cleartext fragment 74 3c ac 96 e4 a5 e3 98 d1 15 e1 33 a4 17 1e ed Aug 26 18:24:25.302102: | cleartext fragment 11 f7 21 b3 2c 72 cb 76 1e 62 54 83 e3 ff 88 ef Aug 26 18:24:25.302105: | cleartext fragment 46 94 5c 5a ae c6 e5 98 bc 97 76 94 58 de d7 a4 Aug 26 18:24:25.302107: | cleartext fragment 74 b6 b3 d5 de 7f b4 56 f8 33 dc ab 88 4d c7 55 Aug 26 18:24:25.302110: | cleartext fragment 3f a9 ef 39 df 9f 83 1a 23 30 f5 78 25 87 a2 80 Aug 26 18:24:25.302112: | cleartext fragment 85 fa 2b 12 c7 ee ee 51 0c c6 ec 3c 36 5d 4d 5d Aug 26 18:24:25.302116: | cleartext fragment 41 0a ba c3 49 d3 44 87 8e 9d a3 8c 43 f6 77 5f Aug 26 18:24:25.302119: | cleartext fragment ba b8 ea d8 49 56 a9 b0 d5 6e e1 0e 0c e0 69 e2 Aug 26 18:24:25.302122: | cleartext fragment 95 9d 8f 6d e0 f6 18 cc 97 f4 f7 ec 28 05 05 04 Aug 26 18:24:25.302124: | cleartext fragment 7f a1 97 a2 fb 76 76 e5 95 fb 65 ed 95 e5 71 15 Aug 26 18:24:25.302127: | cleartext fragment 1c 1e 42 e2 0c e9 68 5b 05 7e 94 7d 1d f6 2b ac Aug 26 18:24:25.302129: | cleartext fragment 72 1a cc ed 65 8b 70 fc 4d dd 6b a6 38 f7 93 bc Aug 26 18:24:25.302132: | cleartext fragment 65 e7 cd 47 d0 12 7d ca 81 e9 0e 0f 5f aa 24 18 Aug 26 18:24:25.302135: | cleartext fragment 58 fd 19 70 b5 80 6c 7f 17 37 64 68 ce b2 ca 0a Aug 26 18:24:25.302138: | cleartext fragment 29 a1 9c be bf b5 4e 27 08 fc 4d 41 61 fc fe 17 Aug 26 18:24:25.302140: | cleartext fragment 8f 52 6c f6 2b c7 b8 67 59 93 fd 34 97 68 d3 79 Aug 26 18:24:25.302143: | cleartext fragment 53 f4 58 5b 6d 6e 79 d5 35 0b c4 90 ac 09 2c 00 Aug 26 18:24:25.302145: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 68 2f 54 e6 03 00 Aug 26 18:24:25.302148: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 18:24:25.302151: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Aug 26 18:24:25.302153: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Aug 26 18:24:25.302156: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.302159: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.302162: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.302165: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.302167: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.302175: | **emit ISAKMP Message: Aug 26 18:24:25.302177: | initiator cookie: Aug 26 18:24:25.302180: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.302182: | responder cookie: Aug 26 18:24:25.302185: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302187: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.302190: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.302193: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.302195: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.302198: | Message ID: 1 (0x1) Aug 26 18:24:25.302201: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.302204: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.302206: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.302209: | flags: none (0x0) Aug 26 18:24:25.302211: | fragment number: 5 (0x5) Aug 26 18:24:25.302214: | total fragments: 5 (0x5) Aug 26 18:24:25.302217: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.302220: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.302223: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.302226: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.302229: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.302232: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Aug 26 18:24:25.302234: | cleartext fragment c0 00 02 ff Aug 26 18:24:25.302237: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.302240: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.302243: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.302246: | emitting length of IKEv2 Encrypted Fragment: 53 Aug 26 18:24:25.302248: | emitting length of ISAKMP Message: 81 Aug 26 18:24:25.302256: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 18:24:25.302263: | #1 spent 19 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 18:24:25.302272: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.302278: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.302283: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 18:24:25.302286: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 18:24:25.302296: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 18:24:25.302301: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:25.302307: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:25.302312: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.302315: | pstats #2 ikev2.child established Aug 26 18:24:25.302325: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:25.302330: | NAT-T: encaps is 'auto' Aug 26 18:24:25.302335: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xcc5e1e56 <0x682f54e6 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.302340: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:25.302343: | sending fragments ... Aug 26 18:24:25.302352: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.302354: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302356: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 18:24:25.302358: | 00 01 00 05 ac c2 c8 3a 95 2a 4c ef 93 de f8 37 Aug 26 18:24:25.302361: | 77 03 78 6a 3c 46 79 1f c8 d2 a1 f8 55 56 c2 03 Aug 26 18:24:25.302362: | 11 79 25 07 71 da 49 e3 ec 7a 27 9f f6 d0 2c 8c Aug 26 18:24:25.302364: | 51 9f 58 e9 65 ef c2 23 94 ff c6 e7 6a dd 58 97 Aug 26 18:24:25.302367: | 81 eb 03 da 4b 82 47 4f 83 f2 65 8b 28 e4 fc 0b Aug 26 18:24:25.302369: | 59 35 63 a6 a0 be a5 93 c9 d5 e3 59 f8 aa 20 05 Aug 26 18:24:25.302371: | 12 db c5 bf 70 86 21 84 f0 05 37 a3 d0 58 b2 34 Aug 26 18:24:25.302373: | 65 61 b6 b4 6e a5 98 47 fb 5a fa 8a eb 92 d8 81 Aug 26 18:24:25.302375: | e5 c9 44 cd 00 71 fe 16 fb 05 26 37 38 aa 67 05 Aug 26 18:24:25.302377: | 34 39 46 b2 d2 e0 64 56 e9 32 e8 6d 9f 8a 7b c2 Aug 26 18:24:25.302379: | ef 38 5f 21 59 9a 58 47 e5 81 7f 8d c0 f4 c9 2c Aug 26 18:24:25.302381: | 15 20 40 13 a2 2f 1e 33 14 60 5f d9 94 f8 e8 61 Aug 26 18:24:25.302383: | ca be df a9 f3 8c e6 cf 01 d4 c2 84 24 7c 43 64 Aug 26 18:24:25.302385: | a7 dc 5b f5 59 57 c7 af 33 97 12 85 85 f8 c7 d4 Aug 26 18:24:25.302387: | 7b 5b ab 19 87 e8 4f 2c ac 98 3b 35 ed ed 45 b5 Aug 26 18:24:25.302389: | 24 24 4d 88 c7 48 e2 4e 53 d1 a5 10 67 35 70 47 Aug 26 18:24:25.302391: | f0 38 87 bc 05 5b 6f cd 72 fa 7f b3 54 2b ad e7 Aug 26 18:24:25.302393: | 95 21 0c e8 b9 49 d8 e5 44 67 b6 81 df c9 7a 1c Aug 26 18:24:25.302395: | 4e 70 f4 ac c5 39 5c c1 15 a0 6e 0a c7 cd 6c ff Aug 26 18:24:25.302397: | bb 02 c0 93 0f bc 48 1f 13 bf cb 66 69 69 b4 3e Aug 26 18:24:25.302399: | c5 45 eb 8c e1 d7 31 4c bf 5e 85 46 91 ed bb aa Aug 26 18:24:25.302401: | 9a 6d f1 81 69 b9 b5 0c c2 21 e9 03 89 4c 84 11 Aug 26 18:24:25.302403: | a3 38 39 7b d8 ee ab df a1 bb 90 87 cb 73 3a e3 Aug 26 18:24:25.302405: | e0 11 48 26 8f ac c6 98 56 3b 0d 5e 96 c1 15 41 Aug 26 18:24:25.302409: | d0 ff 3f 8b a8 92 cd 01 59 dd ec 7e 34 80 97 97 Aug 26 18:24:25.302412: | 41 f1 b7 3c eb 4c a3 9b 4a 5c 9c e3 11 17 35 62 Aug 26 18:24:25.302414: | 38 e5 44 be 56 02 5a 52 58 32 e9 d3 c7 21 7e 65 Aug 26 18:24:25.302417: | 77 46 84 7e a0 7e 3b 32 75 49 ff 07 69 d2 62 39 Aug 26 18:24:25.302419: | 69 5e ba e8 1e 91 50 de ab fa e8 b1 3b 0f 5a 6f Aug 26 18:24:25.302421: | d9 43 37 36 6a eb 69 d8 51 38 d8 10 33 12 85 27 Aug 26 18:24:25.302423: | 86 16 03 fd 7f 2e ab 11 54 12 97 d3 92 3a 19 f8 Aug 26 18:24:25.302425: | c8 a1 1c 71 0e 1e ae 25 bb 2e 16 Aug 26 18:24:25.302491: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.302495: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302498: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.302500: | 00 02 00 05 74 12 07 0d 36 ab 26 f4 c9 aa d3 9f Aug 26 18:24:25.302503: | 93 0b 1d 9a b1 47 c6 9f 16 38 cc c7 e2 e4 34 aa Aug 26 18:24:25.302505: | 0a fe 06 47 f9 cc 73 9c e3 1a 67 20 0a b9 66 99 Aug 26 18:24:25.302508: | a8 75 2f f2 76 78 a7 5d d9 60 bb 95 b3 ce b8 96 Aug 26 18:24:25.302510: | ba 27 04 8d c6 0a 52 2e 70 61 21 84 d9 52 f3 99 Aug 26 18:24:25.302513: | 5e e8 c4 a3 e3 ee 9d 45 b8 0d 1c c3 31 bc ea 5d Aug 26 18:24:25.302515: | de a1 79 f6 b7 1a 6d 5d d1 d7 04 23 dd 31 e2 53 Aug 26 18:24:25.302518: | 59 9b 8c f9 ad 95 17 c7 01 e5 cd 29 ef 89 7a 44 Aug 26 18:24:25.302521: | 74 38 96 49 c1 d7 d4 08 57 9f 04 66 b6 bf 42 ac Aug 26 18:24:25.302523: | 86 4b cd ad ed 20 ca a9 a3 9e f5 cf b3 23 92 06 Aug 26 18:24:25.302526: | d7 d5 0d c5 f6 66 fc 42 d6 0a b1 5c 70 10 33 fa Aug 26 18:24:25.302528: | db 4b 37 2d 92 9d 98 b7 ac b9 09 e9 6a 68 b1 e9 Aug 26 18:24:25.302531: | 7a a1 87 37 d6 c9 23 77 02 52 c1 82 32 82 33 a3 Aug 26 18:24:25.302533: | aa 43 a1 35 b6 12 22 ba 9d 75 2c 89 bf e6 a3 8a Aug 26 18:24:25.302536: | f3 5c 8b ec d5 7f dd 1a 72 d6 e9 c9 ad bb 97 ae Aug 26 18:24:25.302539: | 33 f7 f4 10 39 21 c8 59 40 32 77 de 48 3e da fe Aug 26 18:24:25.302541: | cf e5 89 e0 73 bb 62 01 48 77 65 4d 3a 62 c5 d5 Aug 26 18:24:25.302544: | 4a 9c 47 0e bf 20 15 ee c2 ca 08 20 52 a7 e2 de Aug 26 18:24:25.302546: | a8 76 35 3c 89 e2 6e 45 5a 0b 78 cc 79 e5 2e 2b Aug 26 18:24:25.302549: | c4 77 71 be df 06 8c dc aa 31 36 e0 44 37 bb cc Aug 26 18:24:25.302551: | 67 d9 20 e2 2a c3 d0 0e d1 14 d7 0f f0 30 8a 61 Aug 26 18:24:25.302554: | 60 b1 f7 59 3b 12 e4 5e 83 de cb 7f 82 ca 40 af Aug 26 18:24:25.302556: | 09 80 de 0f b1 d6 89 90 d6 72 61 e4 0e 68 c3 17 Aug 26 18:24:25.302559: | d3 a2 04 5e 15 2f f5 f4 4f e7 f2 f2 a8 26 a5 ca Aug 26 18:24:25.302562: | 63 33 13 51 49 e0 45 b2 1d 77 0a b4 ba 13 cc da Aug 26 18:24:25.302564: | 52 bb b6 41 5d 95 04 21 e3 e7 c4 89 95 9a 3c a4 Aug 26 18:24:25.302567: | 26 71 ce ae 40 d8 f4 7d 5f c8 d9 2f a9 b2 32 6b Aug 26 18:24:25.302569: | 08 c6 5a 14 12 87 7f 07 1e 08 5f 61 ed 57 13 70 Aug 26 18:24:25.302572: | e7 7b 64 33 b0 21 d2 3d 8d a4 3a f5 dd f7 90 05 Aug 26 18:24:25.302574: | f8 99 af 34 99 78 36 51 11 03 f6 f2 60 d0 15 eb Aug 26 18:24:25.302577: | de c0 08 5f 0a a5 d3 67 4c 68 10 d0 e8 29 17 47 Aug 26 18:24:25.302579: | 7c 49 b5 ab 09 a5 59 bf 76 74 63 Aug 26 18:24:25.302601: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.302604: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302607: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.302610: | 00 03 00 05 03 e5 df 96 9e 84 14 c9 00 64 49 4e Aug 26 18:24:25.302612: | 8b 45 2c b5 56 0a 65 b6 b3 08 53 d9 b0 c6 b4 d0 Aug 26 18:24:25.302615: | cc 4f 82 81 b6 70 d5 ff d5 ae 05 bf e3 98 13 67 Aug 26 18:24:25.302618: | 89 10 95 ff a8 97 28 b2 e5 eb d0 ba 1f 93 86 ea Aug 26 18:24:25.302620: | d5 6e 83 50 0e 24 a1 c9 a4 ce 65 d9 56 15 e5 6a Aug 26 18:24:25.302625: | 2f 55 ba 19 8d 09 d6 fc 4e 94 ce f1 91 8c 5e cd Aug 26 18:24:25.302627: | ae bc a0 c9 50 ba 01 03 da 8f 03 a5 55 3a 62 6b Aug 26 18:24:25.302630: | 58 69 34 16 67 39 5b 83 b8 ee 6c bf fa fa 2c be Aug 26 18:24:25.302632: | 45 74 5f 50 f3 1e 37 d4 3c 75 db a6 3a 1c fe 4a Aug 26 18:24:25.302635: | d0 e0 c4 35 49 3f f9 0d 7c f5 20 ec f3 91 de fd Aug 26 18:24:25.302638: | db 86 f9 72 c7 a2 7a 36 f5 e1 9f b6 99 de 0b c4 Aug 26 18:24:25.302640: | b8 5c 7f fd 3c c2 13 79 5b 8d 02 66 42 95 f3 12 Aug 26 18:24:25.302643: | 3d 84 f3 82 9f a9 32 65 5f d1 84 77 5d 1d f5 02 Aug 26 18:24:25.302645: | 7e d1 98 f1 6b ac 36 39 76 12 e9 d9 78 1a 74 e7 Aug 26 18:24:25.302648: | ef f6 66 39 95 0d 63 bb 15 dd c9 57 0b c2 8a 57 Aug 26 18:24:25.302651: | 35 b0 df a2 11 7e 8a c8 2c d3 46 12 7e 87 45 d6 Aug 26 18:24:25.302653: | 9f 93 46 6c 2d ba 1f 3d d7 34 ea 65 f5 53 cb e4 Aug 26 18:24:25.302656: | c1 1f a0 a8 a7 e7 f1 c5 6e f3 a3 d4 36 d8 8e aa Aug 26 18:24:25.302658: | ea 02 d2 c7 ae 81 79 44 79 9a b0 38 a7 71 2e ab Aug 26 18:24:25.302660: | b0 c0 41 f1 84 23 b3 fa 2f 51 62 61 20 ca 47 64 Aug 26 18:24:25.302662: | 1d 21 56 eb 85 3c dd 2a 8d 94 29 10 9c f2 5b cb Aug 26 18:24:25.302664: | ea 4b 92 e8 45 e9 27 60 ed e8 59 a9 04 9a a4 2f Aug 26 18:24:25.302667: | 1e 92 d8 34 2b 25 f3 8f 82 6a c7 bf f6 e3 e8 9c Aug 26 18:24:25.302669: | 1c 82 55 66 4e 76 2a e4 50 74 eb 1e 30 e4 2b 91 Aug 26 18:24:25.302672: | f0 52 83 bf 46 d8 5d 1a 26 2f f6 63 b5 85 87 86 Aug 26 18:24:25.302674: | 67 b0 3f 76 04 a9 1a 57 0a 93 6e a5 e7 a2 99 56 Aug 26 18:24:25.302676: | a4 bf e0 e3 2f 82 8c bd d0 22 6a 8e 8c da 0b d4 Aug 26 18:24:25.302679: | a4 15 73 ad 6a 6d 90 80 6c 98 73 e6 f0 34 e2 21 Aug 26 18:24:25.302682: | 8a 7d bb 22 63 ed ba a1 04 7a f7 f5 c5 cd 74 20 Aug 26 18:24:25.302684: | 57 25 cf 28 cb e9 d8 ef e1 2d 8d 9f 13 43 70 34 Aug 26 18:24:25.302686: | 57 06 32 83 69 29 9d 84 84 a5 6e 36 e2 45 55 b2 Aug 26 18:24:25.302688: | 89 44 4a 5a 93 64 7e 0b da e2 a3 Aug 26 18:24:25.302706: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.302710: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302712: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.302715: | 00 04 00 05 00 b7 74 a2 bf ac 17 39 a7 56 4d 74 Aug 26 18:24:25.302717: | a6 a8 65 b8 10 25 b2 5b 09 76 d8 e8 f7 2c 8c 65 Aug 26 18:24:25.302720: | 15 e3 ad c4 b9 cf be 17 44 f5 30 b1 e1 db 8c 6d Aug 26 18:24:25.302722: | 42 31 e4 34 73 7a dd d7 03 6f 8a 91 4e af 9d 00 Aug 26 18:24:25.302725: | 09 1a 35 c5 58 2e 27 4a f0 31 45 a0 d1 15 bf 50 Aug 26 18:24:25.302727: | 14 7c b6 21 48 01 f5 57 13 e8 ce 3f 77 78 44 e8 Aug 26 18:24:25.302730: | 1e 2c 5a 3c b3 f0 9c 5c 8a 68 25 d1 64 7c 38 b5 Aug 26 18:24:25.302732: | 46 80 1c 1f f5 2e c9 f1 bd 42 fc 1a 73 e9 3b a6 Aug 26 18:24:25.302735: | 21 47 b9 28 5a 21 06 5a 1d 13 8d 9c 7f ba eb 42 Aug 26 18:24:25.302737: | f3 db e9 95 b9 da 05 37 23 7d 87 6b ec ae b0 92 Aug 26 18:24:25.302740: | ec 4b 96 91 c0 02 b3 82 7a e1 b3 13 f9 b3 65 44 Aug 26 18:24:25.302742: | 55 c7 b6 56 dd 73 9d db 99 46 1b 0a 91 93 82 9e Aug 26 18:24:25.302744: | 95 3a bf 07 5e 72 c9 22 7a c1 3c fe 02 71 bf cd Aug 26 18:24:25.302747: | cf 3f 0c 4c ec 49 58 a5 28 59 3c b6 2c a3 8b 0d Aug 26 18:24:25.302749: | 43 6e 9b d8 89 f2 20 73 08 a5 dd d7 5e 48 6b e6 Aug 26 18:24:25.302752: | f4 1a a9 5c 7d 1f 23 a2 b6 ac 20 fb 09 af a7 0b Aug 26 18:24:25.302754: | 6d 77 d8 66 13 6e 4e 50 ff e4 92 b9 19 dc ca fa Aug 26 18:24:25.302757: | 25 7d ea be af f1 ac 79 f4 22 3c 37 6c ec cc 5f Aug 26 18:24:25.302759: | d7 32 59 56 04 dd 71 1d 8f af 4e a3 75 2a e3 0a Aug 26 18:24:25.302761: | 80 14 21 4b 97 55 cf d0 56 86 02 a8 e5 9f a4 39 Aug 26 18:24:25.302764: | b0 78 76 cb c0 f4 de 4d 5b 44 95 40 0e ff 50 72 Aug 26 18:24:25.302766: | 51 79 57 6c 1f e1 f2 41 31 1a 64 99 90 dc c2 c0 Aug 26 18:24:25.302771: | 37 b1 7c 39 2b 3b 1d 4a 04 87 3a e0 33 6f c6 01 Aug 26 18:24:25.302773: | 1d 15 be d8 06 be 36 19 52 00 37 bd 20 d1 4f 79 Aug 26 18:24:25.302776: | e1 25 9e dc 51 73 53 56 22 e9 57 a5 d7 bf a1 fb Aug 26 18:24:25.302778: | 89 ca f6 4e 06 bb d6 b0 96 15 9e 53 07 55 55 69 Aug 26 18:24:25.302780: | 95 d0 d7 93 6f 28 de 56 2e d0 00 14 84 1d 72 cd Aug 26 18:24:25.302783: | d6 78 f5 c7 db 5d 63 82 fb 0e c4 54 91 1c da 23 Aug 26 18:24:25.302785: | f7 7c 1d b0 ce 20 ea c9 4a 1b a9 ed 94 74 cd fa Aug 26 18:24:25.302788: | 13 4f 8d da 11 49 90 30 bc 47 e7 4d ca d7 47 33 Aug 26 18:24:25.302790: | b4 1e 92 21 8e 04 5f a8 12 cc a6 7a 3c a7 72 3a Aug 26 18:24:25.302792: | 03 e5 bb 5a 81 30 42 93 da f2 eb Aug 26 18:24:25.302808: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.302811: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302814: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 18:24:25.302816: | 00 05 00 05 be 4b dd 74 6a 05 e4 b1 2e 34 99 75 Aug 26 18:24:25.302819: | 0a f1 74 e8 99 cc ea 2a 51 bf 2f c0 0b c1 24 f9 Aug 26 18:24:25.302821: | 30 72 d9 d8 cd 22 91 9f 22 6d 55 02 b5 d8 1a 00 Aug 26 18:24:25.302823: | 03 Aug 26 18:24:25.302834: | sent 5 fragments Aug 26 18:24:25.302838: | releasing whack for #2 (sock=fd@-1) Aug 26 18:24:25.302841: | releasing whack and unpending for parent #1 Aug 26 18:24:25.302844: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 18:24:25.302849: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:25.302852: | event_schedule: new EVENT_SA_REKEY-pe@0x7f4c54002b78 Aug 26 18:24:25.302856: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 18:24:25.302861: | libevent_malloc: new ptr-libevent@0x5576565ec1e8 size 128 Aug 26 18:24:25.302877: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:25.302888: | #1 spent 19.8 milliseconds in resume sending helper answer Aug 26 18:24:25.302894: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.302899: | libevent_free: release ptr-libevent@0x7f4c4c000f48 Aug 26 18:24:25.302915: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.302921: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.302925: | spent 0.00546 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.302928: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.302932: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.302935: | spent 0.0035 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.302938: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.302941: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.302945: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.359149: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.359178: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.359182: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.359184: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:24:25.359187: | 4e c7 7d 02 c0 0d 00 ad 02 db f3 ec 53 5f 9f 74 Aug 26 18:24:25.359189: | a6 ec 44 43 4c b3 50 12 6a 25 1b bb 10 da 0d 1d Aug 26 18:24:25.359192: | d0 dc c5 56 95 a2 36 81 28 08 c8 02 97 32 5e db Aug 26 18:24:25.359194: | fd 23 da a2 68 a7 22 98 bc 01 1a 8f 01 f5 24 29 Aug 26 18:24:25.359197: | 85 b2 2e c6 72 37 b3 eb c3 87 da 8c c9 6f 6c 20 Aug 26 18:24:25.359199: | ef 1a 80 74 eb 6f ae 1e df c7 6c ee 04 ac 9c fb Aug 26 18:24:25.359202: | 85 b9 8a d5 c0 75 e7 e9 c3 89 68 d6 6d 6b 33 d0 Aug 26 18:24:25.359204: | 9d 56 74 85 23 d7 eb a1 af d6 51 36 7b 90 b7 84 Aug 26 18:24:25.359207: | 2f 6e 75 0a 78 a7 7d 7c 36 62 1e 60 96 51 f5 62 Aug 26 18:24:25.359212: | 64 bf c5 b7 b5 15 7d a1 41 d8 f1 6d 20 2f ce 48 Aug 26 18:24:25.359215: | 64 68 71 93 28 56 9e 15 46 f0 93 4e a8 33 18 31 Aug 26 18:24:25.359217: | 4e 56 82 63 09 34 7e 36 98 e6 26 14 82 ba 3a 60 Aug 26 18:24:25.359220: | 92 1d ed 2c b7 6e dd dd 87 10 60 73 dd ad 5f 65 Aug 26 18:24:25.359222: | d7 69 cb 4e 73 dd eb d4 ec 6b b3 c4 69 7d 05 e2 Aug 26 18:24:25.359224: | 97 b7 ec 6f 57 51 23 d4 3c 79 42 4a 18 fd ed 02 Aug 26 18:24:25.359227: | 23 ea 23 1d 65 44 6b ed 25 4b 8c 3d f9 d5 25 e3 Aug 26 18:24:25.359229: | 0f 0e 51 6d f6 c4 0b ca 49 e3 da 17 dd 35 01 f9 Aug 26 18:24:25.359232: | 59 7d 86 75 eb 33 ef 50 0e 2a 93 84 38 76 3a ac Aug 26 18:24:25.359234: | 83 d2 e0 57 88 e6 93 9c 3b 49 69 5f ba 6c 48 5b Aug 26 18:24:25.359236: | 71 c6 89 3e 14 37 82 60 44 35 4f 2e 94 b3 97 06 Aug 26 18:24:25.359239: | 44 44 db 48 54 83 6f 35 be 40 59 6b 21 28 39 c2 Aug 26 18:24:25.359241: | 26 44 25 50 e5 96 e3 2a 53 09 96 13 c4 06 0d 42 Aug 26 18:24:25.359244: | cd 03 92 ee f7 61 33 7b c1 df a2 e6 0b e8 02 73 Aug 26 18:24:25.359246: | 4c 8f b4 b5 df a5 22 41 09 0d 68 32 54 d5 df 86 Aug 26 18:24:25.359248: | 05 ae 97 9c 65 1a 6a 07 d1 9c 46 95 f3 9c 88 8f Aug 26 18:24:25.359251: | b4 a6 e4 1b 8e e7 a9 a4 28 03 9f 92 8a cf 88 ae Aug 26 18:24:25.359253: | e4 db e8 a8 82 5e 3d cf 94 ff 17 57 6f 13 98 4e Aug 26 18:24:25.359256: | 00 01 a0 08 7d e8 fe ce d8 f3 9f fa 06 95 52 da Aug 26 18:24:25.359258: | 78 7e 04 4c db 65 61 b8 b0 af 05 47 55 f5 94 fe Aug 26 18:24:25.359260: | cc 44 69 1c d7 22 a8 f2 2d 73 eb 32 26 85 c1 57 Aug 26 18:24:25.359263: | b7 6d 74 23 57 e0 69 18 f9 55 41 df ef 71 59 52 Aug 26 18:24:25.359265: | a4 69 8f e6 7a 66 50 c4 83 35 fd 6a e9 b4 11 24 Aug 26 18:24:25.359268: | 28 6a f3 88 8b 42 9b 20 9a 23 ad 36 db 03 4c 17 Aug 26 18:24:25.359270: | 00 d0 1b e5 a2 1b 3a 33 66 4b cc d0 c3 88 bf 2a Aug 26 18:24:25.359272: | 2d fa f6 ca 3f 70 09 90 56 ba 63 50 cb 45 9f 29 Aug 26 18:24:25.359275: | 23 d9 8e b9 b2 e5 6f 01 5e Aug 26 18:24:25.359280: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.359285: | **parse ISAKMP Message: Aug 26 18:24:25.359313: | initiator cookie: Aug 26 18:24:25.359318: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.359321: | responder cookie: Aug 26 18:24:25.359323: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.359326: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.359330: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.359332: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.359335: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.359338: | Message ID: 2 (0x2) Aug 26 18:24:25.359341: | length: 601 (0x259) Aug 26 18:24:25.359344: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:24:25.359347: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 18:24:25.359352: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 18:24:25.359359: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.359362: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:25.359367: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:25.359370: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:24:25.359375: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 18:24:25.359377: | unpacking clear payload Aug 26 18:24:25.359380: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:25.359384: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:25.359386: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.359389: | flags: none (0x0) Aug 26 18:24:25.359394: | length: 573 (0x23d) Aug 26 18:24:25.359397: | processing payload: ISAKMP_NEXT_v2SK (len=569) Aug 26 18:24:25.359401: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:25.359404: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 18:24:25.359428: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:24:25.359431: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.359434: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.359436: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.359439: | flags: none (0x0) Aug 26 18:24:25.359441: | length: 196 (0xc4) Aug 26 18:24:25.359444: | processing payload: ISAKMP_NEXT_v2SA (len=192) Aug 26 18:24:25.359446: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.359449: | **parse IKEv2 Nonce Payload: Aug 26 18:24:25.359452: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.359454: | flags: none (0x0) Aug 26 18:24:25.359457: | length: 36 (0x24) Aug 26 18:24:25.359459: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.359462: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.359465: | **parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.359468: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.359470: | flags: none (0x0) Aug 26 18:24:25.359473: | length: 264 (0x108) Aug 26 18:24:25.359476: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.359478: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.359481: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.359484: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.359486: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.359489: | flags: none (0x0) Aug 26 18:24:25.359491: | length: 24 (0x18) Aug 26 18:24:25.359494: | number of TS: 1 (0x1) Aug 26 18:24:25.359497: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.359499: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.359502: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.359504: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.359507: | flags: none (0x0) Aug 26 18:24:25.359509: | length: 24 (0x18) Aug 26 18:24:25.359512: | number of TS: 1 (0x1) Aug 26 18:24:25.359514: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.359518: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 18:24:25.359521: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 18:24:25.359526: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.359532: | creating state object #3 at 0x5576565e4c38 Aug 26 18:24:25.359535: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:25.359544: | pstats #3 ikev2.child started Aug 26 18:24:25.359548: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 18:24:25.359554: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.359563: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.359567: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 18:24:25.359572: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Aug 26 18:24:25.359577: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 18:24:25.359581: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:25.359587: | forcing ST #1 to CHILD #1.#3 in FSM processor Aug 26 18:24:25.359590: | Now let's proceed with state specific processing Aug 26 18:24:25.359592: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 18:24:25.359598: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:25.359602: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 18:24:25.359608: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.359614: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.359617: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.359622: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.359625: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.359630: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.359633: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.359637: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.359645: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.359648: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:24:25.359652: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.359655: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.359657: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.359660: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.359663: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.359666: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.359669: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.359671: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.359674: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.359676: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.359679: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.359682: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.359684: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.359687: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.359689: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.359692: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.359694: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.359697: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.359700: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.359703: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.359705: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.359708: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.359710: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.359713: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.359716: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.359719: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.359722: | length: 40 (0x28) Aug 26 18:24:25.359725: | prop #: 1 (0x1) Aug 26 18:24:25.359729: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.359731: | spi size: 4 (0x4) Aug 26 18:24:25.359734: | # transforms: 3 (0x3) Aug 26 18:24:25.359737: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.359740: | remote SPI b2 cb 20 e3 Aug 26 18:24:25.359743: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:25.359747: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359752: | length: 12 (0xc) Aug 26 18:24:25.359755: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.359757: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.359761: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.359763: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.359766: | length/value: 256 (0x100) Aug 26 18:24:25.359770: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.359773: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359778: | length: 8 (0x8) Aug 26 18:24:25.359780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.359783: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.359787: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.359790: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:25.359793: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:25.359796: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:25.359799: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359801: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.359804: | length: 8 (0x8) Aug 26 18:24:25.359806: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.359809: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.359812: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.359815: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:24:25.359819: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:24:25.359822: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:24:25.359825: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:24:25.359830: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:24:25.359832: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.359835: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.359838: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.359840: | length: 40 (0x28) Aug 26 18:24:25.359843: | prop #: 2 (0x2) Aug 26 18:24:25.359845: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.359848: | spi size: 4 (0x4) Aug 26 18:24:25.359850: | # transforms: 3 (0x3) Aug 26 18:24:25.359853: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.359856: | remote SPI b2 cb 20 e3 Aug 26 18:24:25.359859: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.359861: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359864: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359866: | length: 12 (0xc) Aug 26 18:24:25.359869: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.359871: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.359875: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.359878: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.359880: | length/value: 128 (0x80) Aug 26 18:24:25.359883: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359888: | length: 8 (0x8) Aug 26 18:24:25.359891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.359894: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.359897: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359899: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.359901: | length: 8 (0x8) Aug 26 18:24:25.359904: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.359906: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.359910: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Aug 26 18:24:25.359913: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Aug 26 18:24:25.359916: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.359918: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.359921: | length: 56 (0x38) Aug 26 18:24:25.359923: | prop #: 3 (0x3) Aug 26 18:24:25.359926: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.359928: | spi size: 4 (0x4) Aug 26 18:24:25.359931: | # transforms: 5 (0x5) Aug 26 18:24:25.359934: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.359936: | remote SPI b2 cb 20 e3 Aug 26 18:24:25.359939: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.359942: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359947: | length: 12 (0xc) Aug 26 18:24:25.359949: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.359952: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.359954: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.359957: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.359959: | length/value: 256 (0x100) Aug 26 18:24:25.359962: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359967: | length: 8 (0x8) Aug 26 18:24:25.359970: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.359972: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.359975: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359980: | length: 8 (0x8) Aug 26 18:24:25.359983: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.359985: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.359988: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.359990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.359993: | length: 8 (0x8) Aug 26 18:24:25.359995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.359998: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.360001: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360003: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.360006: | length: 8 (0x8) Aug 26 18:24:25.360008: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.360011: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.360015: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 18:24:25.360018: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 18:24:25.360020: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.360023: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.360025: | length: 56 (0x38) Aug 26 18:24:25.360028: | prop #: 4 (0x4) Aug 26 18:24:25.360032: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.360035: | spi size: 4 (0x4) Aug 26 18:24:25.360037: | # transforms: 5 (0x5) Aug 26 18:24:25.360040: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.360042: | remote SPI b2 cb 20 e3 Aug 26 18:24:25.360046: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.360048: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.360053: | length: 12 (0xc) Aug 26 18:24:25.360056: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.360058: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.360061: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.360064: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.360066: | length/value: 128 (0x80) Aug 26 18:24:25.360069: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.360074: | length: 8 (0x8) Aug 26 18:24:25.360077: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.360079: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.360082: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.360087: | length: 8 (0x8) Aug 26 18:24:25.360089: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.360092: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.360095: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.360100: | length: 8 (0x8) Aug 26 18:24:25.360102: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.360105: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.360108: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.360110: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.360113: | length: 8 (0x8) Aug 26 18:24:25.360115: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.360118: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.360122: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 18:24:25.360125: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 18:24:25.360130: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=b2cb20e3;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.360135: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=b2cb20e3;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.360138: | converting proposal to internal trans attrs Aug 26 18:24:25.360143: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:24:25.360147: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 18:24:25.360150: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.360153: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.360155: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.360158: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.360160: | length: 16 (0x10) Aug 26 18:24:25.360163: | start port: 0 (0x0) Aug 26 18:24:25.360165: | end port: 65535 (0xffff) Aug 26 18:24:25.360168: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.360171: | TS low c0 00 03 00 Aug 26 18:24:25.360174: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.360176: | TS high c0 00 03 ff Aug 26 18:24:25.360180: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.360183: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.360186: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.360188: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.360191: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.360193: | length: 16 (0x10) Aug 26 18:24:25.360196: | start port: 0 (0x0) Aug 26 18:24:25.360198: | end port: 65535 (0xffff) Aug 26 18:24:25.360201: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.360203: | TS low c0 00 16 00 Aug 26 18:24:25.360206: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.360208: | TS high c0 00 16 ff Aug 26 18:24:25.360211: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.360213: | looking for best SPD in current connection Aug 26 18:24:25.360220: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.360225: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360231: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.360234: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.360237: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.360240: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.360243: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.360247: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360253: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.360256: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.360258: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.360261: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.360264: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.360266: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.360269: | found better spd route for TSi[0],TSr[0] Aug 26 18:24:25.360272: | looking for better host pair Aug 26 18:24:25.360277: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:25.360282: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 18:24:25.360284: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 18:24:25.360303: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.360309: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.360311: | results matched Aug 26 18:24:25.360318: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.360325: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.360330: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.360335: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360340: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.360344: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.360346: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.360349: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.360352: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.360356: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360362: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.360366: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.360369: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.360372: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.360375: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.360377: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.360380: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 18:24:25.360390: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.360393: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.360396: | results matched Aug 26 18:24:25.360401: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.360407: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.360412: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:25.360416: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360422: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.360425: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.360427: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.360430: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.360433: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.360437: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.360443: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Aug 26 18:24:25.360468: | did not find a better connection using host pair Aug 26 18:24:25.360471: | printing contents struct traffic_selector Aug 26 18:24:25.360474: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.360477: | ipprotoid: 0 Aug 26 18:24:25.360479: | port range: 0-65535 Aug 26 18:24:25.360483: | ip range: 192.0.22.0-192.0.22.255 Aug 26 18:24:25.360486: | printing contents struct traffic_selector Aug 26 18:24:25.360488: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.360491: | ipprotoid: 0 Aug 26 18:24:25.360493: | port range: 0-65535 Aug 26 18:24:25.360497: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.360504: | adding Child Responder KE and nonce nr work-order 3 for state #3 Aug 26 18:24:25.360509: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5576565dc088 Aug 26 18:24:25.360514: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.360518: | libevent_malloc: new ptr-libevent@0x7f4c4c000f48 size 128 Aug 26 18:24:25.360522: | libevent_realloc: release ptr-libevent@0x5576565664c8 Aug 26 18:24:25.360526: | libevent_realloc: new ptr-libevent@0x5576565cff38 size 128 Aug 26 18:24:25.360545: | crypto helper 2 resuming Aug 26 18:24:25.360550: | crypto helper 2 starting work-order 3 for state #3 Aug 26 18:24:25.360555: | crypto helper 2 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Aug 26 18:24:25.361391: | crypto helper 2 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000834 seconds Aug 26 18:24:25.361412: | (#3) spent 0.85 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Aug 26 18:24:25.361417: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:25.361421: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.361425: | libevent_malloc: new ptr-libevent@0x7f4c50002888 size 128 Aug 26 18:24:25.361437: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:25.361450: | #3 spent 0.924 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 18:24:25.361459: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.361464: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.361468: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 18:24:25.361472: | suspending state #3 and saving MD Aug 26 18:24:25.361475: | #3 is busy; has a suspended MD Aug 26 18:24:25.361479: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.361483: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.361486: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.361490: | #1 spent 1.38 milliseconds in ikev2_process_packet() Aug 26 18:24:25.361493: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.361495: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.361497: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.361500: | spent 1.39 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.361508: | processing resume sending helper answer for #3 Aug 26 18:24:25.361511: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.361514: | crypto helper 2 replies to request ID 3 Aug 26 18:24:25.361515: | calling continuation function 0x557655fe3b50 Aug 26 18:24:25.361518: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Aug 26 18:24:25.361523: | adding DHv2 for child sa work-order 4 for state #3 Aug 26 18:24:25.361525: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.361528: | libevent_free: release ptr-libevent@0x7f4c4c000f48 Aug 26 18:24:25.361530: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5576565dc088 Aug 26 18:24:25.361532: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5576565dc088 Aug 26 18:24:25.361535: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.361537: | libevent_malloc: new ptr-libevent@0x7f4c4c000f48 size 128 Aug 26 18:24:25.361544: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.361546: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 18:24:25.361548: | suspending state #3 and saving MD Aug 26 18:24:25.361550: | #3 is busy; has a suspended MD Aug 26 18:24:25.361552: | crypto helper 3 resuming Aug 26 18:24:25.361552: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.361569: | crypto helper 3 starting work-order 4 for state #3 Aug 26 18:24:25.361577: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.361581: | crypto helper 3 doing crypto (DHv2 for child sa); request ID 4 Aug 26 18:24:25.361582: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:25.361592: | #3 spent 0.0701 milliseconds in resume sending helper answer Aug 26 18:24:25.361597: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.361601: | libevent_free: release ptr-libevent@0x7f4c50002888 Aug 26 18:24:25.362171: | crypto helper 3 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.000591 seconds Aug 26 18:24:25.362181: | (#3) spent 0.6 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Aug 26 18:24:25.362184: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 18:24:25.362186: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.362189: | libevent_malloc: new ptr-libevent@0x7f4c44001f78 size 128 Aug 26 18:24:25.362195: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:25.362202: | processing resume sending helper answer for #3 Aug 26 18:24:25.362210: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.362215: | crypto helper 3 replies to request ID 4 Aug 26 18:24:25.362217: | calling continuation function 0x557655fe49d0 Aug 26 18:24:25.362220: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Aug 26 18:24:25.362242: | **emit ISAKMP Message: Aug 26 18:24:25.362246: | initiator cookie: Aug 26 18:24:25.362248: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.362250: | responder cookie: Aug 26 18:24:25.362252: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.362255: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.362258: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.362261: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.362264: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.362266: | Message ID: 2 (0x2) Aug 26 18:24:25.362269: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.362272: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.362275: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362277: | flags: none (0x0) Aug 26 18:24:25.362280: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.362283: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362286: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.362359: | netlink_get_spi: allocated 0xb420b7be for esp.0@192.1.2.23 Aug 26 18:24:25.362366: | Emitting ikev2_proposal ... Aug 26 18:24:25.362370: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.362372: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362375: | flags: none (0x0) Aug 26 18:24:25.362378: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.362381: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362384: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.362387: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.362390: | prop #: 1 (0x1) Aug 26 18:24:25.362392: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.362395: | spi size: 4 (0x4) Aug 26 18:24:25.362397: | # transforms: 3 (0x3) Aug 26 18:24:25.362399: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.362403: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.362405: | our spi b4 20 b7 be Aug 26 18:24:25.362408: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.362411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.362413: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.362416: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.362419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.362422: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.362424: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.362429: | length/value: 256 (0x100) Aug 26 18:24:25.362432: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.362435: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.362437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.362440: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.362442: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.362445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.362448: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.362451: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.362454: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.362456: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.362458: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.362459: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.362461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.362463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.362465: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.362467: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.362469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.362470: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:24:25.362472: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.362474: | ****emit IKEv2 Nonce Payload: Aug 26 18:24:25.362476: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362477: | flags: none (0x0) Aug 26 18:24:25.362480: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.362481: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362484: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.362485: | IKEv2 nonce a1 81 db 49 92 a0 f4 69 79 c0 be 4e 6d ff 91 fd Aug 26 18:24:25.362487: | IKEv2 nonce ec 08 59 4c d3 cd e6 8d 30 57 fc c8 ea 9a 8a da Aug 26 18:24:25.362489: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.362490: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.362492: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362494: | flags: none (0x0) Aug 26 18:24:25.362495: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.362497: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.362499: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362501: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.362503: | ikev2 g^x f1 7b a8 40 27 24 db 2c 2b 1b fc 08 9e 23 2e ad Aug 26 18:24:25.362505: | ikev2 g^x 32 68 8f 1b 1a 5d 70 8f 9d b8 da 13 01 8b 34 25 Aug 26 18:24:25.362506: | ikev2 g^x f5 f4 71 5c 24 3a d7 ee f1 1f 2a 82 aa c1 a2 89 Aug 26 18:24:25.362508: | ikev2 g^x 7d eb 67 6e 81 d7 7d b7 b2 79 df 96 77 2a c1 c8 Aug 26 18:24:25.362509: | ikev2 g^x 5e 7c 16 e2 50 f2 c7 b7 06 fb 9a ed 0e 67 74 ff Aug 26 18:24:25.362511: | ikev2 g^x 67 be 3c 7c 65 25 03 cb e1 80 18 c2 0d 6f cc f6 Aug 26 18:24:25.362512: | ikev2 g^x 82 79 10 0d ef 38 ab b2 34 06 5f a0 01 fb fb 82 Aug 26 18:24:25.362515: | ikev2 g^x 0f d3 15 99 08 7d 87 d7 b1 42 c0 44 d0 eb 62 ca Aug 26 18:24:25.362517: | ikev2 g^x 9f 97 e7 0e f3 fc bf 2d 5a 8a ac 34 2d 2c 10 19 Aug 26 18:24:25.362519: | ikev2 g^x ed e5 19 82 c8 3c f4 be 87 3d 50 8b 68 3d 3f e5 Aug 26 18:24:25.362520: | ikev2 g^x 56 0d 1c 8a 25 1f 6c ef 1c 26 e8 f6 0e ec cf 4a Aug 26 18:24:25.362522: | ikev2 g^x 92 92 2a 69 06 10 b4 48 f9 a4 4b b6 75 8b ba 55 Aug 26 18:24:25.362523: | ikev2 g^x 6c 19 ae 12 96 90 9c b6 49 09 da 4b c7 2c 85 32 Aug 26 18:24:25.362525: | ikev2 g^x 28 37 7f 94 12 ea cb 02 65 3e 0f 4d c8 18 8d 33 Aug 26 18:24:25.362526: | ikev2 g^x e6 f1 44 51 bc e0 de 41 da 94 57 fd af de 0b f2 Aug 26 18:24:25.362528: | ikev2 g^x e8 89 ae 2f cc cd 3e f9 12 e0 23 99 a2 d1 e2 a9 Aug 26 18:24:25.362530: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.362532: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.362533: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362535: | flags: none (0x0) Aug 26 18:24:25.362537: | number of TS: 1 (0x1) Aug 26 18:24:25.362539: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.362541: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362542: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.362544: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.362546: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.362547: | start port: 0 (0x0) Aug 26 18:24:25.362549: | end port: 65535 (0xffff) Aug 26 18:24:25.362551: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.362553: | ipv4 start c0 00 03 00 Aug 26 18:24:25.362555: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.362556: | ipv4 end c0 00 03 ff Aug 26 18:24:25.362558: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.362559: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.362561: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.362563: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.362564: | flags: none (0x0) Aug 26 18:24:25.362566: | number of TS: 1 (0x1) Aug 26 18:24:25.362568: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.362570: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.362572: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.362573: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.362575: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.362576: | start port: 0 (0x0) Aug 26 18:24:25.362578: | end port: 65535 (0xffff) Aug 26 18:24:25.362580: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.362581: | ipv4 start c0 00 16 00 Aug 26 18:24:25.362583: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.362585: | ipv4 end c0 00 16 ff Aug 26 18:24:25.362586: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.362588: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.362590: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:25.362593: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.362792: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:24:25.362799: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:24:25.362802: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.362806: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.362809: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.362814: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.362818: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.362823: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:24:25.362828: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.362832: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.362835: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.362838: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.362843: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.362847: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.362851: | netlink: enabling tunnel mode Aug 26 18:24:25.362854: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.362858: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.362933: | netlink response for Add SA esp.b2cb20e3@192.1.3.33 included non-error error Aug 26 18:24:25.362938: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.362942: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.362945: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.362947: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.362950: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.362954: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.362957: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.362960: | netlink: enabling tunnel mode Aug 26 18:24:25.362962: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.362965: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.363003: | netlink response for Add SA esp.b420b7be@192.1.2.23 included non-error error Aug 26 18:24:25.363009: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.363017: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:25.363021: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.363045: | raw_eroute result=success Aug 26 18:24:25.363050: | set up incoming SA, ref=0/0 Aug 26 18:24:25.363053: | sr for #3: unrouted Aug 26 18:24:25.363056: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.363058: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.363061: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.363064: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.363067: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.363069: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.363074: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:24:25.363077: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x5576565cd578} and state: #3 Aug 26 18:24:25.363081: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.363090: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:24:25.363093: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.363107: | raw_eroute result=success Aug 26 18:24:25.363112: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.363115: | command executing up-client Aug 26 18:24:25.363136: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.363140: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.363154: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:24:25.363157: | popen cmd is 1405 chars long Aug 26 18:24:25.363159: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.363161: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:24:25.363163: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:24:25.363164: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:24:25.363166: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:25.363168: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 18:24:25.363169: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:25.363171: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:24:25.363173: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:24:25.363174: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:25.363176: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:25.363178: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:25.363180: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Aug 26 18:24:25.363181: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 18:24:25.363183: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 18:24:25.363185: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 18:24:25.363186: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb: Aug 26 18:24:25.363188: | cmd(1360):2cb20e3 SPI_OUT=0xb420b7be ipsec _updown 2>&1: Aug 26 18:24:25.373977: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.373996: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x5576565db518,sr=0x5576565db518} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.374067: | #1 spent 0.931 milliseconds in install_ipsec_sa() Aug 26 18:24:25.374076: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:24:25.374080: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.374085: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.374091: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.374094: | emitting length of IKEv2 Encryption Payload: 421 Aug 26 18:24:25.374097: | emitting length of ISAKMP Message: 449 Aug 26 18:24:25.374146: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:25.374159: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.374162: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Aug 26 18:24:25.374164: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Aug 26 18:24:25.374168: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Aug 26 18:24:25.374170: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:24:25.374174: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Aug 26 18:24:25.374177: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.374179: | pstats #3 ikev2.child established Aug 26 18:24:25.374184: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:25.374187: | NAT-T: encaps is 'auto' Aug 26 18:24:25.374190: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xb2cb20e3 <0xb420b7be xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.374194: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:25.374199: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.374202: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.374204: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:24:25.374205: | 9e e7 c3 13 c2 96 9a 53 d9 7f dc 07 fb ba 9b 76 Aug 26 18:24:25.374207: | 2c 91 b5 ea ae bd e3 64 84 c2 bf 9c 01 d4 72 93 Aug 26 18:24:25.374209: | 8e 04 25 ff a3 33 38 30 6f 6d f8 90 2b fa 43 bb Aug 26 18:24:25.374210: | bd c3 bc 0d 1a 9d 13 d8 0b da 1b 9a 21 29 7a 97 Aug 26 18:24:25.374212: | 4a a7 49 76 22 c9 ae 43 15 b5 48 e6 d6 56 89 c8 Aug 26 18:24:25.374213: | 7d 21 8d 14 30 03 e3 cf b3 79 69 dc e1 5a 06 55 Aug 26 18:24:25.374215: | f1 88 b1 1e 23 f0 d9 d6 78 a6 5d 12 d5 eb 15 b0 Aug 26 18:24:25.374216: | ae 52 30 00 e1 ba 83 00 9b 73 db 64 60 02 d0 f6 Aug 26 18:24:25.374218: | d0 e5 fd c6 5e 54 81 56 16 4e b1 ca 77 01 ea ea Aug 26 18:24:25.374219: | 8c 17 9e 40 7c 31 bf 8b 14 cb 49 5a 95 33 ce af Aug 26 18:24:25.374221: | 63 ce d6 dc 7c e7 8f 18 51 75 e0 46 26 3e 9c d2 Aug 26 18:24:25.374222: | b8 f9 d6 b2 a4 0d 3f 95 20 9a 07 3a 1f a4 54 39 Aug 26 18:24:25.374224: | fe d7 2a c0 14 86 c6 21 47 01 45 8b f6 df 4f 76 Aug 26 18:24:25.374225: | 10 d9 46 55 35 d7 c0 ce 71 08 af 49 d4 51 8d f2 Aug 26 18:24:25.374227: | f8 7f 2f 2c 16 6a 58 3c a7 40 99 93 1a 63 57 11 Aug 26 18:24:25.374229: | 3b d6 bd 5f 4d 0a 6d a3 57 07 7c 40 22 ab de 16 Aug 26 18:24:25.374230: | a0 65 4e 60 80 56 c2 9d d9 9a c0 ae 5a 1a 04 0f Aug 26 18:24:25.374232: | c3 3c a5 be 88 18 73 4e 5d fb e2 3d 07 ca 9d 66 Aug 26 18:24:25.374233: | 33 94 91 0a 05 bf 0b 98 eb 90 ef cd c7 b4 5d b7 Aug 26 18:24:25.374235: | 7e 06 da a8 c3 26 f5 1f ff 9c f8 d5 36 ec bf 05 Aug 26 18:24:25.374236: | 09 f4 2f b8 cf 6d 84 8c aa 81 f5 37 0f d5 8a f0 Aug 26 18:24:25.374238: | f3 2a 94 47 5d 7a bc 1b 1f 16 31 9a d8 66 36 05 Aug 26 18:24:25.374239: | 17 41 9f e1 88 72 9a 61 da b5 bf c5 8b ce 80 35 Aug 26 18:24:25.374241: | ad 1c 4b 9d e9 91 87 97 4a e3 43 07 a0 1f 98 75 Aug 26 18:24:25.374242: | 80 71 47 eb 93 46 7a b6 4e 3e d2 93 c6 d6 4b 28 Aug 26 18:24:25.374244: | 4c a5 63 8b 13 eb d6 fa 6d 5f 08 6e 84 d8 e4 32 Aug 26 18:24:25.374245: | 87 Aug 26 18:24:25.374334: | releasing whack for #3 (sock=fd@-1) Aug 26 18:24:25.374345: | releasing whack and unpending for parent #1 Aug 26 18:24:25.374349: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 18:24:25.374354: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:25.374357: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.374368: | libevent_free: release ptr-libevent@0x7f4c4c000f48 Aug 26 18:24:25.374375: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5576565dc088 Aug 26 18:24:25.374378: | event_schedule: new EVENT_SA_REKEY-pe@0x5576565dc088 Aug 26 18:24:25.374382: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Aug 26 18:24:25.374386: | libevent_malloc: new ptr-libevent@0x5576565f8278 size 128 Aug 26 18:24:25.374395: | #3 spent 1.73 milliseconds in resume sending helper answer Aug 26 18:24:25.374401: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.374406: | libevent_free: release ptr-libevent@0x7f4c44001f78 Aug 26 18:24:25.374421: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.374426: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.374431: | spent 0.00539 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:27.890444: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:27.890812: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:27.890819: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:27.890972: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:27.890978: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:27.890988: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:27.891007: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:27.891028: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:27.891036: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:27.891056: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:27.891064: | spent 0.629 milliseconds in whack Aug 26 18:24:29.008151: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:29.008186: shutting down Aug 26 18:24:29.008202: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:29.008206: destroying root certificate cache Aug 26 18:24:29.008241: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:29.008244: forgetting secrets Aug 26 18:24:29.008259: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:29.008269: | unreference key: 0x5576565dac58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.008274: | unreference key: 0x5576565da538 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.008279: | unreference key: 0x5576565da2d8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:29.008282: | unreference key: 0x5576565d9dc8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.008291: | unreference key: 0x5576565d8948 192.1.2.23 cnt 1-- Aug 26 18:24:29.008302: | unreference key: 0x5576565d4ba8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.008306: | unreference key: 0x5576565d4438 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.008310: | unreference key: 0x5576564bac48 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:29.008315: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 18:24:29.008319: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.008321: | pass 0 Aug 26 18:24:29.008324: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.008327: | state #3 Aug 26 18:24:29.008331: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.008341: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.008344: | pstats #3 ikev2.child deleted completed Aug 26 18:24:29.008350: | #3 spent 4.17 milliseconds in total Aug 26 18:24:29.008355: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:29.008360: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 3.648s and sending notification Aug 26 18:24:29.008364: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:24:29.008370: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:29.008389: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:29.008398: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Aug 26 18:24:29.008403: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:24:29.008407: | Opening output PBS informational exchange delete request Aug 26 18:24:29.008410: | **emit ISAKMP Message: Aug 26 18:24:29.008413: | initiator cookie: Aug 26 18:24:29.008416: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.008418: | responder cookie: Aug 26 18:24:29.008421: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.008424: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.008427: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.008430: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.008433: | flags: none (0x0) Aug 26 18:24:29.008436: | Message ID: 0 (0x0) Aug 26 18:24:29.008439: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.008443: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.008445: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.008448: | flags: none (0x0) Aug 26 18:24:29.008451: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.008454: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.008458: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.008473: | ****emit IKEv2 Delete Payload: Aug 26 18:24:29.008477: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.008479: | flags: none (0x0) Aug 26 18:24:29.008482: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.008485: | SPI size: 4 (0x4) Aug 26 18:24:29.008487: | number of SPIs: 1 (0x1) Aug 26 18:24:29.008490: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:29.008493: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.008496: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:24:29.008498: | local spis b4 20 b7 be Aug 26 18:24:29.008501: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:29.008503: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.008506: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.008508: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.008511: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:29.008513: | emitting length of ISAKMP Message: 69 Aug 26 18:24:29.008538: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 18:24:29.008541: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.008544: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.008546: | 24 bd 99 28 c3 9f cb 71 38 86 7d b8 fe 62 fa 92 Aug 26 18:24:29.008548: | 17 78 70 e2 09 76 1b 0b aa ca 96 49 ae f4 65 e3 Aug 26 18:24:29.008552: | ab 9f ea fb 17 Aug 26 18:24:29.008606: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 18:24:29.008610: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 18:24:29.008616: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:29.008619: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.008624: | libevent_free: release ptr-libevent@0x5576565f8278 Aug 26 18:24:29.008627: | free_event_entry: release EVENT_SA_REKEY-pe@0x5576565dc088 Aug 26 18:24:29.008685: | running updown command "ipsec _updown" for verb down Aug 26 18:24:29.008691: | command executing down-client Aug 26 18:24:29.008726: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 18:24:29.008731: | popen cmd is 1298 chars long Aug 26 18:24:29.008734: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:29.008737: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:24:29.008740: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:24:29.008743: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:29.008746: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:29.008749: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 18:24:29.008752: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:29.008755: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 18:24:29.008758: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 18:24:29.008761: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:29.008764: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN: Aug 26 18:24:29.008767: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 18:24:29.008770: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 18:24:29.008772: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 18:24:29.008775: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 18:24:29.008778: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb2cb20e3 SPI_OUT=0xb420b7be : Aug 26 18:24:29.008781: | cmd(1280):ipsec _updown 2>&1: Aug 26 18:24:29.020771: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:29.020790: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.020802: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.020809: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:29.020854: | delete esp.b2cb20e3@192.1.3.33 Aug 26 18:24:29.020876: | netlink response for Del SA esp.b2cb20e3@192.1.3.33 included non-error error Aug 26 18:24:29.020882: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.020890: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:29.020910: | raw_eroute result=success Aug 26 18:24:29.020915: | delete esp.b420b7be@192.1.2.23 Aug 26 18:24:29.020929: | netlink response for Del SA esp.b420b7be@192.1.2.23 included non-error error Aug 26 18:24:29.020943: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:29.020949: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:29.020952: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.020956: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Aug 26 18:24:29.020965: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:24:29.022338: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.022370: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:29.022374: | state #2 Aug 26 18:24:29.022382: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.022386: | pstats #2 ikev2.child deleted completed Aug 26 18:24:29.022394: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:29.022398: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 3.783s and sending notification Aug 26 18:24:29.022403: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:24:29.022408: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:29.022422: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:29.022430: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:29.022435: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:24:29.022439: | Opening output PBS informational exchange delete request Aug 26 18:24:29.022443: | **emit ISAKMP Message: Aug 26 18:24:29.022447: | initiator cookie: Aug 26 18:24:29.022450: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.022453: | responder cookie: Aug 26 18:24:29.022455: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.022459: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.022463: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.022467: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.022471: | flags: none (0x0) Aug 26 18:24:29.022474: | Message ID: 1 (0x1) Aug 26 18:24:29.022478: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.022482: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.022486: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.022489: | flags: none (0x0) Aug 26 18:24:29.022493: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.022498: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.022502: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.022516: | ****emit IKEv2 Delete Payload: Aug 26 18:24:29.022519: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.022522: | flags: none (0x0) Aug 26 18:24:29.022526: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.022529: | SPI size: 4 (0x4) Aug 26 18:24:29.022532: | number of SPIs: 1 (0x1) Aug 26 18:24:29.022539: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:29.022543: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.022547: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:24:29.022550: | local spis 68 2f 54 e6 Aug 26 18:24:29.022554: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:29.022557: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.022561: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.022565: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.022569: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:29.022572: | emitting length of ISAKMP Message: 69 Aug 26 18:24:29.022601: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 18:24:29.022605: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.022608: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.022611: | 4d 69 a5 6e 27 ba 31 31 ae 72 89 37 88 af 3a 8e Aug 26 18:24:29.022614: | 76 5a bd 13 f7 59 e5 30 7a b5 6e a3 86 7a 8d c0 Aug 26 18:24:29.022617: | 94 32 d4 07 b3 Aug 26 18:24:29.022672: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 18:24:29.022677: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 18:24:29.022685: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Aug 26 18:24:29.022691: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Aug 26 18:24:29.022695: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.022704: | libevent_free: release ptr-libevent@0x5576565ec1e8 Aug 26 18:24:29.022710: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4c54002b78 Aug 26 18:24:29.022763: | running updown command "ipsec _updown" for verb down Aug 26 18:24:29.022768: | command executing down-client Aug 26 18:24:29.022815: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 18:24:29.022819: | popen cmd is 1296 chars long Aug 26 18:24:29.022824: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:29.022827: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:24:29.022831: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:24:29.022835: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:29.022841: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:29.022845: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 18:24:29.022848: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:29.022852: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:24:29.022856: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:24:29.022859: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:29.022864: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN_P: Aug 26 18:24:29.022868: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:24:29.022871: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:24:29.022875: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:24:29.022879: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:24:29.022882: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcc5e1e56 SPI_OUT=0x682f54e6 ip: Aug 26 18:24:29.022885: | cmd(1280):sec _updown 2>&1: Aug 26 18:24:29.037748: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:29.037763: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.037768: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.037774: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:29.037810: | delete esp.cc5e1e56@192.1.3.33 Aug 26 18:24:29.037829: | netlink response for Del SA esp.cc5e1e56@192.1.3.33 included non-error error Aug 26 18:24:29.037833: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.037839: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:29.037859: | raw_eroute result=success Aug 26 18:24:29.037864: | delete esp.682f54e6@192.1.2.23 Aug 26 18:24:29.037874: | netlink response for Del SA esp.682f54e6@192.1.2.23 included non-error error Aug 26 18:24:29.037886: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:29.037890: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 18:24:29.037901: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:24:29.037912: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.037932: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:29.037935: | state #1 Aug 26 18:24:29.037938: | pass 1 Aug 26 18:24:29.037941: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.037943: | state #1 Aug 26 18:24:29.037948: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.037952: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:29.037959: | #1 spent 28.7 milliseconds in total Aug 26 18:24:29.037964: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:29.037968: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 3.856s and sending notification Aug 26 18:24:29.037972: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 18:24:29.038106: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 18:24:29.038112: | Opening output PBS informational exchange delete request Aug 26 18:24:29.038116: | **emit ISAKMP Message: Aug 26 18:24:29.038119: | initiator cookie: Aug 26 18:24:29.038122: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.038128: | responder cookie: Aug 26 18:24:29.038130: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.038133: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.038136: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.038139: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.038143: | flags: none (0x0) Aug 26 18:24:29.038145: | Message ID: 2 (0x2) Aug 26 18:24:29.038148: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.038152: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.038154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.038157: | flags: none (0x0) Aug 26 18:24:29.038160: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.038163: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.038166: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.038185: | ****emit IKEv2 Delete Payload: Aug 26 18:24:29.038191: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.038194: | flags: none (0x0) Aug 26 18:24:29.038198: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:29.038201: | SPI size: 0 (0x0) Aug 26 18:24:29.038204: | number of SPIs: 0 (0x0) Aug 26 18:24:29.038209: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:29.038213: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:29.038216: | emitting length of IKEv2 Delete Payload: 8 Aug 26 18:24:29.038220: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.038224: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.038228: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.038231: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 18:24:29.038235: | emitting length of ISAKMP Message: 65 Aug 26 18:24:29.038263: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:29.038267: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.038270: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:24:29.038273: | 80 ff d2 2a 50 11 75 05 33 f1 49 0f c6 f7 7c eb Aug 26 18:24:29.038276: | 1c 69 c6 a9 a8 4a 95 4d 36 09 cd 8d 11 d7 39 8f Aug 26 18:24:29.038279: | 7c Aug 26 18:24:29.038337: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 18:24:29.038345: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 18:24:29.038352: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Aug 26 18:24:29.038358: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Aug 26 18:24:29.038362: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.038371: | libevent_free: release ptr-libevent@0x5576565f8fd8 Aug 26 18:24:29.038375: | free_event_entry: release EVENT_SA_REKEY-pe@0x5576565dd368 Aug 26 18:24:29.038380: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:29.038384: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.038387: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 18:24:29.038392: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:29.038403: | unreference key: 0x5576565eabb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 18:24:29.038438: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.038451: | unreference key: 0x5576565eabb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.038458: | unreference key: 0x5576565ead58 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.038463: | unreference key: 0x5576565f5898 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:29.038492: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:29.038497: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.038501: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.038505: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.038526: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.038536: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.038541: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.038544: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:29.038548: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.038551: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.038556: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 18:24:29.038562: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 18:24:29.038566: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:29.038582: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 18:24:29.038587: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.038590: | pass 0 Aug 26 18:24:29.038593: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.038596: | pass 1 Aug 26 18:24:29.038599: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.038603: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.038607: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.038610: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.038622: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.038631: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.038636: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.038639: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.038643: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:24:29.038646: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:29.038650: | command executing unroute-client Aug 26 18:24:29.038783: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 18:24:29.038791: | popen cmd is 1277 chars long Aug 26 18:24:29.038795: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:29.038799: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:24:29.038803: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:29.038806: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:29.038810: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:29.038813: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:29.038817: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 18:24:29.038821: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 18:24:29.038824: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 18:24:29.038828: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:29.038831: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 18:24:29.038835: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 18:24:29.038838: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 18:24:29.038842: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 18:24:29.038846: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 18:24:29.038849: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:29.062467: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062522: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062553: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062610: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062637: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062668: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062696: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062724: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062751: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062779: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062808: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062838: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062865: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062894: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062921: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062951: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.062978: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063010: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063038: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063066: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063095: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063124: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063152: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063181: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063208: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063240: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063268: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063302: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063334: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063362: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063392: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063420: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063448: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063477: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063504: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063534: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063561: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063589: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063617: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063644: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063675: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063704: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063926: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.063959: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.108445: | free hp@0x5576565db2e8 Aug 26 18:24:29.108469: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 18:24:29.108476: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 18:24:29.108523: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:29.108528: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:29.108545: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:29.108550: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:29.108554: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:29.108558: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:24:29.108562: shutting down interface eth0/eth0 192.0.22.254:4500 Aug 26 18:24:29.108566: shutting down interface eth0/eth0 192.0.22.254:500 Aug 26 18:24:29.108570: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:29.108574: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:24:29.108579: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:29.108599: | libevent_free: release ptr-libevent@0x5576565c0998 Aug 26 18:24:29.108604: | free_event_entry: release EVENT_NULL-pe@0x5576565cc7c8 Aug 26 18:24:29.108619: | libevent_free: release ptr-libevent@0x557656567178 Aug 26 18:24:29.108623: | free_event_entry: release EVENT_NULL-pe@0x5576565cc878 Aug 26 18:24:29.108631: | libevent_free: release ptr-libevent@0x557656567228 Aug 26 18:24:29.108635: | free_event_entry: release EVENT_NULL-pe@0x5576565cc928 Aug 26 18:24:29.108643: | libevent_free: release ptr-libevent@0x5576565661e8 Aug 26 18:24:29.108646: | free_event_entry: release EVENT_NULL-pe@0x5576565cc9d8 Aug 26 18:24:29.108654: | libevent_free: release ptr-libevent@0x55765656e4f8 Aug 26 18:24:29.108658: | free_event_entry: release EVENT_NULL-pe@0x5576565cca88 Aug 26 18:24:29.108667: | libevent_free: release ptr-libevent@0x55765656f018 Aug 26 18:24:29.108671: | free_event_entry: release EVENT_NULL-pe@0x5576565ccb38 Aug 26 18:24:29.108678: | libevent_free: release ptr-libevent@0x5576565cd198 Aug 26 18:24:29.108682: | free_event_entry: release EVENT_NULL-pe@0x5576565ccbe8 Aug 26 18:24:29.108689: | libevent_free: release ptr-libevent@0x5576565cd2f8 Aug 26 18:24:29.108693: | free_event_entry: release EVENT_NULL-pe@0x5576565cd288 Aug 26 18:24:29.108701: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:29.109573: | libevent_free: release ptr-libevent@0x5576565c0a48 Aug 26 18:24:29.109586: | free_event_entry: release EVENT_NULL-pe@0x5576565b4be8 Aug 26 18:24:29.109594: | libevent_free: release ptr-libevent@0x5576565ad6c8 Aug 26 18:24:29.109598: | free_event_entry: release EVENT_NULL-pe@0x5576565b4748 Aug 26 18:24:29.109602: | libevent_free: release ptr-libevent@0x5576565ad618 Aug 26 18:24:29.109605: | free_event_entry: release EVENT_NULL-pe@0x55765656e6b8 Aug 26 18:24:29.109610: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:29.109613: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:29.109616: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:29.109619: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:29.109621: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:29.109624: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:29.109627: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:29.109630: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:29.109632: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:29.109638: | libevent_free: release ptr-libevent@0x557656572c88 Aug 26 18:24:29.109643: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:29.109647: | libevent_free: release ptr-libevent@0x5576564e9308 Aug 26 18:24:29.109651: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:29.109655: | libevent_free: release ptr-libevent@0x5576564f3508 Aug 26 18:24:29.109658: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:29.109661: | libevent_free: release ptr-libevent@0x5576564eb3b8 Aug 26 18:24:29.109664: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:29.109667: | releasing event base Aug 26 18:24:29.109682: | libevent_free: release ptr-libevent@0x5576565cc0a8 Aug 26 18:24:29.109685: | libevent_free: release ptr-libevent@0x5576565af008 Aug 26 18:24:29.109690: | libevent_free: release ptr-libevent@0x5576565aefb8 Aug 26 18:24:29.109693: | libevent_free: release ptr-libevent@0x5576565cff38 Aug 26 18:24:29.109696: | libevent_free: release ptr-libevent@0x5576565aef78 Aug 26 18:24:29.109699: | libevent_free: release ptr-libevent@0x5576565cbd38 Aug 26 18:24:29.109702: | libevent_free: release ptr-libevent@0x5576565cbfa8 Aug 26 18:24:29.109704: | libevent_free: release ptr-libevent@0x5576565af1b8 Aug 26 18:24:29.109707: | libevent_free: release ptr-libevent@0x5576565b47b8 Aug 26 18:24:29.109710: | libevent_free: release ptr-libevent@0x5576565b4418 Aug 26 18:24:29.109712: | libevent_free: release ptr-libevent@0x5576565cd3a8 Aug 26 18:24:29.109715: | libevent_free: release ptr-libevent@0x5576565cd248 Aug 26 18:24:29.109718: | libevent_free: release ptr-libevent@0x5576565ccba8 Aug 26 18:24:29.109725: | libevent_free: release ptr-libevent@0x5576565ccaf8 Aug 26 18:24:29.109727: | libevent_free: release ptr-libevent@0x5576565cca48 Aug 26 18:24:29.109730: | libevent_free: release ptr-libevent@0x5576565cc998 Aug 26 18:24:29.109732: | libevent_free: release ptr-libevent@0x5576565cc8e8 Aug 26 18:24:29.109735: | libevent_free: release ptr-libevent@0x5576565cc838 Aug 26 18:24:29.109738: | libevent_free: release ptr-libevent@0x5576564e7a38 Aug 26 18:24:29.109741: | libevent_free: release ptr-libevent@0x5576565cc028 Aug 26 18:24:29.109743: | libevent_free: release ptr-libevent@0x5576565cbfe8 Aug 26 18:24:29.109746: | libevent_free: release ptr-libevent@0x5576565cbea8 Aug 26 18:24:29.109749: | libevent_free: release ptr-libevent@0x5576565cc068 Aug 26 18:24:29.109752: | libevent_free: release ptr-libevent@0x5576565cbd78 Aug 26 18:24:29.109755: | libevent_free: release ptr-libevent@0x557656574818 Aug 26 18:24:29.109757: | libevent_free: release ptr-libevent@0x557656574798 Aug 26 18:24:29.109760: | libevent_free: release ptr-libevent@0x5576564e7da8 Aug 26 18:24:29.109763: | releasing global libevent data Aug 26 18:24:29.109766: | libevent_free: release ptr-libevent@0x557656574998 Aug 26 18:24:29.109770: | libevent_free: release ptr-libevent@0x557656574918 Aug 26 18:24:29.109773: | libevent_free: release ptr-libevent@0x557656574898 Aug 26 18:24:29.109810: leak detective found no leaks