Aug 26 18:24:24.752231: FIPS Product: YES Aug 26 18:24:24.752369: FIPS Kernel: NO Aug 26 18:24:24.752373: FIPS Mode: NO Aug 26 18:24:24.752377: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:24.752541: Initializing NSS Aug 26 18:24:24.752551: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:24.800720: NSS initialized Aug 26 18:24:24.800736: NSS crypto library initialized Aug 26 18:24:24.800739: FIPS HMAC integrity support [enabled] Aug 26 18:24:24.800742: FIPS mode disabled for pluto daemon Aug 26 18:24:24.838168: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:24.838540: libcap-ng support [enabled] Aug 26 18:24:24.838553: Linux audit support [enabled] Aug 26 18:24:24.838581: Linux audit activated Aug 26 18:24:24.838590: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17746 Aug 26 18:24:24.838593: core dump dir: /tmp Aug 26 18:24:24.838596: secrets file: /etc/ipsec.secrets Aug 26 18:24:24.838598: leak-detective enabled Aug 26 18:24:24.838601: NSS crypto [enabled] Aug 26 18:24:24.838603: XAUTH PAM support [enabled] Aug 26 18:24:24.838677: | libevent is using pluto's memory allocator Aug 26 18:24:24.838689: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:24.838703: | libevent_malloc: new ptr-libevent@0x55e6cc6b9738 size 40 Aug 26 18:24:24.838709: | libevent_malloc: new ptr-libevent@0x55e6cc6b96b8 size 40 Aug 26 18:24:24.838712: | libevent_malloc: new ptr-libevent@0x55e6cc6b9638 size 40 Aug 26 18:24:24.838715: | creating event base Aug 26 18:24:24.838719: | libevent_malloc: new ptr-libevent@0x55e6cc6ab268 size 56 Aug 26 18:24:24.838724: | libevent_malloc: new ptr-libevent@0x55e6cc62cda8 size 664 Aug 26 18:24:24.838737: | libevent_malloc: new ptr-libevent@0x55e6cc6f3d58 size 24 Aug 26 18:24:24.838740: | libevent_malloc: new ptr-libevent@0x55e6cc6f3da8 size 384 Aug 26 18:24:24.838751: | libevent_malloc: new ptr-libevent@0x55e6cc6f3d18 size 16 Aug 26 18:24:24.838754: | libevent_malloc: new ptr-libevent@0x55e6cc6b95b8 size 40 Aug 26 18:24:24.838757: | libevent_malloc: new ptr-libevent@0x55e6cc6b9538 size 48 Aug 26 18:24:24.838763: | libevent_realloc: new ptr-libevent@0x55e6cc62ca38 size 256 Aug 26 18:24:24.838766: | libevent_malloc: new ptr-libevent@0x55e6cc6f3f58 size 16 Aug 26 18:24:24.838772: | libevent_free: release ptr-libevent@0x55e6cc6ab268 Aug 26 18:24:24.838776: | libevent initialized Aug 26 18:24:24.838781: | libevent_realloc: new ptr-libevent@0x55e6cc6ab268 size 64 Aug 26 18:24:24.838787: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:24.838804: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:24.838806: NAT-Traversal support [enabled] Aug 26 18:24:24.838808: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:24.838813: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:24.838816: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:24.838842: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:24.838844: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:24.838846: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:24.838880: Encryption algorithms: Aug 26 18:24:24.838884: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:24.838887: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:24.838889: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:24.838892: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:24.838894: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:24.838901: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:24.838904: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:24.838906: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:24.838909: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:24.838911: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:24.838913: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:24.838916: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:24.838918: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:24.838920: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:24.838923: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:24.838924: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:24.838927: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:24.838931: Hash algorithms: Aug 26 18:24:24.838933: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:24.838935: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:24.838938: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:24.838940: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:24.838941: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:24.838950: PRF algorithms: Aug 26 18:24:24.838952: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:24.838955: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:24.838957: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:24.838959: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:24.838961: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:24.838963: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:24.838979: Integrity algorithms: Aug 26 18:24:24.838982: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:24.838984: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:24.838987: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:24.838989: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:24.838992: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:24.838993: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:24.838996: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:24.838998: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:24.839000: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:24.839008: DH algorithms: Aug 26 18:24:24.839010: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:24.839012: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:24.839014: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:24.839017: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:24.839019: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:24.839021: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:24.839023: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:24.839025: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:24.839027: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:24.839029: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:24.839031: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:24.839033: testing CAMELLIA_CBC: Aug 26 18:24:24.839035: Camellia: 16 bytes with 128-bit key Aug 26 18:24:24.839132: Camellia: 16 bytes with 128-bit key Aug 26 18:24:24.839155: Camellia: 16 bytes with 256-bit key Aug 26 18:24:24.839175: Camellia: 16 bytes with 256-bit key Aug 26 18:24:24.839193: testing AES_GCM_16: Aug 26 18:24:24.839195: empty string Aug 26 18:24:24.839212: one block Aug 26 18:24:24.839228: two blocks Aug 26 18:24:24.839244: two blocks with associated data Aug 26 18:24:24.839260: testing AES_CTR: Aug 26 18:24:24.839263: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:24.839285: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:24.839325: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:24.839347: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:24.839364: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:24.839381: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:24.839398: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:24.839414: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:24.839432: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:24.839449: testing AES_CBC: Aug 26 18:24:24.839451: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:24.839468: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.839485: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.839503: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.839524: testing AES_XCBC: Aug 26 18:24:24.839526: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:24.839602: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:24.839681: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:24.839784: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:24.839891: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:24.840008: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:24.840141: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:24.840449: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:24.840597: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:24.840742: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:24.840960: testing HMAC_MD5: Aug 26 18:24:24.840966: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:24.841104: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:24.841224: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:24.841401: 8 CPU cores online Aug 26 18:24:24.841409: starting up 7 crypto helpers Aug 26 18:24:24.841442: started thread for crypto helper 0 Aug 26 18:24:24.841467: started thread for crypto helper 1 Aug 26 18:24:24.841473: | starting up helper thread 1 Aug 26 18:24:24.841490: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:24.841502: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:24.841698: | starting up helper thread 2 Aug 26 18:24:24.841711: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:24.841714: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:24.841491: started thread for crypto helper 2 Aug 26 18:24:24.842175: started thread for crypto helper 3 Aug 26 18:24:24.842196: started thread for crypto helper 4 Aug 26 18:24:24.842213: started thread for crypto helper 5 Aug 26 18:24:24.842230: started thread for crypto helper 6 Aug 26 18:24:24.842239: | checking IKEv1 state table Aug 26 18:24:24.842249: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842253: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:24.842257: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842260: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:24.842264: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:24.842267: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:24.842270: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.842274: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.842277: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:24.842280: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:24.842283: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.842286: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.842300: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:24.842305: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.842308: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.842311: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:24.842314: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:24.842317: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.842320: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.842323: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:24.842326: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:24.842329: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842333: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:24.842336: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842340: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842343: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:24.842347: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842349: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:24.842352: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:24.842356: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:24.842359: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:24.842362: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:24.842365: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:24.842368: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842372: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.842375: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842378: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:24.842381: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:24.842385: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:24.842388: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:24.842392: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:24.842395: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:24.842398: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:24.842401: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842405: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:24.842407: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842411: | INFO: category: informational flags: 0: Aug 26 18:24:24.842414: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842417: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:24.842420: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842424: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:24.842427: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:24.842430: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:24.842433: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.842437: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:24.842445: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:24.842450: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:24.842453: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:24.842456: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.842459: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.842463: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:24.842466: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.842470: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.842473: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:24.842475: | starting up helper thread 0 Aug 26 18:24:24.842477: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:24.842493: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:24.842507: | checking IKEv2 state table Aug 26 18:24:24.842515: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:24.842520: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:24.842524: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842529: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:24.842533: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:24.842537: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:24.842541: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:24.842545: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:24.842550: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:24.842553: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:24.842557: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:24.842561: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:24.842564: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:24.842568: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:24.842571: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:24.842574: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:24.842578: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842582: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:24.842586: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.842590: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:24.842593: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:24.842597: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.842601: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:24.842605: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:24.842608: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:24.842612: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:24.842615: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.842619: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:24.842623: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:24.842626: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:24.842630: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.842634: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:24.842638: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:24.842641: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:24.842648: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.842652: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:24.842655: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:24.842659: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:24.842662: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:24.842666: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:24.842670: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:24.842674: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:24.842679: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:24.842683: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:24.842686: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:24.842690: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:24.842693: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:24.842708: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:24.842769: | Hard-wiring algorithms Aug 26 18:24:24.842773: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:24.842778: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:24.842780: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:24.842783: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:24.842786: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:24.842789: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:24.842791: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:24.842794: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:24.842797: | adding AES_CTR to kernel algorithm db Aug 26 18:24:24.842799: | adding AES_CBC to kernel algorithm db Aug 26 18:24:24.842802: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:24.842805: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:24.842808: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:24.842811: | adding NULL to kernel algorithm db Aug 26 18:24:24.842814: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:24.842817: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:24.842820: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:24.842822: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:24.842825: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:24.842828: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:24.842831: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:24.842833: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:24.842836: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:24.842839: | adding NONE to kernel algorithm db Aug 26 18:24:24.842860: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:24.842867: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:24.842870: | setup kernel fd callback Aug 26 18:24:24.842874: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55e6cc6b3458 Aug 26 18:24:24.842878: | libevent_malloc: new ptr-libevent@0x55e6cc6f23b8 size 128 Aug 26 18:24:24.842882: | libevent_malloc: new ptr-libevent@0x55e6cc6f9558 size 16 Aug 26 18:24:24.842888: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55e6cc6f94e8 Aug 26 18:24:24.842892: | libevent_malloc: new ptr-libevent@0x55e6cc6f2468 size 128 Aug 26 18:24:24.842895: | libevent_malloc: new ptr-libevent@0x55e6cc6f91b8 size 16 Aug 26 18:24:24.842494: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:24.843063: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:24.843127: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:24.843137: selinux support is enabled. Aug 26 18:24:24.844157: | unbound context created - setting debug level to 5 Aug 26 18:24:24.844196: | /etc/hosts lookups activated Aug 26 18:24:24.844215: | /etc/resolv.conf usage activated Aug 26 18:24:24.844285: | outgoing-port-avoid set 0-65535 Aug 26 18:24:24.844327: | outgoing-port-permit set 32768-60999 Aug 26 18:24:24.844332: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:24.844337: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:24.844341: | Setting up events, loop start Aug 26 18:24:24.844345: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55e6cc6f9988 Aug 26 18:24:24.844350: | libevent_malloc: new ptr-libevent@0x55e6cc7057e8 size 128 Aug 26 18:24:24.844356: | libevent_malloc: new ptr-libevent@0x55e6cc710ad8 size 16 Aug 26 18:24:24.844365: | libevent_realloc: new ptr-libevent@0x55e6cc710b18 size 256 Aug 26 18:24:24.844370: | libevent_malloc: new ptr-libevent@0x55e6cc710c48 size 8 Aug 26 18:24:24.844375: | libevent_realloc: new ptr-libevent@0x55e6cc710c88 size 144 Aug 26 18:24:24.844379: | libevent_malloc: new ptr-libevent@0x55e6cc6b7a28 size 152 Aug 26 18:24:24.844384: | libevent_malloc: new ptr-libevent@0x55e6cc710d48 size 16 Aug 26 18:24:24.844390: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:24.844394: | libevent_malloc: new ptr-libevent@0x55e6cc710d88 size 8 Aug 26 18:24:24.844399: | libevent_malloc: new ptr-libevent@0x55e6cc62e308 size 152 Aug 26 18:24:24.844404: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:24.844408: | libevent_malloc: new ptr-libevent@0x55e6cc710dc8 size 8 Aug 26 18:24:24.844412: | libevent_malloc: new ptr-libevent@0x55e6cc638508 size 152 Aug 26 18:24:24.844416: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:24.844420: | libevent_malloc: new ptr-libevent@0x55e6cc710e08 size 8 Aug 26 18:24:24.844424: | libevent_realloc: release ptr-libevent@0x55e6cc710c88 Aug 26 18:24:24.844428: | libevent_realloc: new ptr-libevent@0x55e6cc710e48 size 256 Aug 26 18:24:24.844432: | libevent_malloc: new ptr-libevent@0x55e6cc6303b8 size 152 Aug 26 18:24:24.844436: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:24.844844: | created addconn helper (pid:17970) using fork+execve Aug 26 18:24:24.844862: | forked child 17970 Aug 26 18:24:24.844913: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.844934: listening for IKE messages Aug 26 18:24:24.845760: | Inspecting interface lo Aug 26 18:24:24.845775: | found lo with address 127.0.0.1 Aug 26 18:24:24.845782: | Inspecting interface eth0 Aug 26 18:24:24.845788: | found eth0 with address 192.0.3.254 Aug 26 18:24:24.845793: | Inspecting interface eth1 Aug 26 18:24:24.845799: | found eth1 with address 192.1.3.33 Aug 26 18:24:24.845908: Kernel supports NIC esp-hw-offload Aug 26 18:24:24.845924: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:24:24.845976: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.845983: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.845988: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:24.846018: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:24:24.846041: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.846046: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.846051: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:24.846077: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:24.846100: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.846105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.846110: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:24.846197: | no interfaces to sort Aug 26 18:24:24.846203: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:24.846213: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711408 Aug 26 18:24:24.846223: | libevent_malloc: new ptr-libevent@0x55e6cc705738 size 128 Aug 26 18:24:24.846229: | libevent_malloc: new ptr-libevent@0x55e6cc711478 size 16 Aug 26 18:24:24.846237: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:24.846241: | add_fd_read_event_handler: new ethX-pe@0x55e6cc7114b8 Aug 26 18:24:24.846246: | libevent_malloc: new ptr-libevent@0x55e6cc6abf18 size 128 Aug 26 18:24:24.846250: | libevent_malloc: new ptr-libevent@0x55e6cc711528 size 16 Aug 26 18:24:24.846256: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:24.846260: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711568 Aug 26 18:24:24.846265: | libevent_malloc: new ptr-libevent@0x55e6cc6abfc8 size 128 Aug 26 18:24:24.846269: | libevent_malloc: new ptr-libevent@0x55e6cc7115d8 size 16 Aug 26 18:24:24.846275: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:24.846279: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711618 Aug 26 18:24:24.846283: | libevent_malloc: new ptr-libevent@0x55e6cc6aaf88 size 128 Aug 26 18:24:24.842482: | starting up helper thread 6 Aug 26 18:24:24.846287: | libevent_malloc: new ptr-libevent@0x55e6cc711688 size 16 Aug 26 18:24:24.846481: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:24.846485: | add_fd_read_event_handler: new ethX-pe@0x55e6cc7116c8 Aug 26 18:24:24.846489: | libevent_malloc: new ptr-libevent@0x55e6cc6b3298 size 128 Aug 26 18:24:24.846492: | libevent_malloc: new ptr-libevent@0x55e6cc711738 size 16 Aug 26 18:24:24.846497: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:24.846500: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711778 Aug 26 18:24:24.846502: | libevent_malloc: new ptr-libevent@0x55e6cc6b3db8 size 128 Aug 26 18:24:24.846505: | libevent_malloc: new ptr-libevent@0x55e6cc7117e8 size 16 Aug 26 18:24:24.846510: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:24.846515: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:24.846517: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:24.846540: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:24.846558: | saving Modulus Aug 26 18:24:24.846562: | saving PublicExponent Aug 26 18:24:24.846566: | ignoring PrivateExponent Aug 26 18:24:24.846570: | ignoring Prime1 Aug 26 18:24:24.846573: | ignoring Prime2 Aug 26 18:24:24.846576: | ignoring Exponent1 Aug 26 18:24:24.846579: | ignoring Exponent2 Aug 26 18:24:24.846582: | ignoring Coefficient Aug 26 18:24:24.846585: | ignoring CKAIDNSS Aug 26 18:24:24.846623: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:24.846627: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:24.846631: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:24.846640: | certs and keys locked by 'process_secret' Aug 26 18:24:24.846644: | certs and keys unlocked by 'process_secret' Aug 26 18:24:24.846654: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.846662: | spent 1.58 milliseconds in whack Aug 26 18:24:24.846466: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:24.846678: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:24.846688: | starting up helper thread 5 Aug 26 18:24:24.846695: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:24.846698: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:24.846706: | starting up helper thread 4 Aug 26 18:24:24.846712: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:24.846715: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:24.846723: | starting up helper thread 3 Aug 26 18:24:24.846728: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:24.846731: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:24.900321: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.900345: listening for IKE messages Aug 26 18:24:24.900387: | Inspecting interface lo Aug 26 18:24:24.900397: | found lo with address 127.0.0.1 Aug 26 18:24:24.900402: | Inspecting interface eth0 Aug 26 18:24:24.900407: | found eth0 with address 192.0.3.254 Aug 26 18:24:24.900410: | Inspecting interface eth1 Aug 26 18:24:24.900415: | found eth1 with address 192.1.3.33 Aug 26 18:24:24.900482: | no interfaces to sort Aug 26 18:24:24.900494: | libevent_free: release ptr-libevent@0x55e6cc705738 Aug 26 18:24:24.900499: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711408 Aug 26 18:24:24.900503: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711408 Aug 26 18:24:24.900507: | libevent_malloc: new ptr-libevent@0x55e6cc705738 size 128 Aug 26 18:24:24.900515: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:24.900520: | libevent_free: release ptr-libevent@0x55e6cc6abf18 Aug 26 18:24:24.900524: | free_event_entry: release EVENT_NULL-pe@0x55e6cc7114b8 Aug 26 18:24:24.900527: | add_fd_read_event_handler: new ethX-pe@0x55e6cc7114b8 Aug 26 18:24:24.900530: | libevent_malloc: new ptr-libevent@0x55e6cc6abf18 size 128 Aug 26 18:24:24.900536: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:24.900541: | libevent_free: release ptr-libevent@0x55e6cc6abfc8 Aug 26 18:24:24.900545: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711568 Aug 26 18:24:24.900548: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711568 Aug 26 18:24:24.900552: | libevent_malloc: new ptr-libevent@0x55e6cc6abfc8 size 128 Aug 26 18:24:24.900558: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:24.900564: | libevent_free: release ptr-libevent@0x55e6cc6aaf88 Aug 26 18:24:24.900567: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711618 Aug 26 18:24:24.900571: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711618 Aug 26 18:24:24.900575: | libevent_malloc: new ptr-libevent@0x55e6cc6aaf88 size 128 Aug 26 18:24:24.900581: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:24.900586: | libevent_free: release ptr-libevent@0x55e6cc6b3298 Aug 26 18:24:24.900590: | free_event_entry: release EVENT_NULL-pe@0x55e6cc7116c8 Aug 26 18:24:24.900594: | add_fd_read_event_handler: new ethX-pe@0x55e6cc7116c8 Aug 26 18:24:24.900599: | libevent_malloc: new ptr-libevent@0x55e6cc6b3298 size 128 Aug 26 18:24:24.900608: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:24.900613: | libevent_free: release ptr-libevent@0x55e6cc6b3db8 Aug 26 18:24:24.900617: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711778 Aug 26 18:24:24.900621: | add_fd_read_event_handler: new ethX-pe@0x55e6cc711778 Aug 26 18:24:24.900624: | libevent_malloc: new ptr-libevent@0x55e6cc6b3db8 size 128 Aug 26 18:24:24.900630: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:24.900634: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:24.900637: forgetting secrets Aug 26 18:24:24.900646: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:24.900661: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:24.900684: | saving Modulus Aug 26 18:24:24.900687: | saving PublicExponent Aug 26 18:24:24.900692: | ignoring PrivateExponent Aug 26 18:24:24.900697: | ignoring Prime1 Aug 26 18:24:24.900702: | ignoring Prime2 Aug 26 18:24:24.900706: | ignoring Exponent1 Aug 26 18:24:24.900710: | ignoring Exponent2 Aug 26 18:24:24.900715: | ignoring Coefficient Aug 26 18:24:24.900719: | ignoring CKAIDNSS Aug 26 18:24:24.900743: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:24.900747: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:24.900751: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:24.900756: | certs and keys locked by 'process_secret' Aug 26 18:24:24.900759: | certs and keys unlocked by 'process_secret' Aug 26 18:24:24.900768: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.900776: | spent 0.464 milliseconds in whack Aug 26 18:24:24.901418: | processing signal PLUTO_SIGCHLD Aug 26 18:24:24.901436: | waitpid returned pid 17970 (exited with status 0) Aug 26 18:24:24.901445: | reaped addconn helper child (status 0) Aug 26 18:24:24.901451: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:24.901456: | spent 0.024 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:24.916994: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.917017: | old debugging base+cpu-usage + none Aug 26 18:24:24.917025: | base debugging = base+cpu-usage Aug 26 18:24:24.917030: | old impairing none + suppress-retransmits Aug 26 18:24:24.917034: | base impairing = suppress-retransmits Aug 26 18:24:24.917048: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.917059: | spent 0.0712 milliseconds in whack Aug 26 18:24:24.975190: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.975217: | old debugging base+cpu-usage + none Aug 26 18:24:24.975222: | base debugging = base+cpu-usage Aug 26 18:24:24.975226: | old impairing suppress-retransmits + suppress-retransmits Aug 26 18:24:24.975229: | base impairing = suppress-retransmits Aug 26 18:24:24.975238: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.975246: | spent 0.0656 milliseconds in whack Aug 26 18:24:25.158748: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:25.158772: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.158777: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:25.158779: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.158781: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:25.158786: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.158793: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:25.158796: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:25.158854: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:25.158858: | from whack: got --esp= Aug 26 18:24:25.158899: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:25.159709: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:25.159732: | loading left certificate 'north' pubkey Aug 26 18:24:25.159862: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc714e78 Aug 26 18:24:25.159869: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc714e28 Aug 26 18:24:25.159873: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc714dd8 Aug 26 18:24:25.160022: | unreference key: 0x55e6cc714ec8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:25.160214: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:24:25.160221: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:24:25.160231: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:25.160911: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:25.160925: | loading right certificate 'east' pubkey Aug 26 18:24:25.161018: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc717f68 Aug 26 18:24:25.161030: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc719178 Aug 26 18:24:25.161033: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc718538 Aug 26 18:24:25.161036: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc718068 Aug 26 18:24:25.161039: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc714b28 Aug 26 18:24:25.161266: | unreference key: 0x55e6cc71de58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.161433: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:24:25.161448: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:25.161460: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:25.161464: | new hp@0x55e6cc71c9a8 Aug 26 18:24:25.161469: added connection description "northnet-eastnets/0x1" Aug 26 18:24:25.161484: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:25.161505: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 18:24:25.161515: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:25.161523: | spent 2.74 milliseconds in whack Aug 26 18:24:25.163996: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:25.164023: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.164031: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:25.164035: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.164038: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:25.164043: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.164051: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:25.164055: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:25.164141: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:25.164145: | from whack: got --esp= Aug 26 18:24:25.164205: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:25.164388: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:25.164399: | loading left certificate 'north' pubkey Aug 26 18:24:25.164463: | unreference key: 0x55e6cc7194b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:25.164481: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721158 Aug 26 18:24:25.164485: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721108 Aug 26 18:24:25.164488: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721a88 Aug 26 18:24:25.164536: | unreference key: 0x55e6cc718368 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:25.164592: | unreference key: 0x55e6cc718588 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:25.164662: | unreference key: 0x55e6cc7211a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:25.164714: | secrets entry for north already exists Aug 26 18:24:25.164729: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:25.164820: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:25.164827: | loading right certificate 'east' pubkey Aug 26 18:24:25.164881: | unreference key: 0x55e6cc71f238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.164896: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721108 Aug 26 18:24:25.164900: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721a88 Aug 26 18:24:25.164903: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721488 Aug 26 18:24:25.164906: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc721438 Aug 26 18:24:25.164909: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc7213e8 Aug 26 18:24:25.164964: | unreference key: 0x55e6cc71d108 192.1.2.23 cnt 1-- Aug 26 18:24:25.165018: | unreference key: 0x55e6cc71e8b8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.165073: | unreference key: 0x55e6cc71ead8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:25.165131: | unreference key: 0x55e6cc71f028 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.165191: | unreference key: 0x55e6cc7215b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.165332: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:24:25.165346: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:25.165356: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:24:25.165362: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55e6cc71c9a8: northnet-eastnets/0x1 Aug 26 18:24:25.165366: added connection description "northnet-eastnets/0x2" Aug 26 18:24:25.165381: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:25.165403: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 18:24:25.165413: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:25.165421: | spent 1.41 milliseconds in whack Aug 26 18:24:25.177001: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:25.177034: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:24:25.177040: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:25.177045: initiating all conns with alias='northnet-eastnets' Aug 26 18:24:25.177054: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:25.177061: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:25.177065: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 18:24:25.177069: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:25.177072: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:25.177099: | creating state object #1 at 0x55e6cc7223f8 Aug 26 18:24:25.177104: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:25.177113: | pstats #1 ikev2.ike started Aug 26 18:24:25.177117: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:25.177121: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:25.177128: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.177137: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:25.177143: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:25.177147: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:25.177152: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Aug 26 18:24:25.177157: "northnet-eastnets/0x2" #1: initiating v2 parent SA Aug 26 18:24:25.177166: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Aug 26 18:24:25.177175: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.177184: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.177189: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.177195: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.177200: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.177206: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.177210: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:25.177216: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.177228: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.177240: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:25.177245: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc71bde8 Aug 26 18:24:25.177249: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:25.177253: | libevent_malloc: new ptr-libevent@0x55e6cc71dda8 size 128 Aug 26 18:24:25.177270: | #1 spent 0.207 milliseconds in ikev2_parent_outI1() Aug 26 18:24:25.177274: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:25.177274: | crypto helper 1 resuming Aug 26 18:24:25.177294: | crypto helper 1 starting work-order 1 for state #1 Aug 26 18:24:25.177307: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:25.177280: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:25.177485: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:25.177490: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:25.177495: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:25.177498: | connection 'northnet-eastnets/0x1' +POLICY_UP Aug 26 18:24:25.177502: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:25.177505: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:25.177510: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Aug 26 18:24:25.177515: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:25.177519: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 18:24:25.177522: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:25.177527: | spent 0.346 milliseconds in whack Aug 26 18:24:25.178331: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001024 seconds Aug 26 18:24:25.178345: | (#1) spent 1.03 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:25.178348: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:25.178352: | scheduling resume sending helper answer for #1 Aug 26 18:24:25.178356: | libevent_malloc: new ptr-libevent@0x7fe834002888 size 128 Aug 26 18:24:25.178365: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:25.178376: | processing resume sending helper answer for #1 Aug 26 18:24:25.178387: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.178393: | crypto helper 1 replies to request ID 1 Aug 26 18:24:25.178396: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:25.178399: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:25.178433: | **emit ISAKMP Message: Aug 26 18:24:25.178437: | initiator cookie: Aug 26 18:24:25.178440: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.178442: | responder cookie: Aug 26 18:24:25.178445: | 00 00 00 00 00 00 00 00 Aug 26 18:24:25.178448: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.178451: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.178454: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:25.178457: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.178460: | Message ID: 0 (0x0) Aug 26 18:24:25.178463: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.178481: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.178484: | Emitting ikev2_proposals ... Aug 26 18:24:25.178487: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:25.178491: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.178493: | flags: none (0x0) Aug 26 18:24:25.178502: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.178506: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.178509: | discarding INTEG=NONE Aug 26 18:24:25.178512: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.178515: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.178518: | prop #: 1 (0x1) Aug 26 18:24:25.178520: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.178523: | spi size: 0 (0x0) Aug 26 18:24:25.178526: | # transforms: 11 (0xb) Aug 26 18:24:25.178529: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.178532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178538: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.178541: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.178544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178547: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.178550: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.178553: | length/value: 256 (0x100) Aug 26 18:24:25.178556: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.178559: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178565: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.178567: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.178571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178577: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178580: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178585: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.178588: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.178591: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178594: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178597: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178600: | discarding INTEG=NONE Aug 26 18:24:25.178602: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178611: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.178614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178617: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178620: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178622: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178630: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.178633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178641: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178644: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178650: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178652: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.178656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178661: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178664: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178672: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.178676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178681: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178684: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178689: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178692: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.178695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178701: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178704: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178712: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.178715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178718: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178721: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178724: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178732: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.178735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178741: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178744: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178747: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.178753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178756: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.178760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178766: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178768: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:25.178771: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.178774: | discarding INTEG=NONE Aug 26 18:24:25.178777: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.178779: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.178782: | prop #: 2 (0x2) Aug 26 18:24:25.178785: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.178787: | spi size: 0 (0x0) Aug 26 18:24:25.178790: | # transforms: 11 (0xb) Aug 26 18:24:25.178794: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.178797: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.178800: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178806: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.178808: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.178811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178814: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.178817: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.178820: | length/value: 128 (0x80) Aug 26 18:24:25.178823: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.178826: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178828: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178831: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.178834: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.178837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178843: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178846: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178851: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.178854: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.178857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178860: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178863: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178866: | discarding INTEG=NONE Aug 26 18:24:25.178868: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178874: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178877: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.178880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178885: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178888: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178890: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178898: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.178902: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178908: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178910: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178918: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.178921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178927: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178930: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178935: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178938: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.178941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178947: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178950: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178958: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.178961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178970: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.178978: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.178981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.178987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.178990: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.178992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.178995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179000: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.179003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179009: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179011: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179014: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.179017: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179019: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.179023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179029: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179032: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:25.179035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.179038: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.179040: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.179043: | prop #: 3 (0x3) Aug 26 18:24:25.179045: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.179048: | spi size: 0 (0x0) Aug 26 18:24:25.179051: | # transforms: 13 (0xd) Aug 26 18:24:25.179054: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.179057: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.179060: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179066: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.179068: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.179071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179074: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.179077: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.179080: | length/value: 256 (0x100) Aug 26 18:24:25.179083: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.179085: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179091: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.179093: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.179096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179103: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179105: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179111: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.179113: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.179117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179124: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179127: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179133: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.179135: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.179138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179147: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179153: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.179156: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.179159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179165: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179167: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179173: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179175: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.179179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179182: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179185: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179188: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179193: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179196: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.179199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179205: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179208: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179213: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179216: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.179219: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179222: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179225: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179228: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179231: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179233: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179236: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.179241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179247: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179250: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179252: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179258: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.179261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179264: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179267: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179270: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179273: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179279: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.179282: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179285: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179294: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179301: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179304: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179310: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.179313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179319: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179322: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179325: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.179327: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179330: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.179333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179339: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179342: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:25.179345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.179348: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.179351: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.179354: | prop #: 4 (0x4) Aug 26 18:24:25.179356: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.179359: | spi size: 0 (0x0) Aug 26 18:24:25.179362: | # transforms: 13 (0xd) Aug 26 18:24:25.179365: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.179368: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.179375: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179381: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.179383: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.179386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179389: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.179392: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.179395: | length/value: 128 (0x80) Aug 26 18:24:25.179397: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.179400: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179405: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.179408: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.179412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179418: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179420: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179426: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.179429: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:25.179432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179438: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179441: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179446: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.179449: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.179452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179458: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179461: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179467: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.179470: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.179473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179479: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179482: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179487: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179490: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.179493: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179501: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179503: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179509: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179512: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:25.179515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179521: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179524: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179532: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:25.179535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179538: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179541: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179544: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179553: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:25.179556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179559: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179562: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179570: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179572: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:25.179576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179584: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179589: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179592: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:25.179595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179601: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179603: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179612: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:25.179616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179623: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179626: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.179628: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.179631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.179634: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:25.179638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.179641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.179644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.179646: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:25.179649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.179652: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:25.179655: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.179658: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.179661: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.179664: | flags: none (0x0) Aug 26 18:24:25.179667: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.179671: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.179674: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.179678: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.179682: | ikev2 g^x f4 65 ad e2 90 a6 f0 43 26 b4 04 d6 fd 35 83 bf Aug 26 18:24:25.179684: | ikev2 g^x 10 e5 f5 e0 b8 51 9f 80 96 5d 91 14 f5 d9 9d aa Aug 26 18:24:25.179687: | ikev2 g^x 8f c8 9e f8 07 c6 7f 94 a0 37 bb d5 53 0e 69 94 Aug 26 18:24:25.179690: | ikev2 g^x 75 f8 38 2a 51 ca 2e 75 b2 a9 d9 49 b6 75 e5 24 Aug 26 18:24:25.179692: | ikev2 g^x f7 ae 60 d5 e8 9d 13 32 b6 2e 31 ec 1a d8 4f f1 Aug 26 18:24:25.179695: | ikev2 g^x 3a 09 d0 4a 93 97 41 62 f1 b8 44 ee e2 a3 8a 6e Aug 26 18:24:25.179697: | ikev2 g^x 17 15 01 a5 57 d8 56 ff 8c 38 cd 3b 3e 4c ae c9 Aug 26 18:24:25.179700: | ikev2 g^x de 1a a0 c5 4a 20 4e 31 33 79 93 ee 97 0c db 50 Aug 26 18:24:25.179703: | ikev2 g^x cb 67 74 95 af 1e 36 b2 82 49 ca 19 aa 89 be 02 Aug 26 18:24:25.179705: | ikev2 g^x 48 29 91 0b a7 a5 ed 78 25 c5 d7 5a cb 18 fe 60 Aug 26 18:24:25.179708: | ikev2 g^x 88 62 72 43 32 7a a3 3d 50 c4 69 03 26 82 67 49 Aug 26 18:24:25.179710: | ikev2 g^x 43 53 be 03 17 28 84 37 aa 24 37 f4 62 a6 e1 86 Aug 26 18:24:25.179713: | ikev2 g^x 85 c7 75 2e 7d 82 18 49 2c b1 14 0b 7e 85 a9 bb Aug 26 18:24:25.179716: | ikev2 g^x 81 cc fa 49 51 e5 56 f2 f1 28 d1 b2 a7 16 c5 73 Aug 26 18:24:25.179718: | ikev2 g^x 6c d2 c8 c6 b5 26 2e 00 ef 2e 92 ec e3 e3 60 87 Aug 26 18:24:25.179721: | ikev2 g^x 61 8a 0d 4b 90 06 40 de 38 cf dd ef 16 21 53 7c Aug 26 18:24:25.179724: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.179727: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:25.179730: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.179732: | flags: none (0x0) Aug 26 18:24:25.179735: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:25.179741: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.179745: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.179748: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.179751: | IKEv2 nonce 38 7c 82 4b 8f 76 e3 fb f1 51 f7 54 b5 22 3c 47 Aug 26 18:24:25.179754: | IKEv2 nonce 97 0a b6 63 85 ac 44 49 7b 05 4c 17 08 3d 21 f4 Aug 26 18:24:25.179756: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.179759: | Adding a v2N Payload Aug 26 18:24:25.179762: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.179765: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.179768: | flags: none (0x0) Aug 26 18:24:25.179771: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.179773: | SPI size: 0 (0x0) Aug 26 18:24:25.179776: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:25.179779: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.179783: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.179786: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:25.179789: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:25.179792: | natd_hash: rcookie is zero Aug 26 18:24:25.179814: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:25.179817: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.179820: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:25.179823: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:25.179825: | natd_hash: port=500 Aug 26 18:24:25.179828: | natd_hash: hash= ab d8 38 fd 4e 50 29 74 f1 a4 4f 68 b9 7c 2e e0 Aug 26 18:24:25.179830: | natd_hash: hash= 5f b9 d9 65 Aug 26 18:24:25.179833: | Adding a v2N Payload Aug 26 18:24:25.179836: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.179838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.179841: | flags: none (0x0) Aug 26 18:24:25.179844: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.179846: | SPI size: 0 (0x0) Aug 26 18:24:25.179849: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:25.179853: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.179856: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.179859: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:25.179861: | Notify data ab d8 38 fd 4e 50 29 74 f1 a4 4f 68 b9 7c 2e e0 Aug 26 18:24:25.179864: | Notify data 5f b9 d9 65 Aug 26 18:24:25.179866: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:25.179869: | natd_hash: rcookie is zero Aug 26 18:24:25.179876: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:25.179879: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.179882: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:25.179884: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:25.179887: | natd_hash: port=500 Aug 26 18:24:25.179889: | natd_hash: hash= 04 f8 aa f0 50 11 82 55 b4 a1 c0 ed 9e 39 41 9b Aug 26 18:24:25.179892: | natd_hash: hash= 11 70 cc 0d Aug 26 18:24:25.179894: | Adding a v2N Payload Aug 26 18:24:25.179897: | ***emit IKEv2 Notify Payload: Aug 26 18:24:25.179900: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.179903: | flags: none (0x0) Aug 26 18:24:25.179905: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.179908: | SPI size: 0 (0x0) Aug 26 18:24:25.179910: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:25.179914: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:25.179918: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.179922: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:25.179925: | Notify data 04 f8 aa f0 50 11 82 55 b4 a1 c0 ed 9e 39 41 9b Aug 26 18:24:25.179927: | Notify data 11 70 cc 0d Aug 26 18:24:25.179930: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:25.179933: | emitting length of ISAKMP Message: 828 Aug 26 18:24:25.179941: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:25.179953: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.179958: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:25.179961: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:25.179965: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:25.179968: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:25.179972: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:25.179977: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:25.179981: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:25.179998: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:25.180011: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.180267: | e1 aa 77 0d bc 9a a4 2e 00 00 00 00 00 00 00 00 Aug 26 18:24:25.180271: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:25.180273: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:25.180275: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:25.180278: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:25.180280: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:25.180282: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:25.180284: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:25.180287: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:25.180296: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:25.180299: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:25.180301: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:25.180303: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:25.180305: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:25.180307: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:25.180309: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:25.180311: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:25.180313: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:25.180315: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:25.180317: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:25.180320: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:25.180322: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:25.180324: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:25.180326: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:25.180328: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:25.180330: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:25.180333: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:25.180335: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:25.180337: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:25.180339: | 28 00 01 08 00 0e 00 00 f4 65 ad e2 90 a6 f0 43 Aug 26 18:24:25.180344: | 26 b4 04 d6 fd 35 83 bf 10 e5 f5 e0 b8 51 9f 80 Aug 26 18:24:25.180347: | 96 5d 91 14 f5 d9 9d aa 8f c8 9e f8 07 c6 7f 94 Aug 26 18:24:25.180350: | a0 37 bb d5 53 0e 69 94 75 f8 38 2a 51 ca 2e 75 Aug 26 18:24:25.180352: | b2 a9 d9 49 b6 75 e5 24 f7 ae 60 d5 e8 9d 13 32 Aug 26 18:24:25.180355: | b6 2e 31 ec 1a d8 4f f1 3a 09 d0 4a 93 97 41 62 Aug 26 18:24:25.180357: | f1 b8 44 ee e2 a3 8a 6e 17 15 01 a5 57 d8 56 ff Aug 26 18:24:25.180359: | 8c 38 cd 3b 3e 4c ae c9 de 1a a0 c5 4a 20 4e 31 Aug 26 18:24:25.180361: | 33 79 93 ee 97 0c db 50 cb 67 74 95 af 1e 36 b2 Aug 26 18:24:25.180363: | 82 49 ca 19 aa 89 be 02 48 29 91 0b a7 a5 ed 78 Aug 26 18:24:25.180366: | 25 c5 d7 5a cb 18 fe 60 88 62 72 43 32 7a a3 3d Aug 26 18:24:25.180368: | 50 c4 69 03 26 82 67 49 43 53 be 03 17 28 84 37 Aug 26 18:24:25.180370: | aa 24 37 f4 62 a6 e1 86 85 c7 75 2e 7d 82 18 49 Aug 26 18:24:25.180372: | 2c b1 14 0b 7e 85 a9 bb 81 cc fa 49 51 e5 56 f2 Aug 26 18:24:25.180374: | f1 28 d1 b2 a7 16 c5 73 6c d2 c8 c6 b5 26 2e 00 Aug 26 18:24:25.180376: | ef 2e 92 ec e3 e3 60 87 61 8a 0d 4b 90 06 40 de Aug 26 18:24:25.180378: | 38 cf dd ef 16 21 53 7c 29 00 00 24 38 7c 82 4b Aug 26 18:24:25.180381: | 8f 76 e3 fb f1 51 f7 54 b5 22 3c 47 97 0a b6 63 Aug 26 18:24:25.180383: | 85 ac 44 49 7b 05 4c 17 08 3d 21 f4 29 00 00 08 Aug 26 18:24:25.180385: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ab d8 38 fd Aug 26 18:24:25.180387: | 4e 50 29 74 f1 a4 4f 68 b9 7c 2e e0 5f b9 d9 65 Aug 26 18:24:25.180389: | 00 00 00 1c 00 00 40 05 04 f8 aa f0 50 11 82 55 Aug 26 18:24:25.180391: | b4 a1 c0 ed 9e 39 41 9b 11 70 cc 0d Aug 26 18:24:25.182297: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.182315: | libevent_free: release ptr-libevent@0x55e6cc71dda8 Aug 26 18:24:25.182319: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc71bde8 Aug 26 18:24:25.182323: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:25.182327: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:25.182338: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e6cc71bde8 Aug 26 18:24:25.182342: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:24:25.182346: | libevent_malloc: new ptr-libevent@0x55e6cc7213e8 size 128 Aug 26 18:24:25.182351: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29150.924804 Aug 26 18:24:25.182356: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:25.182362: | #1 spent 1.93 milliseconds in resume sending helper answer Aug 26 18:24:25.182367: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.182370: | libevent_free: release ptr-libevent@0x7fe834002888 Aug 26 18:24:25.189475: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.189504: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.189509: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.189511: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 18:24:25.189513: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:25.189515: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:25.189517: | 04 00 00 0e 28 00 01 08 00 0e 00 00 84 78 96 af Aug 26 18:24:25.189519: | c9 a7 40 bf 20 62 8c d7 20 2e 10 d8 db 2e 1b a7 Aug 26 18:24:25.189522: | 1c 6f 2c 6d ca 65 00 31 bd 29 43 f5 43 72 f8 c0 Aug 26 18:24:25.189524: | 0e af 13 8d 2b 03 d9 2f 9d 01 b8 68 2e c1 eb 0d Aug 26 18:24:25.189526: | d2 e4 7c 35 eb d3 8a 38 ed ce 53 58 a0 12 3e 7b Aug 26 18:24:25.189528: | af 19 95 cb 94 46 ad e4 01 d3 e8 45 73 07 a5 01 Aug 26 18:24:25.189530: | 52 89 b9 87 64 67 0f e7 5e ad 86 44 d7 24 5c 5c Aug 26 18:24:25.189534: | 47 9b 6a 98 05 6a ca 96 3e bc c2 7e f7 87 05 4a Aug 26 18:24:25.189537: | 22 aa c4 22 23 d3 47 f6 63 bb e7 cc ad 94 dc 8f Aug 26 18:24:25.189540: | 30 3f c7 65 47 90 47 17 cc af 41 68 49 9e e0 7a Aug 26 18:24:25.189542: | 71 56 30 1a ee 15 3a 46 34 06 76 d1 51 3c 4f f3 Aug 26 18:24:25.189544: | 2b 17 ba 9d 76 fa 6e 3c 7a e2 63 86 d4 07 57 c5 Aug 26 18:24:25.189547: | 85 ae 83 83 12 75 1b d2 a3 ba 94 d3 55 08 70 0e Aug 26 18:24:25.189549: | 28 9d 1d 74 2f 39 0a a5 d0 bd 3e a0 41 5c 52 8b Aug 26 18:24:25.189552: | fd 8e 49 83 da 91 df 48 43 c4 f6 2a 37 54 7d 4b Aug 26 18:24:25.189554: | 6f a4 28 c1 ae ec 86 cb 02 87 4c 0e dc c1 51 c6 Aug 26 18:24:25.189556: | 24 72 88 48 96 11 97 63 61 d4 85 db 29 00 00 24 Aug 26 18:24:25.189559: | 9f 30 78 9e 96 e8 89 6b 92 d4 99 a1 28 e2 7c 71 Aug 26 18:24:25.189561: | 16 06 57 6a cb bf 5f 17 16 58 22 a7 60 af 9f 76 Aug 26 18:24:25.189563: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:25.189566: | 4e 30 c2 b7 84 6b 50 a0 e3 8f b7 88 f1 22 09 34 Aug 26 18:24:25.189568: | e2 20 d2 68 26 00 00 1c 00 00 40 05 9f 0c 55 b0 Aug 26 18:24:25.189570: | 3b 51 b7 3f 8f e9 93 1f 52 fa d8 cd 0e 9a 80 16 Aug 26 18:24:25.189573: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 18:24:25.189575: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:25.189581: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.189586: | **parse ISAKMP Message: Aug 26 18:24:25.189589: | initiator cookie: Aug 26 18:24:25.189592: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.189595: | responder cookie: Aug 26 18:24:25.189597: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.189600: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.189603: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.189606: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:25.189608: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.189611: | Message ID: 0 (0x0) Aug 26 18:24:25.189613: | length: 457 (0x1c9) Aug 26 18:24:25.189616: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:25.189620: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:25.189624: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:25.189630: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.189635: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.189637: | #1 is idle Aug 26 18:24:25.189640: | #1 idle Aug 26 18:24:25.189642: | unpacking clear payload Aug 26 18:24:25.189645: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.189648: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:25.189651: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.189653: | flags: none (0x0) Aug 26 18:24:25.189656: | length: 40 (0x28) Aug 26 18:24:25.189658: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:25.189661: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.189663: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.189666: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.189668: | flags: none (0x0) Aug 26 18:24:25.189671: | length: 264 (0x108) Aug 26 18:24:25.189673: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.189676: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.189679: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.189681: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:25.189684: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.189686: | flags: none (0x0) Aug 26 18:24:25.189689: | length: 36 (0x24) Aug 26 18:24:25.189692: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.189696: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.189700: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.189702: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.189705: | flags: none (0x0) Aug 26 18:24:25.189707: | length: 8 (0x8) Aug 26 18:24:25.189710: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.189712: | SPI size: 0 (0x0) Aug 26 18:24:25.189715: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:25.189718: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:25.189720: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.189723: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.189725: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:25.189727: | flags: none (0x0) Aug 26 18:24:25.189730: | length: 28 (0x1c) Aug 26 18:24:25.189732: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.189734: | SPI size: 0 (0x0) Aug 26 18:24:25.189737: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:25.189739: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:25.189742: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:25.189744: | ***parse IKEv2 Notify Payload: Aug 26 18:24:25.189747: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 18:24:25.189749: | flags: none (0x0) Aug 26 18:24:25.189752: | length: 28 (0x1c) Aug 26 18:24:25.189754: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:25.189757: | SPI size: 0 (0x0) Aug 26 18:24:25.189760: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:25.189762: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:25.189765: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:25.189767: | ***parse IKEv2 Certificate Request Payload: Aug 26 18:24:25.189770: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.189772: | flags: none (0x0) Aug 26 18:24:25.189775: | length: 25 (0x19) Aug 26 18:24:25.189777: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.189780: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 18:24:25.189783: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:25.189791: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:25.189795: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:25.189797: | Now let's proceed with state specific processing Aug 26 18:24:25.189800: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:25.189804: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:25.189822: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:25.189826: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:25.189831: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.189834: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:25.189836: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.189839: | local proposal 1 type DH has 8 transforms Aug 26 18:24:25.189842: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:25.189845: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:25.189848: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.189853: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:25.189856: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.189859: | local proposal 2 type DH has 8 transforms Aug 26 18:24:25.189861: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:25.189865: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:25.189868: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.189871: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:25.189873: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.189876: | local proposal 3 type DH has 8 transforms Aug 26 18:24:25.189879: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:25.189882: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:25.189885: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.189888: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:25.189891: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.189894: | local proposal 4 type DH has 8 transforms Aug 26 18:24:25.189897: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:25.189900: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:25.189904: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.189907: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.189910: | length: 36 (0x24) Aug 26 18:24:25.189913: | prop #: 1 (0x1) Aug 26 18:24:25.189916: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:25.189918: | spi size: 0 (0x0) Aug 26 18:24:25.189921: | # transforms: 3 (0x3) Aug 26 18:24:25.189924: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:25.189928: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.189931: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.189934: | length: 12 (0xc) Aug 26 18:24:25.189937: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.189939: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.189942: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.189945: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.189948: | length/value: 256 (0x100) Aug 26 18:24:25.189953: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.189956: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.189959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.189961: | length: 8 (0x8) Aug 26 18:24:25.189964: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:25.189967: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:25.189971: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:25.189974: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.189977: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.189980: | length: 8 (0x8) Aug 26 18:24:25.189982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.189986: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.189989: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.189993: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:25.189998: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:25.190001: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.190005: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:25.190008: | converting proposal to internal trans attrs Aug 26 18:24:25.190027: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:25.190032: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.190035: | natd_hash: rcookie= 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.190040: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:25.190043: | natd_hash: port=500 Aug 26 18:24:25.190046: | natd_hash: hash= 9f 0c 55 b0 3b 51 b7 3f 8f e9 93 1f 52 fa d8 cd Aug 26 18:24:25.190049: | natd_hash: hash= 0e 9a 80 16 Aug 26 18:24:25.190057: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:25.190060: | natd_hash: icookie= e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.190063: | natd_hash: rcookie= 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.190065: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:25.190068: | natd_hash: port=500 Aug 26 18:24:25.190071: | natd_hash: hash= 4e 30 c2 b7 84 6b 50 a0 e3 8f b7 88 f1 22 09 34 Aug 26 18:24:25.190074: | natd_hash: hash= e2 20 d2 68 Aug 26 18:24:25.190077: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:25.190080: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:25.190083: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:25.190086: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:25.190093: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:25.190097: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:25.190101: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:25.190104: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:25.190109: | libevent_free: release ptr-libevent@0x55e6cc7213e8 Aug 26 18:24:25.190113: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e6cc71bde8 Aug 26 18:24:25.190116: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc71bde8 Aug 26 18:24:25.190120: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:25.190124: | libevent_malloc: new ptr-libevent@0x7fe834002888 size 128 Aug 26 18:24:25.190136: | #1 spent 0.33 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:25.190142: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.190146: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:25.190149: | suspending state #1 and saving MD Aug 26 18:24:25.190152: | #1 is busy; has a suspended MD Aug 26 18:24:25.190157: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.190160: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.190165: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.190170: | #1 spent 0.681 milliseconds in ikev2_process_packet() Aug 26 18:24:25.190175: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.190178: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.190182: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.190186: | spent 0.697 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.190199: | crypto helper 2 resuming Aug 26 18:24:25.190204: | crypto helper 2 starting work-order 2 for state #1 Aug 26 18:24:25.190208: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:25.190999: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:25.191314: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001104 seconds Aug 26 18:24:25.191324: | (#1) spent 1.11 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:25.191326: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:25.191328: | scheduling resume sending helper answer for #1 Aug 26 18:24:25.191331: | libevent_malloc: new ptr-libevent@0x7fe82c000f48 size 128 Aug 26 18:24:25.191339: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:25.191347: | processing resume sending helper answer for #1 Aug 26 18:24:25.191357: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.191362: | crypto helper 2 replies to request ID 2 Aug 26 18:24:25.191365: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:25.191368: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:25.191376: | creating state object #2 at 0x55e6cc726ab8 Aug 26 18:24:25.191380: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:25.191384: | pstats #2 ikev2.child started Aug 26 18:24:25.191388: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 18:24:25.191394: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.191401: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.191406: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:25.191411: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:25.191414: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.191418: | libevent_free: release ptr-libevent@0x7fe834002888 Aug 26 18:24:25.191422: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc71bde8 Aug 26 18:24:25.191425: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e6cc71bde8 Aug 26 18:24:25.191429: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:25.191432: | libevent_malloc: new ptr-libevent@0x7fe834002888 size 128 Aug 26 18:24:25.191436: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:25.191443: | **emit ISAKMP Message: Aug 26 18:24:25.191446: | initiator cookie: Aug 26 18:24:25.191449: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.191452: | responder cookie: Aug 26 18:24:25.191454: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.191457: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.191461: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.191463: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.191467: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.191470: | Message ID: 1 (0x1) Aug 26 18:24:25.191474: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.191478: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.191481: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.191484: | flags: none (0x0) Aug 26 18:24:25.191488: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.191491: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.191495: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.191506: | IKEv2 CERT: send a certificate? Aug 26 18:24:25.191512: | IKEv2 CERT: OK to send a certificate (always) Aug 26 18:24:25.191516: | IDr payload will be sent Aug 26 18:24:25.191531: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:25.191535: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.191538: | flags: none (0x0) Aug 26 18:24:25.191541: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.191546: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:25.191551: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.191557: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:25.191561: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.191564: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.191568: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.191571: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.191574: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.191578: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.191581: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:24:25.191584: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:24:25.191587: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:24:25.191591: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:24:25.191594: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:25.191597: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.191601: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Aug 26 18:24:25.191612: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.191616: | ****emit IKEv2 Certificate Payload: Aug 26 18:24:25.191620: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.191623: | flags: none (0x0) Aug 26 18:24:25.191626: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.191631: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 18:24:25.191635: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.191639: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 18:24:25.191643: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 18:24:25.191646: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:24:25.191649: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:24:25.191652: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:24:25.191655: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:24:25.191659: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:24:25.191662: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:24:25.191665: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:24:25.191668: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:24:25.191671: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:24:25.191675: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:24:25.191678: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:24:25.191681: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:24:25.191685: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:24:25.191688: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:24:25.191691: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:24:25.191694: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:24:25.191697: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:24:25.191701: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:24:25.191704: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:24:25.191707: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:24:25.191710: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 18:24:25.191713: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:24:25.191716: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 18:24:25.191721: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 18:24:25.191725: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 18:24:25.191728: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 18:24:25.191731: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 18:24:25.191734: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 18:24:25.191737: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 18:24:25.191740: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 18:24:25.191744: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 18:24:25.191747: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 18:24:25.191750: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 18:24:25.191754: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 18:24:25.191757: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 18:24:25.191760: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 18:24:25.191763: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 18:24:25.191766: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 18:24:25.191769: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 18:24:25.191773: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 18:24:25.191776: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 18:24:25.191779: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 18:24:25.191782: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 18:24:25.191785: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 18:24:25.191788: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 18:24:25.191792: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 18:24:25.191795: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 18:24:25.191798: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 18:24:25.191801: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 18:24:25.191804: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 18:24:25.191808: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 18:24:25.191811: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 18:24:25.191814: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 18:24:25.191818: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 18:24:25.191821: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:24:25.191824: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 18:24:25.191827: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 18:24:25.191830: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 18:24:25.191833: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 18:24:25.191837: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 18:24:25.191840: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 18:24:25.191843: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.191846: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 18:24:25.191849: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 18:24:25.191852: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 18:24:25.191856: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 18:24:25.191859: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 18:24:25.191862: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 18:24:25.191865: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 18:24:25.191868: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 18:24:25.191871: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 18:24:25.191875: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 18:24:25.191878: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 18:24:25.191883: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 18:24:25.191886: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 18:24:25.191889: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 18:24:25.191892: | emitting length of IKEv2 Certificate Payload: 1232 Aug 26 18:24:25.191896: | IKEv2 CERTREQ: send a cert request? Aug 26 18:24:25.191900: | IKEv2 CERTREQ: OK to send a certificate request Aug 26 18:24:25.191910: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Aug 26 18:24:25.191914: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 18:24:25.191917: | ****emit IKEv2 Certificate Request Payload: Aug 26 18:24:25.191921: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.191924: | flags: none (0x0) Aug 26 18:24:25.191927: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.191932: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:25.191936: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.192633: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 18:24:25.192651: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 18:24:25.192655: | CA cert public key hash Aug 26 18:24:25.192658: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:25.192661: | 2b 92 25 e9 Aug 26 18:24:25.192665: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 18:24:25.192669: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:25.192673: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:25.192676: | flags: none (0x0) Aug 26 18:24:25.192679: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.192684: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:25.192689: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:25.192693: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.192697: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:25.192700: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.192704: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.192707: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.192710: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.192713: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.192716: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.192719: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:25.192722: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.192726: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:25.192729: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:25.192732: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.192735: | IDr 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.192739: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 18:24:25.192742: | not sending INITIAL_CONTACT Aug 26 18:24:25.192746: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:25.192750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.192753: | flags: none (0x0) Aug 26 18:24:25.192756: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:25.192761: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:25.192769: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.192774: | #1 spent 1.41 milliseconds Aug 26 18:24:25.192790: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 18:24:25.192842: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 18:24:25.208987: | #1 spent 9.57 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:25.209001: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:25.209005: | rsa signature 47 3f 39 90 ca a8 5a 54 1e 7e 34 d3 b8 a1 6c dc Aug 26 18:24:25.209009: | rsa signature ec 47 7d 7e 1b 00 91 02 48 07 04 60 ae be ad 47 Aug 26 18:24:25.209012: | rsa signature 8a 52 d3 9d f9 df 25 f1 e6 23 32 ff 01 6c e0 52 Aug 26 18:24:25.209015: | rsa signature 06 c7 33 b3 a2 99 d6 86 1c e1 45 21 15 bf 96 42 Aug 26 18:24:25.209019: | rsa signature 09 31 88 ce 47 6f e4 82 e0 9c 25 53 05 8f dd 37 Aug 26 18:24:25.209022: | rsa signature ee 65 23 fa 77 fa fe a4 b6 a9 f5 f6 1c 9d 0d 76 Aug 26 18:24:25.209028: | rsa signature a9 53 b4 c3 78 b7 dd 91 61 3b 12 3f 59 73 cb 1b Aug 26 18:24:25.209032: | rsa signature d6 62 d7 8b 5f f4 b3 70 38 ca e1 07 60 27 cc 89 Aug 26 18:24:25.209035: | rsa signature 3d 07 e2 de 1c 45 ee 06 d1 e6 4d d6 0b f8 96 02 Aug 26 18:24:25.209038: | rsa signature f9 62 86 02 3a 35 ba 93 03 c2 91 45 36 8c 19 a9 Aug 26 18:24:25.209041: | rsa signature be bc 5f c1 86 5a 46 27 1b a0 e5 d9 24 ee 7e b1 Aug 26 18:24:25.209044: | rsa signature 7d 7c b0 60 f3 1a 08 c7 69 17 08 e2 dc bd 85 20 Aug 26 18:24:25.209047: | rsa signature c9 7f 4c d3 65 6f 86 47 ce e0 a5 70 61 52 f4 bc Aug 26 18:24:25.209049: | rsa signature a2 70 73 62 5d 50 2b 29 33 c1 42 f4 45 0f 82 39 Aug 26 18:24:25.209052: | rsa signature 6c a2 0f ff 4c 02 cf b7 59 f6 38 c3 99 86 de 7e Aug 26 18:24:25.209055: | rsa signature 36 a0 35 64 88 76 d2 16 4d f7 6b 99 c2 5d 42 5e Aug 26 18:24:25.209057: | rsa signature 92 04 5a 15 02 69 59 a2 98 c2 ca 1c ab 6e 5e d7 Aug 26 18:24:25.209060: | rsa signature e6 50 6a 5e d7 c2 21 0d f2 d3 92 b1 44 3e 24 e3 Aug 26 18:24:25.209063: | rsa signature 4e 57 e8 02 4b 99 32 a8 cc b5 2f 71 8d 7f 8f ce Aug 26 18:24:25.209065: | rsa signature ac 15 66 ba e7 52 5e 2d a9 a8 c3 ab 54 35 4b 3a Aug 26 18:24:25.209068: | rsa signature 34 04 f5 de 3f 66 11 ce 8d 75 5a 62 3d 66 14 f5 Aug 26 18:24:25.209071: | rsa signature e5 58 d1 cd 08 af 12 3e af 5f 68 be 84 37 eb 16 Aug 26 18:24:25.209074: | rsa signature bd e0 e0 db a9 bf 21 47 fa 58 55 dc 51 6d c2 d8 Aug 26 18:24:25.209077: | rsa signature 1b a7 4d 79 e4 00 9f c2 c6 e7 84 09 7c 7f fb 70 Aug 26 18:24:25.209083: | #1 spent 9.76 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:25.209087: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 18:24:25.209090: | getting first pending from state #1 Aug 26 18:24:25.209095: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Aug 26 18:24:25.209098: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:25.209117: | netlink_get_spi: allocated 0xcc5e1e56 for esp.0@192.1.3.33 Aug 26 18:24:25.209122: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:25.209129: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.209135: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:25.209139: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.209146: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:25.209149: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.209154: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.209158: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.209162: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.209171: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.209204: | Emitting ikev2_proposals ... Aug 26 18:24:25.209211: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.209215: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.209219: | flags: none (0x0) Aug 26 18:24:25.209224: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.209228: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.209231: | discarding INTEG=NONE Aug 26 18:24:25.209234: | discarding DH=NONE Aug 26 18:24:25.209237: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.209241: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209244: | prop #: 1 (0x1) Aug 26 18:24:25.209247: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.209251: | spi size: 4 (0x4) Aug 26 18:24:25.209254: | # transforms: 2 (0x2) Aug 26 18:24:25.209258: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.209262: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.209265: | our spi cc 5e 1e 56 Aug 26 18:24:25.209269: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209276: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.209279: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.209283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209287: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.209299: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.209302: | length/value: 256 (0x100) Aug 26 18:24:25.209306: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.209309: | discarding INTEG=NONE Aug 26 18:24:25.209311: | discarding DH=NONE Aug 26 18:24:25.209315: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209318: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.209321: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.209325: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.209329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209334: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209337: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209341: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:25.209345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.209350: | discarding INTEG=NONE Aug 26 18:24:25.209353: | discarding DH=NONE Aug 26 18:24:25.209356: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.209359: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209362: | prop #: 2 (0x2) Aug 26 18:24:25.209366: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.209369: | spi size: 4 (0x4) Aug 26 18:24:25.209371: | # transforms: 2 (0x2) Aug 26 18:24:25.209377: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209383: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.209386: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.209389: | our spi cc 5e 1e 56 Aug 26 18:24:25.209391: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209396: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.209398: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.209401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209404: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.209406: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.209409: | length/value: 128 (0x80) Aug 26 18:24:25.209411: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.209414: | discarding INTEG=NONE Aug 26 18:24:25.209416: | discarding DH=NONE Aug 26 18:24:25.209419: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209421: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.209423: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.209426: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.209429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209435: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209437: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:25.209440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.209442: | discarding DH=NONE Aug 26 18:24:25.209445: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.209447: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209450: | prop #: 3 (0x3) Aug 26 18:24:25.209453: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.209455: | spi size: 4 (0x4) Aug 26 18:24:25.209458: | # transforms: 4 (0x4) Aug 26 18:24:25.209461: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209463: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.209466: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.209469: | our spi cc 5e 1e 56 Aug 26 18:24:25.209471: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209475: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.209478: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.209480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209483: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.209485: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.209490: | length/value: 256 (0x100) Aug 26 18:24:25.209493: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.209495: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209500: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.209503: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.209505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209511: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209514: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209518: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.209521: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.209524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209529: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209531: | discarding DH=NONE Aug 26 18:24:25.209534: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209536: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.209539: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.209541: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.209544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209551: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:25.209554: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.209557: | discarding DH=NONE Aug 26 18:24:25.209559: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.209561: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.209564: | prop #: 4 (0x4) Aug 26 18:24:25.209566: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.209569: | spi size: 4 (0x4) Aug 26 18:24:25.209571: | # transforms: 4 (0x4) Aug 26 18:24:25.209575: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.209577: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.209581: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.209584: | our spi cc 5e 1e 56 Aug 26 18:24:25.209586: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209592: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.209594: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.209597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209600: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.209602: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.209605: | length/value: 128 (0x80) Aug 26 18:24:25.209609: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.209611: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209616: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.209618: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.209621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209624: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209627: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209629: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209634: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.209636: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.209639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209645: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209647: | discarding DH=NONE Aug 26 18:24:25.209649: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.209652: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.209654: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.209657: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.209660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.209663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.209666: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.209668: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:25.209671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.209674: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:25.209676: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.209680: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.209684: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.209686: | flags: none (0x0) Aug 26 18:24:25.209689: | number of TS: 1 (0x1) Aug 26 18:24:25.209692: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.209696: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.209699: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.209701: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.209704: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.209706: | start port: 0 (0x0) Aug 26 18:24:25.209709: | end port: 65535 (0xffff) Aug 26 18:24:25.209712: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.209715: | ipv4 start c0 00 03 00 Aug 26 18:24:25.209717: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.209720: | ipv4 end c0 00 03 ff Aug 26 18:24:25.209723: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.209725: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.209730: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.209733: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.209735: | flags: none (0x0) Aug 26 18:24:25.209738: | number of TS: 1 (0x1) Aug 26 18:24:25.209741: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.209744: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.209746: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.209749: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.209751: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.209753: | start port: 0 (0x0) Aug 26 18:24:25.209756: | end port: 65535 (0xffff) Aug 26 18:24:25.209759: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.209761: | ipv4 start c0 00 02 00 Aug 26 18:24:25.209764: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.209766: | ipv4 end c0 00 02 ff Aug 26 18:24:25.209769: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.209771: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.209774: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:25.209777: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:25.209780: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.209783: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.209787: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.209790: | emitting length of IKEv2 Encryption Payload: 2274 Aug 26 18:24:25.209793: | emitting length of ISAKMP Message: 2302 Aug 26 18:24:25.209798: | **parse ISAKMP Message: Aug 26 18:24:25.209801: | initiator cookie: Aug 26 18:24:25.209804: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.209807: | responder cookie: Aug 26 18:24:25.209809: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.209812: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.209815: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.209818: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.209821: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.209824: | Message ID: 1 (0x1) Aug 26 18:24:25.209827: | length: 2302 (0x8fe) Aug 26 18:24:25.209830: | **parse IKEv2 Encryption Payload: Aug 26 18:24:25.209832: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:25.209835: | flags: none (0x0) Aug 26 18:24:25.209838: | length: 2274 (0x8e2) Aug 26 18:24:25.209840: | **emit ISAKMP Message: Aug 26 18:24:25.209843: | initiator cookie: Aug 26 18:24:25.209846: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.209848: | responder cookie: Aug 26 18:24:25.209851: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.209854: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.209856: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.209859: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.209862: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.209865: | Message ID: 1 (0x1) Aug 26 18:24:25.209868: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.209871: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.209874: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:25.209877: | flags: none (0x0) Aug 26 18:24:25.209880: | fragment number: 1 (0x1) Aug 26 18:24:25.209883: | total fragments: 5 (0x5) Aug 26 18:24:25.209886: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 18:24:25.209890: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.209895: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.209899: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.209909: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.209912: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Aug 26 18:24:25.209915: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:25.209917: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:25.209920: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:25.209923: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.209925: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:25.209928: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Aug 26 18:24:25.209931: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Aug 26 18:24:25.209934: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.209937: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Aug 26 18:24:25.209940: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Aug 26 18:24:25.209943: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 18:24:25.209945: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Aug 26 18:24:25.209948: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Aug 26 18:24:25.209951: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Aug 26 18:24:25.209954: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Aug 26 18:24:25.209957: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Aug 26 18:24:25.209959: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Aug 26 18:24:25.209962: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Aug 26 18:24:25.209965: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Aug 26 18:24:25.209968: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Aug 26 18:24:25.209970: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Aug 26 18:24:25.209973: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Aug 26 18:24:25.209976: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Aug 26 18:24:25.210146: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.210153: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 Aug 26 18:24:25.210156: | cleartext fragment 30 39 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 Aug 26 18:24:25.210158: | cleartext fragment 33 30 39 30 37 35 33 5a 30 81 b6 31 0b 30 09 06 Aug 26 18:24:25.210161: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:25.210163: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Aug 26 18:24:25.210166: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.210169: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.210172: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.210175: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.210178: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.210197: | **emit ISAKMP Message: Aug 26 18:24:25.210201: | initiator cookie: Aug 26 18:24:25.210204: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.210206: | responder cookie: Aug 26 18:24:25.210209: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.210211: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.210214: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.210219: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.210222: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.210225: | Message ID: 1 (0x1) Aug 26 18:24:25.210228: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.210232: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.210235: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.210237: | flags: none (0x0) Aug 26 18:24:25.210240: | fragment number: 2 (0x2) Aug 26 18:24:25.210243: | total fragments: 5 (0x5) Aug 26 18:24:25.210246: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.210249: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.210252: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.210256: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.210260: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.210522: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Aug 26 18:24:25.210528: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Aug 26 18:24:25.210532: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Aug 26 18:24:25.210535: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Aug 26 18:24:25.210538: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Aug 26 18:24:25.210540: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 18:24:25.210543: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 18:24:25.210546: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Aug 26 18:24:25.210549: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Aug 26 18:24:25.210551: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Aug 26 18:24:25.210554: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Aug 26 18:24:25.210557: | cleartext fragment 82 01 81 00 c0 59 bd 4b 40 fd f4 2c e7 cf 9e f3 Aug 26 18:24:25.210560: | cleartext fragment 29 e6 61 73 de ab 42 3d cc 51 1a e8 79 d6 53 46 Aug 26 18:24:25.210563: | cleartext fragment a1 fd 66 d1 9e ab b4 65 76 51 ad 3f 6f 8f ef d2 Aug 26 18:24:25.210565: | cleartext fragment 73 f9 fd 8f 44 b0 6c 36 4b 95 c3 b2 45 0f 31 0c Aug 26 18:24:25.210568: | cleartext fragment e9 df 35 95 44 c0 19 53 8d df 6a 4b b2 af d6 d3 Aug 26 18:24:25.210571: | cleartext fragment e8 dd f5 20 df 9c cd 8a f7 6a 09 92 60 00 45 44 Aug 26 18:24:25.210574: | cleartext fragment 39 4c 17 6c 06 02 91 37 4b f5 6a c3 5e 21 c6 64 Aug 26 18:24:25.210577: | cleartext fragment 32 32 98 1d b7 99 1f 3c 13 fe ec c7 a4 a5 3b 37 Aug 26 18:24:25.210580: | cleartext fragment 30 df e4 31 95 47 91 b1 ca 96 66 b7 9e 49 65 a2 Aug 26 18:24:25.210582: | cleartext fragment 4c 79 54 17 ed 68 19 34 9d 7e 67 91 27 51 f0 ee Aug 26 18:24:25.210585: | cleartext fragment cb b3 90 68 7c 1d fd 83 32 06 2e e6 6f d5 f0 62 Aug 26 18:24:25.210588: | cleartext fragment 00 4d ef 11 90 b6 ad 61 83 0b 21 94 18 d9 2b 88 Aug 26 18:24:25.210590: | cleartext fragment 09 0d 33 2e 3b 71 18 f4 ce 4a 45 f3 37 f4 db c0 Aug 26 18:24:25.210593: | cleartext fragment d6 ab c2 da da cd 6d e0 a3 9d 21 53 19 34 b1 0c Aug 26 18:24:25.210596: | cleartext fragment d9 63 7c 45 b7 26 a4 d9 d6 93 25 1e 1f 74 3c 07 Aug 26 18:24:25.210599: | cleartext fragment 32 69 9b bc 0f db ba 3e 30 85 a4 3d ec 5c 70 fe Aug 26 18:24:25.210602: | cleartext fragment fe 7d 64 3c 2c 48 b3 8a eb 26 bf 05 d4 33 1e c3 Aug 26 18:24:25.210605: | cleartext fragment f7 1c 24 c9 99 e3 d1 99 91 df 32 10 d5 7c 31 7e Aug 26 18:24:25.210608: | cleartext fragment 9e 6f 70 01 dc 0d d7 21 03 76 4d f5 b2 e3 Aug 26 18:24:25.210613: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.210617: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.210621: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.210624: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.210627: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.210638: | **emit ISAKMP Message: Aug 26 18:24:25.210642: | initiator cookie: Aug 26 18:24:25.210644: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.210647: | responder cookie: Aug 26 18:24:25.210650: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.210653: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.210656: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.210659: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.210662: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.210665: | Message ID: 1 (0x1) Aug 26 18:24:25.210668: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.210672: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.210674: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.210677: | flags: none (0x0) Aug 26 18:24:25.210680: | fragment number: 3 (0x3) Aug 26 18:24:25.210682: | total fragments: 5 (0x5) Aug 26 18:24:25.210685: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.210689: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.210692: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.210695: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.210765: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.210772: | cleartext fragment 87 30 94 8c b2 0a c0 b4 d9 0b d4 d9 37 e0 7a 73 Aug 26 18:24:25.210776: | cleartext fragment 13 50 8d 6f 93 9a 7c 5a 1a b2 87 7e 0c 64 60 cb Aug 26 18:24:25.210779: | cleartext fragment 4b 2c ef 22 75 b1 7c 60 3e e3 e5 f1 94 38 51 8f Aug 26 18:24:25.210782: | cleartext fragment 00 e8 35 7b b5 01 ed c1 c4 fd a3 4b 56 42 d6 8b Aug 26 18:24:25.210785: | cleartext fragment 64 38 74 95 c4 13 70 f0 f0 23 29 57 2b ef 74 97 Aug 26 18:24:25.210788: | cleartext fragment 97 76 8d 30 48 91 02 03 01 00 01 a3 81 e4 30 81 Aug 26 18:24:25.210791: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Aug 26 18:24:25.210793: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Aug 26 18:24:25.210796: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.210799: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Aug 26 18:24:25.210802: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Aug 26 18:24:25.210804: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Aug 26 18:24:25.210807: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Aug 26 18:24:25.210810: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Aug 26 18:24:25.210813: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Aug 26 18:24:25.210816: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Aug 26 18:24:25.210819: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Aug 26 18:24:25.210822: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Aug 26 18:24:25.210824: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Aug 26 18:24:25.210827: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Aug 26 18:24:25.210830: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Aug 26 18:24:25.210835: | cleartext fragment 00 03 81 81 00 9e e9 26 57 73 c2 4c 64 c6 ab d6 Aug 26 18:24:25.210838: | cleartext fragment d3 1a 13 4f 6b 48 e3 17 b2 3d fb 30 93 2d 15 92 Aug 26 18:24:25.210841: | cleartext fragment 6e a3 60 29 10 1d 3e a7 93 48 3c 40 5b af 9e e5 Aug 26 18:24:25.210843: | cleartext fragment 93 b7 2f d5 4b 9f db bd ab 5d 03 57 3a 1a f9 81 Aug 26 18:24:25.210846: | cleartext fragment 87 13 dd 32 e7 93 b5 9e 3b 40 3c c6 c9 d5 ce c6 Aug 26 18:24:25.210849: | cleartext fragment c7 5d da 89 36 3d d0 36 82 fd b2 ab 00 2a 7c 0e Aug 26 18:24:25.210852: | cleartext fragment a7 ad 3e e2 b1 5a 0d 88 45 26 48 51 b3 c7 79 d7 Aug 26 18:24:25.210855: | cleartext fragment 04 e7 47 5f 28 f8 63 fb ae 58 52 8b ba 60 ce 19 Aug 26 18:24:25.210857: | cleartext fragment ac fa 4e 65 7d 24 00 00 19 04 58 13 71 57 Aug 26 18:24:25.210860: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.210864: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.210868: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.210870: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.210873: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.210884: | **emit ISAKMP Message: Aug 26 18:24:25.210888: | initiator cookie: Aug 26 18:24:25.210891: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.210894: | responder cookie: Aug 26 18:24:25.210896: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.210900: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.210903: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.210905: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.210908: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.210911: | Message ID: 1 (0x1) Aug 26 18:24:25.210914: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.210917: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.210920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.210922: | flags: none (0x0) Aug 26 18:24:25.210925: | fragment number: 4 (0x4) Aug 26 18:24:25.210928: | total fragments: 5 (0x5) Aug 26 18:24:25.210931: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.210934: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.210938: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.210942: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.210949: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.210952: | cleartext fragment 9d ee 1a 15 74 03 12 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:25.210955: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 18:24:25.210958: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:25.210960: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:25.210963: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:25.210966: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:25.210968: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:25.210971: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:25.210974: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:25.210976: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:25.210979: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:25.210982: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:25.210987: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Aug 26 18:24:25.210989: | cleartext fragment 00 01 88 01 00 00 00 47 3f 39 90 ca a8 5a 54 1e Aug 26 18:24:25.210992: | cleartext fragment 7e 34 d3 b8 a1 6c dc ec 47 7d 7e 1b 00 91 02 48 Aug 26 18:24:25.210995: | cleartext fragment 07 04 60 ae be ad 47 8a 52 d3 9d f9 df 25 f1 e6 Aug 26 18:24:25.210998: | cleartext fragment 23 32 ff 01 6c e0 52 06 c7 33 b3 a2 99 d6 86 1c Aug 26 18:24:25.211001: | cleartext fragment e1 45 21 15 bf 96 42 09 31 88 ce 47 6f e4 82 e0 Aug 26 18:24:25.211004: | cleartext fragment 9c 25 53 05 8f dd 37 ee 65 23 fa 77 fa fe a4 b6 Aug 26 18:24:25.211007: | cleartext fragment a9 f5 f6 1c 9d 0d 76 a9 53 b4 c3 78 b7 dd 91 61 Aug 26 18:24:25.211009: | cleartext fragment 3b 12 3f 59 73 cb 1b d6 62 d7 8b 5f f4 b3 70 38 Aug 26 18:24:25.211012: | cleartext fragment ca e1 07 60 27 cc 89 3d 07 e2 de 1c 45 ee 06 d1 Aug 26 18:24:25.211015: | cleartext fragment e6 4d d6 0b f8 96 02 f9 62 86 02 3a 35 ba 93 03 Aug 26 18:24:25.211018: | cleartext fragment c2 91 45 36 8c 19 a9 be bc 5f c1 86 5a 46 27 1b Aug 26 18:24:25.211020: | cleartext fragment a0 e5 d9 24 ee 7e b1 7d 7c b0 60 f3 1a 08 c7 69 Aug 26 18:24:25.211023: | cleartext fragment 17 08 e2 dc bd 85 20 c9 7f 4c d3 65 6f 86 47 ce Aug 26 18:24:25.211026: | cleartext fragment e0 a5 70 61 52 f4 bc a2 70 73 62 5d 50 2b 29 33 Aug 26 18:24:25.211028: | cleartext fragment c1 42 f4 45 0f 82 39 6c a2 0f ff 4c 02 cf b7 59 Aug 26 18:24:25.211031: | cleartext fragment f6 38 c3 99 86 de 7e 36 a0 35 64 88 76 d2 16 4d Aug 26 18:24:25.211034: | cleartext fragment f7 6b 99 c2 5d 42 5e 92 04 5a 15 02 69 59 Aug 26 18:24:25.211037: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.211040: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.211043: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.211046: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:25.211049: | emitting length of ISAKMP Message: 539 Aug 26 18:24:25.211057: | **emit ISAKMP Message: Aug 26 18:24:25.211060: | initiator cookie: Aug 26 18:24:25.211063: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.211066: | responder cookie: Aug 26 18:24:25.211068: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211071: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.211074: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.211077: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.211080: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.211083: | Message ID: 1 (0x1) Aug 26 18:24:25.211086: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.211089: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:25.211092: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.211094: | flags: none (0x0) Aug 26 18:24:25.211097: | fragment number: 5 (0x5) Aug 26 18:24:25.211100: | total fragments: 5 (0x5) Aug 26 18:24:25.211103: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:25.211106: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.211109: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:25.211113: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:25.211117: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:25.211120: | cleartext fragment a2 98 c2 ca 1c ab 6e 5e d7 e6 50 6a 5e d7 c2 21 Aug 26 18:24:25.211123: | cleartext fragment 0d f2 d3 92 b1 44 3e 24 e3 4e 57 e8 02 4b 99 32 Aug 26 18:24:25.211125: | cleartext fragment a8 cc b5 2f 71 8d 7f 8f ce ac 15 66 ba e7 52 5e Aug 26 18:24:25.211128: | cleartext fragment 2d a9 a8 c3 ab 54 35 4b 3a 34 04 f5 de 3f 66 11 Aug 26 18:24:25.211131: | cleartext fragment ce 8d 75 5a 62 3d 66 14 f5 e5 58 d1 cd 08 af 12 Aug 26 18:24:25.211134: | cleartext fragment 3e af 5f 68 be 84 37 eb 16 bd e0 e0 db a9 bf 21 Aug 26 18:24:25.211137: | cleartext fragment 47 fa 58 55 dc 51 6d c2 d8 1b a7 4d 79 e4 00 9f Aug 26 18:24:25.211140: | cleartext fragment c2 c6 e7 84 09 7c 7f fb 70 2c 00 00 a4 02 00 00 Aug 26 18:24:25.211143: | cleartext fragment 20 01 03 04 02 cc 5e 1e 56 03 00 00 0c 01 00 00 Aug 26 18:24:25.211146: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Aug 26 18:24:25.211148: | cleartext fragment 20 02 03 04 02 cc 5e 1e 56 03 00 00 0c 01 00 00 Aug 26 18:24:25.211151: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Aug 26 18:24:25.211154: | cleartext fragment 30 03 03 04 04 cc 5e 1e 56 03 00 00 0c 01 00 00 Aug 26 18:24:25.211157: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 18:24:25.211160: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Aug 26 18:24:25.211163: | cleartext fragment 30 04 03 04 04 cc 5e 1e 56 03 00 00 0c 01 00 00 Aug 26 18:24:25.211165: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 18:24:25.211168: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Aug 26 18:24:25.211171: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Aug 26 18:24:25.211173: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Aug 26 18:24:25.211176: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Aug 26 18:24:25.211179: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.211182: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:25.211185: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:25.211188: | emitting length of IKEv2 Encrypted Fragment: 366 Aug 26 18:24:25.211190: | emitting length of ISAKMP Message: 394 Aug 26 18:24:25.211203: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.211208: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.211213: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:25.211217: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:25.211220: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:25.211224: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:25.211229: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:25.211235: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:25.211240: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:25.211270: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:25.211275: | sending fragments ... Aug 26 18:24:25.211281: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.211284: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211287: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:25.211298: | 00 01 00 05 08 b3 45 9c 78 5b be 8b ed cb 15 9e Aug 26 18:24:25.211301: | a9 0e 10 8d db e9 55 c6 78 da 79 d7 f1 98 75 17 Aug 26 18:24:25.211303: | 3a 7d 06 1a 13 d4 34 a7 5d 76 18 91 88 c9 06 c7 Aug 26 18:24:25.211308: | 47 fe ce 87 9a 35 75 ae 0a 4a e4 01 8c 36 a2 c4 Aug 26 18:24:25.211311: | 50 f4 d5 87 79 d8 fc ac 65 5a 67 73 c8 3c 9b 75 Aug 26 18:24:25.211313: | 28 06 c6 a6 3a f1 be 1d 5a 9d 0c d9 d6 dd d6 99 Aug 26 18:24:25.211315: | 4b a4 6b 05 1b d3 75 e6 39 ba aa da 07 a1 3a 2a Aug 26 18:24:25.211318: | 99 bd ed d2 13 28 f0 e6 e4 0d ad c5 42 91 27 a0 Aug 26 18:24:25.211320: | b9 a4 db ad 78 6c 39 8b 42 1e 52 53 bf 79 8c fc Aug 26 18:24:25.211323: | 58 5f 79 39 72 b2 03 6b 12 a4 7a 48 54 fc ab f8 Aug 26 18:24:25.211325: | 45 36 fb 52 81 29 39 78 74 cb 26 7f ae 02 2f 78 Aug 26 18:24:25.211327: | bb d1 c8 8c c2 66 cb ab b2 9d 82 38 e2 89 2e 26 Aug 26 18:24:25.211330: | 6b a7 ba 63 d4 57 ba 14 a7 02 cb 29 7a c3 55 e1 Aug 26 18:24:25.211333: | 9f 01 9f b2 21 0c 47 9f ab 1b ef 26 b1 72 b1 c9 Aug 26 18:24:25.211335: | 9e ef 13 c0 69 84 ee 3b 2f 04 67 5b 4b e6 df d8 Aug 26 18:24:25.211337: | 44 c8 df 41 7e cb 3d f9 7b 4d 7a 4e ae 5a 92 79 Aug 26 18:24:25.211340: | 33 ae a8 f9 d7 0b cc be 9b d7 0e e1 f9 71 37 45 Aug 26 18:24:25.211343: | ef a0 95 47 b5 c3 6c b4 9a 1c 9c 99 23 8f 1e f9 Aug 26 18:24:25.211345: | a6 13 f6 a2 1b be e7 be d2 82 36 1c 8b 40 b4 b7 Aug 26 18:24:25.211348: | da ae 92 3d 6a ef 9b 5a 0f 48 f3 3a 30 c2 72 33 Aug 26 18:24:25.211350: | f5 7b f1 e7 cc 4f 40 3b 8f b7 e9 d2 7b 50 1b fa Aug 26 18:24:25.211353: | 20 90 7c a5 0a 05 f4 ff fe c3 bf d9 c4 1a 96 dd Aug 26 18:24:25.211356: | a4 a2 8e 4c 5f 7a 3e f4 61 9e 13 82 8b 69 3b 31 Aug 26 18:24:25.211358: | 5a 3a 05 a8 53 ee 4a 8b 7e 8f 9d 11 de ca 1e 2a Aug 26 18:24:25.211361: | 56 8c d5 ae 31 1c fe 6d cf 35 ec d8 96 c7 f2 96 Aug 26 18:24:25.211364: | b4 c5 27 7f 78 24 d2 71 bf 60 d0 6f b2 ff 79 cc Aug 26 18:24:25.211366: | ed be 9d f0 38 34 c6 d4 5e 0f 2f d0 6d f4 7d 8d Aug 26 18:24:25.211369: | 2e d4 12 1c 8e 24 5b 0a 86 f5 73 6d 38 56 a3 53 Aug 26 18:24:25.211371: | eb 00 90 c5 48 50 cd ed d1 f3 29 70 dd b1 2b ce Aug 26 18:24:25.211373: | 96 49 37 0f 8d b2 42 f5 c3 57 1d c0 64 7d 45 6a Aug 26 18:24:25.211376: | d5 fb 07 5c b4 9f 20 ef f3 89 f0 62 6e 1b 23 44 Aug 26 18:24:25.211378: | ab 49 19 7f 06 57 5b 41 c6 17 a9 Aug 26 18:24:25.211704: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.211710: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.211713: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.211717: | 00 02 00 05 37 b8 9e eb 7a 04 91 16 fb 30 0e 79 Aug 26 18:24:25.211720: | e6 c5 32 44 e2 16 8a 97 22 24 4f 8e 36 47 0a 00 Aug 26 18:24:25.211723: | 44 67 33 95 77 04 39 04 8f 77 7a 00 a7 1f 4d 2a Aug 26 18:24:25.211726: | 6c f9 63 4c ed 4f 79 c7 69 d3 f3 04 7a 86 ae 4d Aug 26 18:24:25.211729: | f2 13 4a 43 1a f6 aa 97 fe e1 39 44 d7 b5 fc 56 Aug 26 18:24:25.211733: | 48 5e 79 0e 16 45 2e 4d 9f 68 9f f1 2f 91 a9 97 Aug 26 18:24:25.211736: | 52 a9 67 8a 6a 8b 0f f5 8f 0a 68 a4 04 80 3d e0 Aug 26 18:24:25.211739: | f8 fc 8d d8 a1 8d 20 66 e5 fa 05 91 96 eb aa 0c Aug 26 18:24:25.211742: | 4d 4e 50 76 ab b0 67 93 ef 67 30 ee 32 02 2c 50 Aug 26 18:24:25.211746: | e6 f3 f6 f9 a4 6a c9 74 bd 8d 0e e6 c9 b7 8e 63 Aug 26 18:24:25.211749: | e0 68 fa 10 8b 3e 8c f2 3b 9b 5d b6 c3 62 e8 2b Aug 26 18:24:25.211752: | cc ec ae a5 c5 52 b9 a9 37 90 e6 c7 e3 a1 01 8b Aug 26 18:24:25.211755: | 25 62 44 31 59 97 53 dc 21 23 c9 8f 3e 4b d9 75 Aug 26 18:24:25.211758: | 27 b6 dd aa 4a c3 1e 3e 78 6a db 11 e7 aa 88 d8 Aug 26 18:24:25.211762: | 9e 9f e8 35 72 17 4d 8e be fd 43 a7 91 49 46 de Aug 26 18:24:25.211765: | 5d 0e 4f ce 69 25 c6 25 a1 92 f0 d7 16 a2 d1 f8 Aug 26 18:24:25.211768: | 52 5d d6 4d 2f 4b d2 9d 77 f8 dd 04 0e 1e 5b f8 Aug 26 18:24:25.211771: | 6a 36 10 51 69 53 f5 b6 a1 ca 73 6f be 74 59 15 Aug 26 18:24:25.211774: | c0 6d bb 59 1e 29 7a f0 88 fa 53 96 ca 33 16 8e Aug 26 18:24:25.211777: | ff 27 94 ae 78 2d 72 1b ec f9 e0 15 ee ed 20 44 Aug 26 18:24:25.211784: | 8c 31 38 9f 66 70 67 78 eb 8d bb 9e 9a ba 98 15 Aug 26 18:24:25.211787: | 40 1b b3 b9 8f 28 81 c0 3d 2e c9 ec 64 70 be c1 Aug 26 18:24:25.211790: | 43 e0 64 a8 6a a1 67 0e 53 06 71 95 50 ff 38 f8 Aug 26 18:24:25.211794: | 06 85 f7 87 10 9e c3 0b 3c 15 a4 0d a8 6e cb 6c Aug 26 18:24:25.211797: | 95 cc 5d 1c 9a c7 70 8f e6 b8 02 8d 23 24 aa 10 Aug 26 18:24:25.211800: | 9f f3 f1 c3 49 ee bd da 0b b6 e6 b9 a6 c5 b5 84 Aug 26 18:24:25.211804: | 6c 28 bf bb 5c 49 97 96 86 6f 7d 4a b1 38 7c 38 Aug 26 18:24:25.211807: | 87 a1 8e c1 06 49 7a cd 5f b3 01 f3 4b 38 26 54 Aug 26 18:24:25.211810: | 04 b2 b1 db 60 5e 5c 82 2d 49 16 5f f3 2b bc 2b Aug 26 18:24:25.211813: | d3 1c c9 48 33 13 3c fc 9f ce 9f 8d a5 d9 eb a1 Aug 26 18:24:25.211816: | 36 1d 0d 51 97 2c b2 88 2a d5 e1 df b6 11 0d ef Aug 26 18:24:25.211819: | a8 6e 8c 5e 24 e4 68 0f 2d db cc Aug 26 18:24:25.212206: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.212212: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212215: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.212218: | 00 03 00 05 61 9a 74 84 81 cb c1 de 6b a7 81 0d Aug 26 18:24:25.212220: | 27 26 35 23 6e be a8 41 c8 42 32 cf 7e 72 8b 06 Aug 26 18:24:25.212223: | ec 89 98 f7 3b c9 90 de d3 f8 7d 5c 2b 74 aa 2f Aug 26 18:24:25.212225: | b6 5b 5b ab 56 79 1b df 6f 8b 3a b1 f4 d8 01 9e Aug 26 18:24:25.212227: | a9 97 9c 3c f4 52 44 f1 be c8 d0 3f 3a ad bd ff Aug 26 18:24:25.212230: | 50 36 43 48 02 ca 12 e8 06 7f ad 35 ae 95 aa 7e Aug 26 18:24:25.212232: | 7e 8d 4b fc af 1d 30 ce b2 f1 6c 35 27 96 ce 5c Aug 26 18:24:25.212234: | 1f 53 43 47 d4 9d 73 a5 fb 47 21 da 90 9d 9e 0b Aug 26 18:24:25.212236: | 3a 5e 2b 62 97 b7 cd 1f 4c 33 06 c5 9e ab 80 b2 Aug 26 18:24:25.212238: | 9f 01 d0 4e 03 4e c4 81 82 9c 34 1f a8 7e 24 cd Aug 26 18:24:25.212241: | 2c a0 35 1b 66 44 52 14 c3 f5 4e 8e 03 7b 25 09 Aug 26 18:24:25.212243: | a5 f5 ff 0f b4 1d 2d f7 36 f2 56 1e 43 22 c4 05 Aug 26 18:24:25.212245: | b9 6a 0c b2 8b 7f 00 45 bf c5 14 14 fd b1 01 3b Aug 26 18:24:25.212247: | 54 40 d4 bd ab 7a 31 7b 38 0f 99 f7 f0 95 0f 4f Aug 26 18:24:25.212250: | be 04 48 be 3c c4 f3 a1 15 71 09 22 c9 8f 61 27 Aug 26 18:24:25.212252: | 9f f1 73 1a a1 fd a2 02 7e 9b 62 af 6b db 0b f1 Aug 26 18:24:25.212254: | d8 b9 51 b5 92 64 e9 f0 19 4b bc 9f 32 f2 16 ce Aug 26 18:24:25.212256: | 7c 5c 9b 52 7b eb 88 36 60 03 0d 53 68 5e 53 26 Aug 26 18:24:25.212258: | 6d 90 f1 52 07 65 85 08 3c 82 fb fb 54 00 6b 54 Aug 26 18:24:25.212261: | df 54 e9 be ea 38 ee f8 1b bd d0 28 b1 98 56 4c Aug 26 18:24:25.212263: | 47 7d 3b 5b 91 e8 43 91 a6 c1 18 e3 c5 2f 55 09 Aug 26 18:24:25.212265: | f2 d1 29 ac 26 c3 c8 84 31 ee 75 9c f7 0c 32 dd Aug 26 18:24:25.212268: | a0 1e ec 7c dc a8 17 9f a8 ec 84 76 ba 94 f7 07 Aug 26 18:24:25.212270: | 14 65 f7 e6 e3 be fd 28 6d 76 d1 fb 9a 5c 4d 48 Aug 26 18:24:25.212272: | 90 dd 75 14 72 b6 8d 92 13 e1 ba 2c 93 39 4b d4 Aug 26 18:24:25.212275: | d4 f1 f2 44 44 4a e1 8f 39 3b 9c 5c ff c0 87 b0 Aug 26 18:24:25.212277: | 6b d0 1a a0 b6 24 cf 26 54 41 80 14 4f ab 6e 27 Aug 26 18:24:25.212280: | 2d 0a d2 82 94 e8 0a b3 cf 63 bc 00 be a6 fd 0f Aug 26 18:24:25.212282: | e8 78 32 70 3b 49 bc 1e 8f b5 5c ab 25 0e 0f c5 Aug 26 18:24:25.212284: | 27 1f 74 33 85 98 71 c0 72 03 8c a4 84 a9 07 43 Aug 26 18:24:25.212286: | e8 a0 5e a0 fd 9a 7d 79 0c e9 db c2 e9 b6 0f 50 Aug 26 18:24:25.212296: | d6 ac f7 06 c4 db a8 66 fd 39 2f Aug 26 18:24:25.212629: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.212636: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.212639: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.212643: | 00 04 00 05 c8 ba 6d 5c 0a 73 73 7a 87 c4 04 18 Aug 26 18:24:25.212648: | eb e2 bb b7 f8 21 c2 46 d3 39 8b d6 a0 8c 85 f4 Aug 26 18:24:25.212652: | 54 d9 ec 78 bf 49 cf 75 c1 e6 ba 0d be 6c 69 cf Aug 26 18:24:25.212655: | 2a 1f 83 2b 01 9a 3f e1 26 2f 5d db 9b fe 25 ca Aug 26 18:24:25.212658: | 2a 55 b0 87 5f bc ad 0e 46 af fe e8 ec 22 24 df Aug 26 18:24:25.212661: | 0d 54 50 17 65 99 de 2b d9 98 ba a9 12 a1 62 38 Aug 26 18:24:25.212664: | bb 58 2d 94 69 6e ea 0e 7e 6e 9d 0c 84 c1 ee a6 Aug 26 18:24:25.212667: | 59 91 7d 6d b3 2e 83 c9 6f e8 80 08 3e 16 fb 7d Aug 26 18:24:25.212670: | a6 4b 55 33 11 0a fc b9 84 ad 76 40 a9 c3 09 11 Aug 26 18:24:25.212674: | b2 2f 6e 37 a0 00 3d 28 c7 f0 11 4c 43 d3 f9 41 Aug 26 18:24:25.212677: | 21 b8 47 d0 9a 0c af a9 8b 4e 79 8b be b0 13 43 Aug 26 18:24:25.212680: | 8a 7b 6b fb f3 1d 91 ae bf 48 99 64 12 cd bc 2c Aug 26 18:24:25.212683: | 90 49 d2 06 c9 d4 93 e0 cf 30 42 39 a4 86 29 27 Aug 26 18:24:25.212686: | b1 87 77 82 89 4f 74 6b 6e 35 b1 87 2c 3e fa 12 Aug 26 18:24:25.212689: | 67 e5 d6 85 57 f6 39 c1 7c cf e9 85 7a 67 91 68 Aug 26 18:24:25.212692: | 6a ca da 7e 9e 37 20 3f 1c e8 c9 72 66 1c 2b 4c Aug 26 18:24:25.212696: | 4b a6 34 53 b0 63 6e 06 44 ff c3 8c 5d fd f7 aa Aug 26 18:24:25.212699: | 85 b6 54 4f db a5 e1 16 7b 00 2e dc 33 f3 ff 6d Aug 26 18:24:25.212702: | 71 3f 4a c5 fb f7 8d 05 25 69 ea 73 7b 2d 88 dd Aug 26 18:24:25.212705: | 9b bc 87 7d c4 bd d1 8c e8 0b fc 69 42 c3 f4 52 Aug 26 18:24:25.212709: | 69 b2 93 0a 9e 06 bf 17 48 4b 04 b8 5f 1f ee b3 Aug 26 18:24:25.212712: | 13 54 40 de 50 6c fc 34 39 57 4b 1a aa 17 23 e6 Aug 26 18:24:25.212715: | b0 eb 7d c6 f8 96 60 f0 39 c1 05 6d 0d bb 5b 00 Aug 26 18:24:25.212718: | b2 a6 bf a7 45 f0 56 9c 6c 7b 53 53 d9 cd 7d 62 Aug 26 18:24:25.212721: | 52 f1 5e 7f 09 ff fb 6e 0a 7d 3f 2e a4 4b 17 eb Aug 26 18:24:25.212724: | cd dc 12 d2 5c 22 6d 08 12 b6 a6 a3 db ef 3e 70 Aug 26 18:24:25.212727: | 57 6f a6 88 6d 3d 8b ab 42 2a 33 4c 01 2b ef a6 Aug 26 18:24:25.212730: | 4e ba 09 79 5b 17 16 37 f6 fb 18 80 35 1b e6 af Aug 26 18:24:25.212733: | 46 84 90 7d 39 8b d8 c2 b4 a3 e4 4d 90 ac cd 7c Aug 26 18:24:25.212736: | 9f 97 20 41 66 aa 24 dd dd 18 38 6a dd 24 fd ac Aug 26 18:24:25.212740: | 1f 8e 94 c9 6b 5a e8 b5 70 d1 65 57 33 bb 88 94 Aug 26 18:24:25.212742: | 08 80 51 29 3d a7 44 24 3c f7 dc Aug 26 18:24:25.213052: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.213056: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.213060: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 18:24:25.213063: | 00 05 00 05 b4 01 1b a3 c9 ec 0b 88 34 ec 75 5e Aug 26 18:24:25.213066: | de 2e 20 5e af 99 2d 8a 89 33 ba e4 0c 0d e8 88 Aug 26 18:24:25.213069: | 3a 6b 25 ea 80 2c 16 64 9e ce 00 6b 1c c0 9e 86 Aug 26 18:24:25.213072: | be 5b a8 65 50 33 c2 60 32 8e df 9b 45 8e 98 be Aug 26 18:24:25.213075: | 3f 38 d1 b4 5b 45 16 65 8f af 78 60 76 5b a0 9a Aug 26 18:24:25.213078: | e4 68 6a 1b 95 39 b3 6d ba 01 06 30 51 e1 4d 59 Aug 26 18:24:25.213081: | 55 36 fe a4 96 4f 63 67 2c 94 69 df 46 88 e4 b5 Aug 26 18:24:25.213084: | 0e 48 06 6d de ed 47 17 c9 d2 ff 99 e1 b5 00 1b Aug 26 18:24:25.213088: | b9 af 10 76 5c 6f d5 d4 1b 44 62 7b 35 b7 c9 0e Aug 26 18:24:25.213091: | 98 19 fb 68 84 9d 0a e5 50 20 30 11 7e cf 44 68 Aug 26 18:24:25.213094: | 15 25 1b d5 fb 67 0c bd 67 6e 8c fb 72 18 f7 90 Aug 26 18:24:25.213097: | b1 90 b5 c7 5e 41 9f 21 59 d4 a3 2c 92 7e 11 34 Aug 26 18:24:25.213100: | d9 5d 03 da 8f 9b f1 f0 39 c4 4d 53 44 72 21 f4 Aug 26 18:24:25.213103: | e7 6a 1d 07 21 0d b3 0a cb 8c 32 34 1a e5 d8 f2 Aug 26 18:24:25.213106: | b8 6c 0d 47 c3 b4 50 7d 10 10 b7 18 c2 08 aa 0f Aug 26 18:24:25.213109: | 12 12 3f fa a3 3b b8 41 d4 46 d9 49 4b bd 4b ea Aug 26 18:24:25.213112: | 18 8c 65 45 89 f5 ec f4 db c4 a6 ba 4b 6a d3 e7 Aug 26 18:24:25.213117: | ae fb da b3 a4 8d 53 8e e9 3c 65 a7 bc 8d a7 1c Aug 26 18:24:25.213120: | 7f 6c 6e a1 3e ad 6b 59 d7 51 c3 32 d9 c6 3f 7f Aug 26 18:24:25.213123: | 73 84 98 f9 3c f7 29 29 20 15 f9 6c 0a ed 2a a8 Aug 26 18:24:25.213126: | 29 d7 82 e5 35 e1 e1 cb e6 d0 9d af b1 fb 43 ce Aug 26 18:24:25.213129: | 7f 3b 62 e2 5a 15 c8 9f 35 d7 b7 8c 3b 14 a5 ec Aug 26 18:24:25.213132: | c9 63 3a 2d 18 eb 95 63 4c 0b Aug 26 18:24:25.213509: | sent 5 fragments Aug 26 18:24:25.213519: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:25.213523: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:25.213555: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fe834002b78 Aug 26 18:24:25.213562: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:24:25.213567: | libevent_malloc: new ptr-libevent@0x55e6cc72b498 size 128 Aug 26 18:24:25.213573: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29150.956019 Aug 26 18:24:25.213579: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:25.213585: | #1 spent 2.38 milliseconds Aug 26 18:24:25.213590: | #1 spent 13.5 milliseconds in resume sending helper answer Aug 26 18:24:25.213595: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.213599: | libevent_free: release ptr-libevent@0x7fe82c000f48 Aug 26 18:24:25.302506: | spent 0.00303 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.302534: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.302539: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302542: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 18:24:25.302544: | 00 01 00 05 ac c2 c8 3a 95 2a 4c ef 93 de f8 37 Aug 26 18:24:25.302547: | 77 03 78 6a 3c 46 79 1f c8 d2 a1 f8 55 56 c2 03 Aug 26 18:24:25.302550: | 11 79 25 07 71 da 49 e3 ec 7a 27 9f f6 d0 2c 8c Aug 26 18:24:25.302552: | 51 9f 58 e9 65 ef c2 23 94 ff c6 e7 6a dd 58 97 Aug 26 18:24:25.302555: | 81 eb 03 da 4b 82 47 4f 83 f2 65 8b 28 e4 fc 0b Aug 26 18:24:25.302557: | 59 35 63 a6 a0 be a5 93 c9 d5 e3 59 f8 aa 20 05 Aug 26 18:24:25.302559: | 12 db c5 bf 70 86 21 84 f0 05 37 a3 d0 58 b2 34 Aug 26 18:24:25.302562: | 65 61 b6 b4 6e a5 98 47 fb 5a fa 8a eb 92 d8 81 Aug 26 18:24:25.302564: | e5 c9 44 cd 00 71 fe 16 fb 05 26 37 38 aa 67 05 Aug 26 18:24:25.302567: | 34 39 46 b2 d2 e0 64 56 e9 32 e8 6d 9f 8a 7b c2 Aug 26 18:24:25.302570: | ef 38 5f 21 59 9a 58 47 e5 81 7f 8d c0 f4 c9 2c Aug 26 18:24:25.302573: | 15 20 40 13 a2 2f 1e 33 14 60 5f d9 94 f8 e8 61 Aug 26 18:24:25.302575: | ca be df a9 f3 8c e6 cf 01 d4 c2 84 24 7c 43 64 Aug 26 18:24:25.302578: | a7 dc 5b f5 59 57 c7 af 33 97 12 85 85 f8 c7 d4 Aug 26 18:24:25.302580: | 7b 5b ab 19 87 e8 4f 2c ac 98 3b 35 ed ed 45 b5 Aug 26 18:24:25.302583: | 24 24 4d 88 c7 48 e2 4e 53 d1 a5 10 67 35 70 47 Aug 26 18:24:25.302585: | f0 38 87 bc 05 5b 6f cd 72 fa 7f b3 54 2b ad e7 Aug 26 18:24:25.302588: | 95 21 0c e8 b9 49 d8 e5 44 67 b6 81 df c9 7a 1c Aug 26 18:24:25.302590: | 4e 70 f4 ac c5 39 5c c1 15 a0 6e 0a c7 cd 6c ff Aug 26 18:24:25.302593: | bb 02 c0 93 0f bc 48 1f 13 bf cb 66 69 69 b4 3e Aug 26 18:24:25.302596: | c5 45 eb 8c e1 d7 31 4c bf 5e 85 46 91 ed bb aa Aug 26 18:24:25.302599: | 9a 6d f1 81 69 b9 b5 0c c2 21 e9 03 89 4c 84 11 Aug 26 18:24:25.302602: | a3 38 39 7b d8 ee ab df a1 bb 90 87 cb 73 3a e3 Aug 26 18:24:25.302604: | e0 11 48 26 8f ac c6 98 56 3b 0d 5e 96 c1 15 41 Aug 26 18:24:25.302607: | d0 ff 3f 8b a8 92 cd 01 59 dd ec 7e 34 80 97 97 Aug 26 18:24:25.302609: | 41 f1 b7 3c eb 4c a3 9b 4a 5c 9c e3 11 17 35 62 Aug 26 18:24:25.302612: | 38 e5 44 be 56 02 5a 52 58 32 e9 d3 c7 21 7e 65 Aug 26 18:24:25.302618: | 77 46 84 7e a0 7e 3b 32 75 49 ff 07 69 d2 62 39 Aug 26 18:24:25.302621: | 69 5e ba e8 1e 91 50 de ab fa e8 b1 3b 0f 5a 6f Aug 26 18:24:25.302624: | d9 43 37 36 6a eb 69 d8 51 38 d8 10 33 12 85 27 Aug 26 18:24:25.302626: | 86 16 03 fd 7f 2e ab 11 54 12 97 d3 92 3a 19 f8 Aug 26 18:24:25.302629: | c8 a1 1c 71 0e 1e ae 25 bb 2e 16 Aug 26 18:24:25.302635: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.302639: | **parse ISAKMP Message: Aug 26 18:24:25.302643: | initiator cookie: Aug 26 18:24:25.302645: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.302648: | responder cookie: Aug 26 18:24:25.302650: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302654: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.302657: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.302660: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.302663: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.302666: | Message ID: 1 (0x1) Aug 26 18:24:25.302669: | length: 539 (0x21b) Aug 26 18:24:25.302672: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.302676: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:25.302681: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:25.302688: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.302692: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.302697: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.302702: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.302706: | #2 is idle Aug 26 18:24:25.302708: | #2 idle Aug 26 18:24:25.302711: | unpacking clear payload Aug 26 18:24:25.302714: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.302717: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.302721: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:25.302724: | flags: none (0x0) Aug 26 18:24:25.302727: | length: 511 (0x1ff) Aug 26 18:24:25.302729: | fragment number: 1 (0x1) Aug 26 18:24:25.302732: | total fragments: 5 (0x5) Aug 26 18:24:25.302735: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.302739: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:25.302743: | received IKE encrypted fragment number '1', total number '5', next payload '36' Aug 26 18:24:25.302746: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 18:24:25.302752: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.302758: | #1 spent 0.235 milliseconds in ikev2_process_packet() Aug 26 18:24:25.302763: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.302767: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.302770: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.302774: | spent 0.252 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.302784: | spent 0.0016 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.302794: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.302797: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302800: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.302803: | 00 02 00 05 74 12 07 0d 36 ab 26 f4 c9 aa d3 9f Aug 26 18:24:25.302806: | 93 0b 1d 9a b1 47 c6 9f 16 38 cc c7 e2 e4 34 aa Aug 26 18:24:25.302809: | 0a fe 06 47 f9 cc 73 9c e3 1a 67 20 0a b9 66 99 Aug 26 18:24:25.302811: | a8 75 2f f2 76 78 a7 5d d9 60 bb 95 b3 ce b8 96 Aug 26 18:24:25.302816: | ba 27 04 8d c6 0a 52 2e 70 61 21 84 d9 52 f3 99 Aug 26 18:24:25.302819: | 5e e8 c4 a3 e3 ee 9d 45 b8 0d 1c c3 31 bc ea 5d Aug 26 18:24:25.302821: | de a1 79 f6 b7 1a 6d 5d d1 d7 04 23 dd 31 e2 53 Aug 26 18:24:25.302824: | 59 9b 8c f9 ad 95 17 c7 01 e5 cd 29 ef 89 7a 44 Aug 26 18:24:25.302826: | 74 38 96 49 c1 d7 d4 08 57 9f 04 66 b6 bf 42 ac Aug 26 18:24:25.302829: | 86 4b cd ad ed 20 ca a9 a3 9e f5 cf b3 23 92 06 Aug 26 18:24:25.302832: | d7 d5 0d c5 f6 66 fc 42 d6 0a b1 5c 70 10 33 fa Aug 26 18:24:25.302834: | db 4b 37 2d 92 9d 98 b7 ac b9 09 e9 6a 68 b1 e9 Aug 26 18:24:25.302837: | 7a a1 87 37 d6 c9 23 77 02 52 c1 82 32 82 33 a3 Aug 26 18:24:25.302839: | aa 43 a1 35 b6 12 22 ba 9d 75 2c 89 bf e6 a3 8a Aug 26 18:24:25.302842: | f3 5c 8b ec d5 7f dd 1a 72 d6 e9 c9 ad bb 97 ae Aug 26 18:24:25.302844: | 33 f7 f4 10 39 21 c8 59 40 32 77 de 48 3e da fe Aug 26 18:24:25.302847: | cf e5 89 e0 73 bb 62 01 48 77 65 4d 3a 62 c5 d5 Aug 26 18:24:25.302849: | 4a 9c 47 0e bf 20 15 ee c2 ca 08 20 52 a7 e2 de Aug 26 18:24:25.302852: | a8 76 35 3c 89 e2 6e 45 5a 0b 78 cc 79 e5 2e 2b Aug 26 18:24:25.302855: | c4 77 71 be df 06 8c dc aa 31 36 e0 44 37 bb cc Aug 26 18:24:25.302857: | 67 d9 20 e2 2a c3 d0 0e d1 14 d7 0f f0 30 8a 61 Aug 26 18:24:25.302860: | 60 b1 f7 59 3b 12 e4 5e 83 de cb 7f 82 ca 40 af Aug 26 18:24:25.302862: | 09 80 de 0f b1 d6 89 90 d6 72 61 e4 0e 68 c3 17 Aug 26 18:24:25.302865: | d3 a2 04 5e 15 2f f5 f4 4f e7 f2 f2 a8 26 a5 ca Aug 26 18:24:25.302867: | 63 33 13 51 49 e0 45 b2 1d 77 0a b4 ba 13 cc da Aug 26 18:24:25.302870: | 52 bb b6 41 5d 95 04 21 e3 e7 c4 89 95 9a 3c a4 Aug 26 18:24:25.302872: | 26 71 ce ae 40 d8 f4 7d 5f c8 d9 2f a9 b2 32 6b Aug 26 18:24:25.302875: | 08 c6 5a 14 12 87 7f 07 1e 08 5f 61 ed 57 13 70 Aug 26 18:24:25.302877: | e7 7b 64 33 b0 21 d2 3d 8d a4 3a f5 dd f7 90 05 Aug 26 18:24:25.302880: | f8 99 af 34 99 78 36 51 11 03 f6 f2 60 d0 15 eb Aug 26 18:24:25.302882: | de c0 08 5f 0a a5 d3 67 4c 68 10 d0 e8 29 17 47 Aug 26 18:24:25.302885: | 7c 49 b5 ab 09 a5 59 bf 76 74 63 Aug 26 18:24:25.302889: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.302893: | **parse ISAKMP Message: Aug 26 18:24:25.302896: | initiator cookie: Aug 26 18:24:25.302898: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.302901: | responder cookie: Aug 26 18:24:25.302903: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.302906: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.302909: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.302912: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.302915: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.302917: | Message ID: 1 (0x1) Aug 26 18:24:25.302920: | length: 539 (0x21b) Aug 26 18:24:25.302923: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.302926: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:25.302930: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:25.302936: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.302940: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.302944: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.302949: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.302952: | #2 is idle Aug 26 18:24:25.302955: | #2 idle Aug 26 18:24:25.302958: | unpacking clear payload Aug 26 18:24:25.302960: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.302963: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.302966: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.302970: | flags: none (0x0) Aug 26 18:24:25.302973: | length: 511 (0x1ff) Aug 26 18:24:25.302976: | fragment number: 2 (0x2) Aug 26 18:24:25.302979: | total fragments: 5 (0x5) Aug 26 18:24:25.302981: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.302985: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:25.302988: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 18:24:25.302994: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.303000: | #1 spent 0.21 milliseconds in ikev2_process_packet() Aug 26 18:24:25.303004: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.303008: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.303011: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.303015: | spent 0.226 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.303023: | spent 0.00154 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.303033: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.303036: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303038: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.303041: | 00 03 00 05 03 e5 df 96 9e 84 14 c9 00 64 49 4e Aug 26 18:24:25.303043: | 8b 45 2c b5 56 0a 65 b6 b3 08 53 d9 b0 c6 b4 d0 Aug 26 18:24:25.303046: | cc 4f 82 81 b6 70 d5 ff d5 ae 05 bf e3 98 13 67 Aug 26 18:24:25.303048: | 89 10 95 ff a8 97 28 b2 e5 eb d0 ba 1f 93 86 ea Aug 26 18:24:25.303051: | d5 6e 83 50 0e 24 a1 c9 a4 ce 65 d9 56 15 e5 6a Aug 26 18:24:25.303053: | 2f 55 ba 19 8d 09 d6 fc 4e 94 ce f1 91 8c 5e cd Aug 26 18:24:25.303055: | ae bc a0 c9 50 ba 01 03 da 8f 03 a5 55 3a 62 6b Aug 26 18:24:25.303058: | 58 69 34 16 67 39 5b 83 b8 ee 6c bf fa fa 2c be Aug 26 18:24:25.303060: | 45 74 5f 50 f3 1e 37 d4 3c 75 db a6 3a 1c fe 4a Aug 26 18:24:25.303063: | d0 e0 c4 35 49 3f f9 0d 7c f5 20 ec f3 91 de fd Aug 26 18:24:25.303065: | db 86 f9 72 c7 a2 7a 36 f5 e1 9f b6 99 de 0b c4 Aug 26 18:24:25.303068: | b8 5c 7f fd 3c c2 13 79 5b 8d 02 66 42 95 f3 12 Aug 26 18:24:25.303071: | 3d 84 f3 82 9f a9 32 65 5f d1 84 77 5d 1d f5 02 Aug 26 18:24:25.303074: | 7e d1 98 f1 6b ac 36 39 76 12 e9 d9 78 1a 74 e7 Aug 26 18:24:25.303077: | ef f6 66 39 95 0d 63 bb 15 dd c9 57 0b c2 8a 57 Aug 26 18:24:25.303080: | 35 b0 df a2 11 7e 8a c8 2c d3 46 12 7e 87 45 d6 Aug 26 18:24:25.303083: | 9f 93 46 6c 2d ba 1f 3d d7 34 ea 65 f5 53 cb e4 Aug 26 18:24:25.303085: | c1 1f a0 a8 a7 e7 f1 c5 6e f3 a3 d4 36 d8 8e aa Aug 26 18:24:25.303088: | ea 02 d2 c7 ae 81 79 44 79 9a b0 38 a7 71 2e ab Aug 26 18:24:25.303090: | b0 c0 41 f1 84 23 b3 fa 2f 51 62 61 20 ca 47 64 Aug 26 18:24:25.303093: | 1d 21 56 eb 85 3c dd 2a 8d 94 29 10 9c f2 5b cb Aug 26 18:24:25.303095: | ea 4b 92 e8 45 e9 27 60 ed e8 59 a9 04 9a a4 2f Aug 26 18:24:25.303097: | 1e 92 d8 34 2b 25 f3 8f 82 6a c7 bf f6 e3 e8 9c Aug 26 18:24:25.303100: | 1c 82 55 66 4e 76 2a e4 50 74 eb 1e 30 e4 2b 91 Aug 26 18:24:25.303102: | f0 52 83 bf 46 d8 5d 1a 26 2f f6 63 b5 85 87 86 Aug 26 18:24:25.303105: | 67 b0 3f 76 04 a9 1a 57 0a 93 6e a5 e7 a2 99 56 Aug 26 18:24:25.303107: | a4 bf e0 e3 2f 82 8c bd d0 22 6a 8e 8c da 0b d4 Aug 26 18:24:25.303110: | a4 15 73 ad 6a 6d 90 80 6c 98 73 e6 f0 34 e2 21 Aug 26 18:24:25.303112: | 8a 7d bb 22 63 ed ba a1 04 7a f7 f5 c5 cd 74 20 Aug 26 18:24:25.303115: | 57 25 cf 28 cb e9 d8 ef e1 2d 8d 9f 13 43 70 34 Aug 26 18:24:25.303118: | 57 06 32 83 69 29 9d 84 84 a5 6e 36 e2 45 55 b2 Aug 26 18:24:25.303120: | 89 44 4a 5a 93 64 7e 0b da e2 a3 Aug 26 18:24:25.303124: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.303128: | **parse ISAKMP Message: Aug 26 18:24:25.303132: | initiator cookie: Aug 26 18:24:25.303135: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.303138: | responder cookie: Aug 26 18:24:25.303140: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303142: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.303145: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.303149: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.303152: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.303154: | Message ID: 1 (0x1) Aug 26 18:24:25.303157: | length: 539 (0x21b) Aug 26 18:24:25.303160: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.303164: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:25.303167: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:25.303174: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.303177: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.303182: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303186: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303189: | #2 is idle Aug 26 18:24:25.303191: | #2 idle Aug 26 18:24:25.303194: | unpacking clear payload Aug 26 18:24:25.303196: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.303199: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.303202: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.303204: | flags: none (0x0) Aug 26 18:24:25.303207: | length: 511 (0x1ff) Aug 26 18:24:25.303209: | fragment number: 3 (0x3) Aug 26 18:24:25.303212: | total fragments: 5 (0x5) Aug 26 18:24:25.303214: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.303217: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:25.303220: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 18:24:25.303225: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.303231: | #1 spent 0.203 milliseconds in ikev2_process_packet() Aug 26 18:24:25.303235: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.303239: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.303243: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.303247: | spent 0.22 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.303256: | spent 0.00178 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.303266: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.303269: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303272: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:25.303275: | 00 04 00 05 00 b7 74 a2 bf ac 17 39 a7 56 4d 74 Aug 26 18:24:25.303277: | a6 a8 65 b8 10 25 b2 5b 09 76 d8 e8 f7 2c 8c 65 Aug 26 18:24:25.303280: | 15 e3 ad c4 b9 cf be 17 44 f5 30 b1 e1 db 8c 6d Aug 26 18:24:25.303283: | 42 31 e4 34 73 7a dd d7 03 6f 8a 91 4e af 9d 00 Aug 26 18:24:25.303285: | 09 1a 35 c5 58 2e 27 4a f0 31 45 a0 d1 15 bf 50 Aug 26 18:24:25.303292: | 14 7c b6 21 48 01 f5 57 13 e8 ce 3f 77 78 44 e8 Aug 26 18:24:25.303299: | 1e 2c 5a 3c b3 f0 9c 5c 8a 68 25 d1 64 7c 38 b5 Aug 26 18:24:25.303302: | 46 80 1c 1f f5 2e c9 f1 bd 42 fc 1a 73 e9 3b a6 Aug 26 18:24:25.303305: | 21 47 b9 28 5a 21 06 5a 1d 13 8d 9c 7f ba eb 42 Aug 26 18:24:25.303308: | f3 db e9 95 b9 da 05 37 23 7d 87 6b ec ae b0 92 Aug 26 18:24:25.303311: | ec 4b 96 91 c0 02 b3 82 7a e1 b3 13 f9 b3 65 44 Aug 26 18:24:25.303314: | 55 c7 b6 56 dd 73 9d db 99 46 1b 0a 91 93 82 9e Aug 26 18:24:25.303319: | 95 3a bf 07 5e 72 c9 22 7a c1 3c fe 02 71 bf cd Aug 26 18:24:25.303323: | cf 3f 0c 4c ec 49 58 a5 28 59 3c b6 2c a3 8b 0d Aug 26 18:24:25.303326: | 43 6e 9b d8 89 f2 20 73 08 a5 dd d7 5e 48 6b e6 Aug 26 18:24:25.303329: | f4 1a a9 5c 7d 1f 23 a2 b6 ac 20 fb 09 af a7 0b Aug 26 18:24:25.303331: | 6d 77 d8 66 13 6e 4e 50 ff e4 92 b9 19 dc ca fa Aug 26 18:24:25.303334: | 25 7d ea be af f1 ac 79 f4 22 3c 37 6c ec cc 5f Aug 26 18:24:25.303337: | d7 32 59 56 04 dd 71 1d 8f af 4e a3 75 2a e3 0a Aug 26 18:24:25.303340: | 80 14 21 4b 97 55 cf d0 56 86 02 a8 e5 9f a4 39 Aug 26 18:24:25.303343: | b0 78 76 cb c0 f4 de 4d 5b 44 95 40 0e ff 50 72 Aug 26 18:24:25.303345: | 51 79 57 6c 1f e1 f2 41 31 1a 64 99 90 dc c2 c0 Aug 26 18:24:25.303348: | 37 b1 7c 39 2b 3b 1d 4a 04 87 3a e0 33 6f c6 01 Aug 26 18:24:25.303350: | 1d 15 be d8 06 be 36 19 52 00 37 bd 20 d1 4f 79 Aug 26 18:24:25.303353: | e1 25 9e dc 51 73 53 56 22 e9 57 a5 d7 bf a1 fb Aug 26 18:24:25.303355: | 89 ca f6 4e 06 bb d6 b0 96 15 9e 53 07 55 55 69 Aug 26 18:24:25.303358: | 95 d0 d7 93 6f 28 de 56 2e d0 00 14 84 1d 72 cd Aug 26 18:24:25.303360: | d6 78 f5 c7 db 5d 63 82 fb 0e c4 54 91 1c da 23 Aug 26 18:24:25.303363: | f7 7c 1d b0 ce 20 ea c9 4a 1b a9 ed 94 74 cd fa Aug 26 18:24:25.303365: | 13 4f 8d da 11 49 90 30 bc 47 e7 4d ca d7 47 33 Aug 26 18:24:25.303368: | b4 1e 92 21 8e 04 5f a8 12 cc a6 7a 3c a7 72 3a Aug 26 18:24:25.303371: | 03 e5 bb 5a 81 30 42 93 da f2 eb Aug 26 18:24:25.303375: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.303378: | **parse ISAKMP Message: Aug 26 18:24:25.303381: | initiator cookie: Aug 26 18:24:25.303384: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.303386: | responder cookie: Aug 26 18:24:25.303389: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303392: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.303395: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.303398: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.303401: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.303404: | Message ID: 1 (0x1) Aug 26 18:24:25.303408: | length: 539 (0x21b) Aug 26 18:24:25.303411: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.303416: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:25.303420: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:25.303427: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.303431: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.303437: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303442: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303445: | #2 is idle Aug 26 18:24:25.303447: | #2 idle Aug 26 18:24:25.303450: | unpacking clear payload Aug 26 18:24:25.303452: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.303455: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.303458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.303461: | flags: none (0x0) Aug 26 18:24:25.303464: | length: 511 (0x1ff) Aug 26 18:24:25.303466: | fragment number: 4 (0x4) Aug 26 18:24:25.303469: | total fragments: 5 (0x5) Aug 26 18:24:25.303471: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:25.303475: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:25.303478: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 18:24:25.303483: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.303492: | #1 spent 0.227 milliseconds in ikev2_process_packet() Aug 26 18:24:25.303497: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.303501: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.303505: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.303510: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.303520: | spent 0.00179 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.303532: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.303535: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303537: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 18:24:25.303539: | 00 05 00 05 be 4b dd 74 6a 05 e4 b1 2e 34 99 75 Aug 26 18:24:25.303541: | 0a f1 74 e8 99 cc ea 2a 51 bf 2f c0 0b c1 24 f9 Aug 26 18:24:25.303544: | 30 72 d9 d8 cd 22 91 9f 22 6d 55 02 b5 d8 1a 00 Aug 26 18:24:25.303546: | 03 Aug 26 18:24:25.303550: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.303553: | **parse ISAKMP Message: Aug 26 18:24:25.303556: | initiator cookie: Aug 26 18:24:25.303558: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.303561: | responder cookie: Aug 26 18:24:25.303563: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.303566: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:25.303569: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.303571: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:25.303574: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.303577: | Message ID: 1 (0x1) Aug 26 18:24:25.303579: | length: 81 (0x51) Aug 26 18:24:25.303582: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:25.303586: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:25.303589: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:25.303594: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.303597: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.303602: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303606: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.303609: | #2 is idle Aug 26 18:24:25.303612: | #2 idle Aug 26 18:24:25.303615: | unpacking clear payload Aug 26 18:24:25.303618: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:25.303622: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:25.303625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.303628: | flags: none (0x0) Aug 26 18:24:25.303631: | length: 53 (0x35) Aug 26 18:24:25.303634: | fragment number: 5 (0x5) Aug 26 18:24:25.303637: | total fragments: 5 (0x5) Aug 26 18:24:25.303640: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Aug 26 18:24:25.303644: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:25.303648: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 18:24:25.303681: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:25.303687: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:25.303691: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:25.303694: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 18:24:25.303697: | flags: none (0x0) Aug 26 18:24:25.303700: | length: 191 (0xbf) Aug 26 18:24:25.303704: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:25.303707: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 18:24:25.303710: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 18:24:25.303717: | **parse IKEv2 Certificate Payload: Aug 26 18:24:25.303720: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:25.303723: | flags: none (0x0) Aug 26 18:24:25.303725: | length: 1265 (0x4f1) Aug 26 18:24:25.303728: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:25.303731: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Aug 26 18:24:25.303733: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:25.303736: | **parse IKEv2 Authentication Payload: Aug 26 18:24:25.303739: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.303741: | flags: none (0x0) Aug 26 18:24:25.303744: | length: 392 (0x188) Aug 26 18:24:25.303747: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:25.303750: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 18:24:25.303753: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.303755: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.303758: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.303761: | flags: none (0x0) Aug 26 18:24:25.303763: | length: 36 (0x24) Aug 26 18:24:25.303766: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:25.303768: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.303771: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.303774: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.303776: | flags: none (0x0) Aug 26 18:24:25.303779: | length: 24 (0x18) Aug 26 18:24:25.303781: | number of TS: 1 (0x1) Aug 26 18:24:25.303784: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.303786: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.303789: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.303792: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.303794: | flags: none (0x0) Aug 26 18:24:25.303797: | length: 24 (0x18) Aug 26 18:24:25.303799: | number of TS: 1 (0x1) Aug 26 18:24:25.303802: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.303805: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:25.303808: | Now let's proceed with state specific processing Aug 26 18:24:25.303810: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:25.303818: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:24:25.303822: loading root certificate cache Aug 26 18:24:25.307642: | spent 3.78 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:24:25.307690: | spent 0.0312 milliseconds in get_root_certs() filtering CAs Aug 26 18:24:25.307698: | #1 spent 3.85 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:24:25.307703: | checking for known CERT payloads Aug 26 18:24:25.307706: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:24:25.307749: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.307756: | #1 spent 0.0523 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:24:25.307761: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.307807: | #1 spent 0.0452 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:24:25.307812: | missing or expired CRL Aug 26 18:24:25.307816: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:24:25.307818: | verify_end_cert trying profile IPsec Aug 26 18:24:25.307952: | certificate is valid (profile IPsec) Aug 26 18:24:25.307962: | #1 spent 0.145 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:24:25.307970: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:25.308079: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc73be08 Aug 26 18:24:25.308094: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc73b448 Aug 26 18:24:25.308098: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc732b98 Aug 26 18:24:25.308101: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc734b88 Aug 26 18:24:25.308104: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e6cc73e628 Aug 26 18:24:25.308361: | unreference key: 0x55e6cc741468 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:25.308375: | #1 spent 0.349 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:24:25.308380: | #1 spent 4.5 milliseconds in decode_certs() Aug 26 18:24:25.308385: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:25.308388: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:25.308390: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:25.308393: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:25.308396: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:25.308398: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:25.308401: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:25.308403: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.308406: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:25.308409: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:25.308411: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:25.308414: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 18:24:25.308427: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:25.308431: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 18:24:25.308434: | X509: CERT and ID matches current connection Aug 26 18:24:25.308441: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.308448: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:25.308500: | verifying AUTH payload Aug 26 18:24:25.308517: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.308529: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:25.308536: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.308543: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.308549: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.308711: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 18:24:25.308719: | #1 spent 0.164 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:25.308723: "northnet-eastnets/0x1" #2: Authenticated using RSA Aug 26 18:24:25.308747: | #1 spent 0.23 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:25.308753: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:25.308759: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:25.308764: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:25.308771: | libevent_free: release ptr-libevent@0x7fe834002888 Aug 26 18:24:25.308774: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e6cc71bde8 Aug 26 18:24:25.308777: | event_schedule: new EVENT_SA_REKEY-pe@0x55e6cc71bde8 Aug 26 18:24:25.308781: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:25.308785: | libevent_malloc: new ptr-libevent@0x55e6cc744228 size 128 Aug 26 18:24:25.308870: | pstats #1 ikev2.ike established Aug 26 18:24:25.308876: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.308880: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.308882: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.308884: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.308886: | length: 16 (0x10) Aug 26 18:24:25.308888: | start port: 0 (0x0) Aug 26 18:24:25.308891: | end port: 65535 (0xffff) Aug 26 18:24:25.308893: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.308895: | TS low c0 00 03 00 Aug 26 18:24:25.308898: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.308900: | TS high c0 00 03 ff Aug 26 18:24:25.308902: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.308904: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.308906: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.308908: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.308910: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.308912: | length: 16 (0x10) Aug 26 18:24:25.308914: | start port: 0 (0x0) Aug 26 18:24:25.308916: | end port: 65535 (0xffff) Aug 26 18:24:25.308918: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.308920: | TS low c0 00 02 00 Aug 26 18:24:25.308922: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.308924: | TS high c0 00 02 ff Aug 26 18:24:25.308926: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.308930: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:25.308935: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.308940: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.308943: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.308945: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.308947: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.308950: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.308953: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.308958: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:25.308960: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.308962: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.308964: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.308966: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.308968: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.308971: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:25.308972: | printing contents struct traffic_selector Aug 26 18:24:25.308974: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.308976: | ipprotoid: 0 Aug 26 18:24:25.308978: | port range: 0-65535 Aug 26 18:24:25.308981: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.308983: | printing contents struct traffic_selector Aug 26 18:24:25.308985: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.308987: | ipprotoid: 0 Aug 26 18:24:25.308991: | port range: 0-65535 Aug 26 18:24:25.308993: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:25.309005: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:25.309008: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:25.309011: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.309013: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.309016: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.309018: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.309020: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.309023: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:25.309025: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.309027: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.309029: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.309031: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.309033: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.309036: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:25.309038: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.309040: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.309042: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.309044: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.309046: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.309048: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:25.309050: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.309052: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.309054: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.309056: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.309058: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.309061: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:25.309064: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.309066: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.309068: | length: 32 (0x20) Aug 26 18:24:25.309070: | prop #: 1 (0x1) Aug 26 18:24:25.309072: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.309074: | spi size: 4 (0x4) Aug 26 18:24:25.309076: | # transforms: 2 (0x2) Aug 26 18:24:25.309079: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.309081: | remote SPI 68 2f 54 e6 Aug 26 18:24:25.309083: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:25.309086: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.309088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.309090: | length: 12 (0xc) Aug 26 18:24:25.309092: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.309094: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.309097: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.309099: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.309101: | length/value: 256 (0x100) Aug 26 18:24:25.309105: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.309107: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.309109: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.309111: | length: 8 (0x8) Aug 26 18:24:25.309113: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.309115: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.309119: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.309122: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:25.309125: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:25.309127: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.309130: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:25.309134: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=682f54e6;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:25.309136: | converting proposal to internal trans attrs Aug 26 18:24:25.309142: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.309267: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:25.309271: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:24:25.309274: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.309277: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.309280: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.309283: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.309286: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.309295: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.309305: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.309309: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.309311: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.309314: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.309318: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.309322: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:25.309327: | netlink: enabling tunnel mode Aug 26 18:24:25.309333: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.309336: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.309413: | netlink response for Add SA esp.682f54e6@192.1.2.23 included non-error error Aug 26 18:24:25.309419: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.309424: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.309427: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.309563: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.309572: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.309576: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.309580: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:25.309582: | netlink: enabling tunnel mode Aug 26 18:24:25.309585: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.309588: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.309639: | netlink response for Add SA esp.cc5e1e56@192.1.3.33 included non-error error Aug 26 18:24:25.309647: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:25.309656: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:25.309661: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.309696: | raw_eroute result=success Aug 26 18:24:25.309702: | set up incoming SA, ref=0/0 Aug 26 18:24:25.309705: | sr for #2: unrouted Aug 26 18:24:25.309708: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.309711: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.309715: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.309719: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.309722: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.309728: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.309732: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.309737: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:25.309740: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:25.309750: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:25.309754: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.309771: | raw_eroute result=success Aug 26 18:24:25.309778: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.309781: | command executing up-client Aug 26 18:24:25.309811: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.309818: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.309835: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:24:25.309838: | popen cmd is 1406 chars long Aug 26 18:24:25.309878: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.309882: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 18:24:25.309885: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 18:24:25.309888: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:25.309891: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:25.309894: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 18:24:25.309897: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:25.309899: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 18:24:25.309902: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:24:25.309905: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:25.309908: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.309910: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 18:24:25.309913: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Aug 26 18:24:25.309916: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:24:25.309919: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:24:25.309922: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:24:25.309927: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:24:25.309930: | cmd(1360):682f54e6 SPI_OUT=0xcc5e1e56 ipsec _updown 2>&1: Aug 26 18:24:25.320513: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.320536: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:25.320541: | command executing prepare-client Aug 26 18:24:25.320604: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.320613: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.320643: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 18:24:25.320647: | popen cmd is 1411 chars long Aug 26 18:24:25.320651: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:25.320655: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:25.320659: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.320663: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:25.320666: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:25.320670: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 18:24:25.320674: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 18:24:25.320677: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 18:24:25.320681: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:24:25.320685: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:25.320688: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:25.320692: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:25.320695: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 18:24:25.320699: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 18:24:25.320703: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 18:24:25.320706: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 18:24:25.320710: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 18:24:25.320713: | cmd(1360):IN=0x682f54e6 SPI_OUT=0xcc5e1e56 ipsec _updown 2>&1: Aug 26 18:24:25.332354: | running updown command "ipsec _updown" for verb route Aug 26 18:24:25.332378: | command executing route-client Aug 26 18:24:25.332416: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.332988: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.333019: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 18:24:25.333826: | popen cmd is 1409 chars long Aug 26 18:24:25.333832: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:25.333836: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 18:24:25.333839: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 18:24:25.333842: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:25.333845: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:25.333847: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:25.333850: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:25.333853: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 18:24:25.333856: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:24:25.333859: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:24:25.333861: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 18:24:25.333864: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 18:24:25.333867: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Aug 26 18:24:25.333870: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 18:24:25.333873: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 18:24:25.333876: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 18:24:25.333878: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 18:24:25.333881: | cmd(1360):=0x682f54e6 SPI_OUT=0xcc5e1e56 ipsec _updown 2>&1: Aug 26 18:24:25.352713: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55e6cc712008,sr=0x55e6cc712008} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.353040: | #1 spent 2.32 milliseconds in install_ipsec_sa() Aug 26 18:24:25.353053: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:25.353057: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:25.353065: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:25.353077: | libevent_free: release ptr-libevent@0x55e6cc72b498 Aug 26 18:24:25.353085: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fe834002b78 Aug 26 18:24:25.353091: | #2 spent 7.73 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:25.353101: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.353105: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:25.353109: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:25.353113: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:25.353117: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:25.353122: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:25.353127: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.353131: | pstats #2 ikev2.child established Aug 26 18:24:25.353140: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:25.353521: | NAT-T: encaps is 'auto' Aug 26 18:24:25.353530: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x682f54e6 <0xcc5e1e56 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.353543: | releasing whack for #2 (sock=fd@26) Aug 26 18:24:25.353547: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:24:25.353550: | releasing whack and unpending for parent #1 Aug 26 18:24:25.353553: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 18:24:25.353560: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Aug 26 18:24:25.353564: | removing pending policy for no connection {0x55e6cc6fe9a8} Aug 26 18:24:25.353570: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:25.353579: | creating state object #3 at 0x55e6cc732098 Aug 26 18:24:25.353582: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:25.353592: | pstats #3 ikev2.child started Aug 26 18:24:25.353595: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 18:24:25.353601: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.353612: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.353618: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:25.353622: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:25.353626: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 18:24:25.353629: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:25.353633: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Aug 26 18:24:25.353638: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.353644: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.353648: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.353652: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.353655: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.353659: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.353665: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.353669: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.353677: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.353688: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 18:24:25.353691: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fe834002b78 Aug 26 18:24:25.353695: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:24:25.353699: | libevent_malloc: new ptr-libevent@0x55e6cc741308 size 128 Aug 26 18:24:25.353707: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:25.353711: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:25.353714: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Aug 26 18:24:25.353717: | removing pending policy for no connection {0x55e6cc5ff898} Aug 26 18:24:25.353721: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:24:25.353726: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:25.353729: | event_schedule: new EVENT_SA_REKEY-pe@0x55e6cc734de8 Aug 26 18:24:25.353732: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:25.353735: | libevent_malloc: new ptr-libevent@0x55e6cc714808 size 128 Aug 26 18:24:25.353738: | libevent_realloc: release ptr-libevent@0x55e6cc6ab268 Aug 26 18:24:25.353743: | libevent_realloc: new ptr-libevent@0x55e6cc713ee8 size 128 Aug 26 18:24:25.353747: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.353752: | #1 spent 8.64 milliseconds in ikev2_process_packet() Aug 26 18:24:25.353758: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.353761: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.353765: | spent 8.66 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.353782: | timer_event_cb: processing event@0x7fe834002b78 Aug 26 18:24:25.353785: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:24:25.353790: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:25.353796: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:24:25.353799: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:25.353802: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.353805: | libevent_malloc: new ptr-libevent@0x55e6cc7131a8 size 128 Aug 26 18:24:25.353813: | libevent_free: release ptr-libevent@0x55e6cc741308 Aug 26 18:24:25.353816: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fe834002b78 Aug 26 18:24:25.353820: | crypto helper 0 resuming Aug 26 18:24:25.353821: | #3 spent 0.0381 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:25.353835: | crypto helper 0 starting work-order 3 for state #3 Aug 26 18:24:25.353842: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:25.353846: | crypto helper 0 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 18:24:25.353846: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.353856: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.353862: | spent 0.00691 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.353865: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.353868: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.353872: | spent 0.00348 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.353874: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.353878: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.353881: | spent 0.00343 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.355564: | crypto helper 0 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.001717 seconds Aug 26 18:24:25.355579: | (#3) spent 0.906 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 18:24:25.355582: | crypto helper 0 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:25.355585: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.355587: | libevent_malloc: new ptr-libevent@0x7fe830002888 size 128 Aug 26 18:24:25.355595: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:25.355604: | processing resume sending helper answer for #3 Aug 26 18:24:25.355616: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.355620: | crypto helper 0 replies to request ID 3 Aug 26 18:24:25.355623: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:25.355628: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 18:24:25.355631: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.355635: | libevent_free: release ptr-libevent@0x55e6cc7131a8 Aug 26 18:24:25.355639: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:25.355642: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:25.355646: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 18:24:25.355649: | libevent_malloc: new ptr-libevent@0x55e6cc7131a8 size 128 Aug 26 18:24:25.355654: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.355658: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:25.355661: | libevent_malloc: new ptr-libevent@0x55e6cc741308 size 128 Aug 26 18:24:25.355666: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.355670: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 18:24:25.355673: | suspending state #3 and saving MD Aug 26 18:24:25.355676: | #3 is busy; has a suspended MD Aug 26 18:24:25.355680: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.355684: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.355687: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 18:24:25.355692: | #3 spent 0.0708 milliseconds in resume sending helper answer Aug 26 18:24:25.355696: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.355699: | libevent_free: release ptr-libevent@0x7fe830002888 Aug 26 18:24:25.355704: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:25.355709: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 18:24:25.355714: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.355719: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:25.355727: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:25.355752: | **emit ISAKMP Message: Aug 26 18:24:25.355755: | initiator cookie: Aug 26 18:24:25.355758: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.355760: | responder cookie: Aug 26 18:24:25.355763: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.355766: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.355769: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.355772: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.355776: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.355778: | Message ID: 2 (0x2) Aug 26 18:24:25.355782: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.355785: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.355788: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.355790: | flags: none (0x0) Aug 26 18:24:25.355794: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.355797: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.355800: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.355828: | netlink_get_spi: allocated 0xb2cb20e3 for esp.0@192.1.3.33 Aug 26 18:24:25.355832: | Emitting ikev2_proposals ... Aug 26 18:24:25.355834: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.355837: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.355840: | flags: none (0x0) Aug 26 18:24:25.355843: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.355846: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.355849: | discarding INTEG=NONE Aug 26 18:24:25.355852: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.355855: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.355857: | prop #: 1 (0x1) Aug 26 18:24:25.355860: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.355863: | spi size: 4 (0x4) Aug 26 18:24:25.355865: | # transforms: 3 (0x3) Aug 26 18:24:25.355868: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.355871: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.355874: | our spi b2 cb 20 e3 Aug 26 18:24:25.355877: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.355880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.355883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.355886: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.355889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.355892: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.355894: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.355897: | length/value: 256 (0x100) Aug 26 18:24:25.355900: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.355903: | discarding INTEG=NONE Aug 26 18:24:25.355906: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.355908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.355911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.355914: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.355917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.355920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.355924: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.355927: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.355930: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.355933: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.355935: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.355938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.355941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.355944: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.355947: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.355949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.355952: | discarding INTEG=NONE Aug 26 18:24:25.355955: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.355957: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.355960: | prop #: 2 (0x2) Aug 26 18:24:25.355963: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.355965: | spi size: 4 (0x4) Aug 26 18:24:25.355967: | # transforms: 3 (0x3) Aug 26 18:24:25.355971: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.355974: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.355977: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.355979: | our spi b2 cb 20 e3 Aug 26 18:24:25.355982: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.355984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.355987: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.355989: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.355992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.355995: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.355998: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.356000: | length/value: 128 (0x80) Aug 26 18:24:25.356003: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.356005: | discarding INTEG=NONE Aug 26 18:24:25.356008: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356013: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.356016: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.356019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356025: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356027: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356030: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.356032: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.356035: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.356038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356047: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.356050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.356053: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.356056: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.356058: | prop #: 3 (0x3) Aug 26 18:24:25.356061: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.356063: | spi size: 4 (0x4) Aug 26 18:24:25.356066: | # transforms: 5 (0x5) Aug 26 18:24:25.356069: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.356072: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.356075: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.356077: | our spi b2 cb 20 e3 Aug 26 18:24:25.356080: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356085: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.356088: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.356091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356093: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.356096: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.356099: | length/value: 256 (0x100) Aug 26 18:24:25.356101: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.356104: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356109: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.356112: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.356115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356120: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356123: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356128: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.356131: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.356134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356142: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356144: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.356149: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.356153: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356158: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356161: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356163: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.356167: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.356170: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.356174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356177: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356179: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356182: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:25.356185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.356187: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.356191: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.356193: | prop #: 4 (0x4) Aug 26 18:24:25.356196: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.356198: | spi size: 4 (0x4) Aug 26 18:24:25.356201: | # transforms: 5 (0x5) Aug 26 18:24:25.356204: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.356207: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.356210: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.356213: | our spi b2 cb 20 e3 Aug 26 18:24:25.356216: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356221: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.356223: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.356226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356229: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.356232: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.356234: | length/value: 128 (0x80) Aug 26 18:24:25.356237: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.356239: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356245: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.356247: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.356250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356256: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356259: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356261: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356264: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.356266: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.356270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.356275: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.356278: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.356281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.356283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.356286: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.357862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.357879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.357885: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.357888: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.357892: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.357895: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.357898: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.357901: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.357904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.357907: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.357910: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:25.357913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.357916: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:25.357920: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.357923: | ****emit IKEv2 Nonce Payload: Aug 26 18:24:25.357926: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.357929: | flags: none (0x0) Aug 26 18:24:25.357932: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.357935: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.357939: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.357942: | IKEv2 nonce 81 58 76 d2 bd 4a da 69 3b b4 90 d4 e9 d0 e6 6d Aug 26 18:24:25.357945: | IKEv2 nonce 7b fe c6 a6 00 86 a6 7d 5a e4 23 8e f3 6c 82 56 Aug 26 18:24:25.357948: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.357950: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.357953: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.357956: | flags: none (0x0) Aug 26 18:24:25.357959: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.357962: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.357965: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.357968: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.357971: | ikev2 g^x b2 5d fc ef ae e3 44 ab 62 e5 d9 18 6b a3 79 02 Aug 26 18:24:25.357974: | ikev2 g^x 83 aa ac 81 78 78 20 e8 be 79 02 7c fe 15 b3 77 Aug 26 18:24:25.357976: | ikev2 g^x bc 0f 38 c1 65 d6 9f eb 7f 5c 49 f2 85 cd fa 68 Aug 26 18:24:25.357979: | ikev2 g^x 75 88 7f 29 5a 20 a4 4e 54 bb f2 07 15 8f 21 a9 Aug 26 18:24:25.357981: | ikev2 g^x d4 7f 7c 3e 24 85 87 75 f2 48 f3 db 2a 04 3d be Aug 26 18:24:25.357984: | ikev2 g^x 02 a5 cf 19 5d 5d 06 75 42 8c bf 07 65 60 42 58 Aug 26 18:24:25.357986: | ikev2 g^x 7e 1e 45 77 eb aa 88 bb 3b 6a ce 16 0e a3 fb 60 Aug 26 18:24:25.357989: | ikev2 g^x 1b 75 65 d4 eb af a0 9a 39 77 8b f8 30 e6 9d a5 Aug 26 18:24:25.357991: | ikev2 g^x 83 43 2b ab d1 f9 f6 5b 2b e6 de b6 56 8e 2a 1b Aug 26 18:24:25.357994: | ikev2 g^x 94 00 cd 11 69 be 47 31 a5 63 75 d6 f6 a8 33 25 Aug 26 18:24:25.357996: | ikev2 g^x 77 9f 9c 3d 69 90 4f f4 c7 03 d9 6b 21 1d 23 20 Aug 26 18:24:25.357999: | ikev2 g^x de fa aa 43 46 9a 86 e3 64 30 78 ea b7 94 b6 e0 Aug 26 18:24:25.358005: | ikev2 g^x e2 ff d3 ea d7 4e 88 ac 51 48 e3 4c bb 95 cc ff Aug 26 18:24:25.358008: | ikev2 g^x 49 28 80 28 b3 84 ad 99 02 fb c6 77 d3 31 5e 96 Aug 26 18:24:25.358010: | ikev2 g^x 3d ac 29 49 d9 cb 5c 0c d3 8b c3 b5 69 18 50 47 Aug 26 18:24:25.358013: | ikev2 g^x c9 4e 57 93 c3 c2 f3 94 fb a9 3d 49 c1 d8 3e 8f Aug 26 18:24:25.358016: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.358019: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.358022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.358025: | flags: none (0x0) Aug 26 18:24:25.358027: | number of TS: 1 (0x1) Aug 26 18:24:25.358031: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.358034: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.358037: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.358040: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.358042: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.358045: | start port: 0 (0x0) Aug 26 18:24:25.358047: | end port: 65535 (0xffff) Aug 26 18:24:25.358051: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.358054: | ipv4 start c0 00 03 00 Aug 26 18:24:25.358056: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.358059: | ipv4 end c0 00 03 ff Aug 26 18:24:25.358062: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.358065: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.358067: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.358070: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.358073: | flags: none (0x0) Aug 26 18:24:25.358075: | number of TS: 1 (0x1) Aug 26 18:24:25.358079: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.358082: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.358085: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.358087: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.358090: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.358093: | start port: 0 (0x0) Aug 26 18:24:25.358095: | end port: 65535 (0xffff) Aug 26 18:24:25.358098: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.358101: | ipv4 start c0 00 16 00 Aug 26 18:24:25.358104: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.358106: | ipv4 end c0 00 16 ff Aug 26 18:24:25.358109: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.358111: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.358114: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:25.358118: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.358295: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.358302: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.358305: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 18:24:25.358308: | emitting length of ISAKMP Message: 601 Aug 26 18:24:25.358345: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.358350: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 18:24:25.358353: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 18:24:25.358357: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 18:24:25.358363: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 18:24:25.358367: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:25.358372: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 18:24:25.358376: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:25.358390: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:25.358401: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.358403: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.358406: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:24:25.358562: | 4e c7 7d 02 c0 0d 00 ad 02 db f3 ec 53 5f 9f 74 Aug 26 18:24:25.358568: | a6 ec 44 43 4c b3 50 12 6a 25 1b bb 10 da 0d 1d Aug 26 18:24:25.358571: | d0 dc c5 56 95 a2 36 81 28 08 c8 02 97 32 5e db Aug 26 18:24:25.358573: | fd 23 da a2 68 a7 22 98 bc 01 1a 8f 01 f5 24 29 Aug 26 18:24:25.358576: | 85 b2 2e c6 72 37 b3 eb c3 87 da 8c c9 6f 6c 20 Aug 26 18:24:25.358578: | ef 1a 80 74 eb 6f ae 1e df c7 6c ee 04 ac 9c fb Aug 26 18:24:25.358581: | 85 b9 8a d5 c0 75 e7 e9 c3 89 68 d6 6d 6b 33 d0 Aug 26 18:24:25.358583: | 9d 56 74 85 23 d7 eb a1 af d6 51 36 7b 90 b7 84 Aug 26 18:24:25.358586: | 2f 6e 75 0a 78 a7 7d 7c 36 62 1e 60 96 51 f5 62 Aug 26 18:24:25.358588: | 64 bf c5 b7 b5 15 7d a1 41 d8 f1 6d 20 2f ce 48 Aug 26 18:24:25.358590: | 64 68 71 93 28 56 9e 15 46 f0 93 4e a8 33 18 31 Aug 26 18:24:25.358592: | 4e 56 82 63 09 34 7e 36 98 e6 26 14 82 ba 3a 60 Aug 26 18:24:25.358595: | 92 1d ed 2c b7 6e dd dd 87 10 60 73 dd ad 5f 65 Aug 26 18:24:25.358598: | d7 69 cb 4e 73 dd eb d4 ec 6b b3 c4 69 7d 05 e2 Aug 26 18:24:25.358600: | 97 b7 ec 6f 57 51 23 d4 3c 79 42 4a 18 fd ed 02 Aug 26 18:24:25.358603: | 23 ea 23 1d 65 44 6b ed 25 4b 8c 3d f9 d5 25 e3 Aug 26 18:24:25.358605: | 0f 0e 51 6d f6 c4 0b ca 49 e3 da 17 dd 35 01 f9 Aug 26 18:24:25.358607: | 59 7d 86 75 eb 33 ef 50 0e 2a 93 84 38 76 3a ac Aug 26 18:24:25.358610: | 83 d2 e0 57 88 e6 93 9c 3b 49 69 5f ba 6c 48 5b Aug 26 18:24:25.358612: | 71 c6 89 3e 14 37 82 60 44 35 4f 2e 94 b3 97 06 Aug 26 18:24:25.358614: | 44 44 db 48 54 83 6f 35 be 40 59 6b 21 28 39 c2 Aug 26 18:24:25.358617: | 26 44 25 50 e5 96 e3 2a 53 09 96 13 c4 06 0d 42 Aug 26 18:24:25.358619: | cd 03 92 ee f7 61 33 7b c1 df a2 e6 0b e8 02 73 Aug 26 18:24:25.358622: | 4c 8f b4 b5 df a5 22 41 09 0d 68 32 54 d5 df 86 Aug 26 18:24:25.358624: | 05 ae 97 9c 65 1a 6a 07 d1 9c 46 95 f3 9c 88 8f Aug 26 18:24:25.358626: | b4 a6 e4 1b 8e e7 a9 a4 28 03 9f 92 8a cf 88 ae Aug 26 18:24:25.358629: | e4 db e8 a8 82 5e 3d cf 94 ff 17 57 6f 13 98 4e Aug 26 18:24:25.358631: | 00 01 a0 08 7d e8 fe ce d8 f3 9f fa 06 95 52 da Aug 26 18:24:25.358633: | 78 7e 04 4c db 65 61 b8 b0 af 05 47 55 f5 94 fe Aug 26 18:24:25.358636: | cc 44 69 1c d7 22 a8 f2 2d 73 eb 32 26 85 c1 57 Aug 26 18:24:25.358638: | b7 6d 74 23 57 e0 69 18 f9 55 41 df ef 71 59 52 Aug 26 18:24:25.358640: | a4 69 8f e6 7a 66 50 c4 83 35 fd 6a e9 b4 11 24 Aug 26 18:24:25.358643: | 28 6a f3 88 8b 42 9b 20 9a 23 ad 36 db 03 4c 17 Aug 26 18:24:25.358645: | 00 d0 1b e5 a2 1b 3a 33 66 4b cc d0 c3 88 bf 2a Aug 26 18:24:25.358648: | 2d fa f6 ca 3f 70 09 90 56 ba 63 50 cb 45 9f 29 Aug 26 18:24:25.358650: | 23 d9 8e b9 b2 e5 6f 01 5e Aug 26 18:24:25.361562: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:25.361575: | libevent_free: release ptr-libevent@0x55e6cc7131a8 Aug 26 18:24:25.361579: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:25.361583: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:25.361587: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:25.361601: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e6cc6ab268 Aug 26 18:24:25.361605: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Aug 26 18:24:25.361609: | libevent_malloc: new ptr-libevent@0x55e6cc7131a8 size 128 Aug 26 18:24:25.361613: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29151.104067 Aug 26 18:24:25.361619: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:25.361623: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:25.361627: | #1 spent 1.54 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:25.361630: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 18:24:25.361632: | libevent_free: release ptr-libevent@0x55e6cc741308 Aug 26 18:24:25.374316: | spent 0.00366 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.374342: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.374346: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.374349: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:24:25.374352: | 9e e7 c3 13 c2 96 9a 53 d9 7f dc 07 fb ba 9b 76 Aug 26 18:24:25.374354: | 2c 91 b5 ea ae bd e3 64 84 c2 bf 9c 01 d4 72 93 Aug 26 18:24:25.374357: | 8e 04 25 ff a3 33 38 30 6f 6d f8 90 2b fa 43 bb Aug 26 18:24:25.374359: | bd c3 bc 0d 1a 9d 13 d8 0b da 1b 9a 21 29 7a 97 Aug 26 18:24:25.374362: | 4a a7 49 76 22 c9 ae 43 15 b5 48 e6 d6 56 89 c8 Aug 26 18:24:25.374364: | 7d 21 8d 14 30 03 e3 cf b3 79 69 dc e1 5a 06 55 Aug 26 18:24:25.374367: | f1 88 b1 1e 23 f0 d9 d6 78 a6 5d 12 d5 eb 15 b0 Aug 26 18:24:25.374369: | ae 52 30 00 e1 ba 83 00 9b 73 db 64 60 02 d0 f6 Aug 26 18:24:25.374372: | d0 e5 fd c6 5e 54 81 56 16 4e b1 ca 77 01 ea ea Aug 26 18:24:25.374374: | 8c 17 9e 40 7c 31 bf 8b 14 cb 49 5a 95 33 ce af Aug 26 18:24:25.374377: | 63 ce d6 dc 7c e7 8f 18 51 75 e0 46 26 3e 9c d2 Aug 26 18:24:25.374380: | b8 f9 d6 b2 a4 0d 3f 95 20 9a 07 3a 1f a4 54 39 Aug 26 18:24:25.374382: | fe d7 2a c0 14 86 c6 21 47 01 45 8b f6 df 4f 76 Aug 26 18:24:25.374385: | 10 d9 46 55 35 d7 c0 ce 71 08 af 49 d4 51 8d f2 Aug 26 18:24:25.374387: | f8 7f 2f 2c 16 6a 58 3c a7 40 99 93 1a 63 57 11 Aug 26 18:24:25.374390: | 3b d6 bd 5f 4d 0a 6d a3 57 07 7c 40 22 ab de 16 Aug 26 18:24:25.374392: | a0 65 4e 60 80 56 c2 9d d9 9a c0 ae 5a 1a 04 0f Aug 26 18:24:25.374395: | c3 3c a5 be 88 18 73 4e 5d fb e2 3d 07 ca 9d 66 Aug 26 18:24:25.374397: | 33 94 91 0a 05 bf 0b 98 eb 90 ef cd c7 b4 5d b7 Aug 26 18:24:25.374400: | 7e 06 da a8 c3 26 f5 1f ff 9c f8 d5 36 ec bf 05 Aug 26 18:24:25.374402: | 09 f4 2f b8 cf 6d 84 8c aa 81 f5 37 0f d5 8a f0 Aug 26 18:24:25.374405: | f3 2a 94 47 5d 7a bc 1b 1f 16 31 9a d8 66 36 05 Aug 26 18:24:25.374408: | 17 41 9f e1 88 72 9a 61 da b5 bf c5 8b ce 80 35 Aug 26 18:24:25.374410: | ad 1c 4b 9d e9 91 87 97 4a e3 43 07 a0 1f 98 75 Aug 26 18:24:25.374412: | 80 71 47 eb 93 46 7a b6 4e 3e d2 93 c6 d6 4b 28 Aug 26 18:24:25.374415: | 4c a5 63 8b 13 eb d6 fa 6d 5f 08 6e 84 d8 e4 32 Aug 26 18:24:25.374417: | 87 Aug 26 18:24:25.374423: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.374427: | **parse ISAKMP Message: Aug 26 18:24:25.374430: | initiator cookie: Aug 26 18:24:25.374433: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:25.374436: | responder cookie: Aug 26 18:24:25.374438: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:25.374441: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.374444: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.374446: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.374451: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.374454: | Message ID: 2 (0x2) Aug 26 18:24:25.374456: | length: 449 (0x1c1) Aug 26 18:24:25.374458: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:24:25.374460: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 18:24:25.374464: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:25.374469: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.374471: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.374474: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.374476: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.374478: | #3 is idle Aug 26 18:24:25.374480: | #3 idle Aug 26 18:24:25.374481: | unpacking clear payload Aug 26 18:24:25.374483: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:25.374485: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:25.374487: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.374489: | flags: none (0x0) Aug 26 18:24:25.374490: | length: 421 (0x1a5) Aug 26 18:24:25.374492: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 18:24:25.374494: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:25.374523: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:24:25.374525: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.374527: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.374528: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.374530: | flags: none (0x0) Aug 26 18:24:25.374532: | length: 44 (0x2c) Aug 26 18:24:25.374533: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:24:25.374535: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.374536: | **parse IKEv2 Nonce Payload: Aug 26 18:24:25.374538: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.374539: | flags: none (0x0) Aug 26 18:24:25.374541: | length: 36 (0x24) Aug 26 18:24:25.374543: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.374544: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.374546: | **parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.374548: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.374549: | flags: none (0x0) Aug 26 18:24:25.374551: | length: 264 (0x108) Aug 26 18:24:25.374552: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.374554: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.374555: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.374557: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.374559: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.374560: | flags: none (0x0) Aug 26 18:24:25.374562: | length: 24 (0x18) Aug 26 18:24:25.374564: | number of TS: 1 (0x1) Aug 26 18:24:25.374565: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.374567: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.374568: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.374570: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.374571: | flags: none (0x0) Aug 26 18:24:25.374573: | length: 24 (0x18) Aug 26 18:24:25.374575: | number of TS: 1 (0x1) Aug 26 18:24:25.374576: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.374578: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:25.374581: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.374583: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 18:24:25.374586: | Now let's proceed with state specific processing Aug 26 18:24:25.374588: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:25.374597: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.374600: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:25.374603: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.374605: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.374606: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.374608: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.374610: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.374612: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.374614: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.374615: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.374617: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.374618: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.374620: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.374622: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.374623: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.374625: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.374627: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.374628: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.374630: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.374632: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.374633: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.374635: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.374637: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.374638: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.374640: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.374642: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.374644: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.374645: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.374647: | length: 40 (0x28) Aug 26 18:24:25.374648: | prop #: 1 (0x1) Aug 26 18:24:25.374650: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.374652: | spi size: 4 (0x4) Aug 26 18:24:25.374653: | # transforms: 3 (0x3) Aug 26 18:24:25.374655: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.374657: | remote SPI b4 20 b7 be Aug 26 18:24:25.374659: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:25.374661: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.374663: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.374664: | length: 12 (0xc) Aug 26 18:24:25.374666: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.374667: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.374669: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.374671: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.374673: | length/value: 256 (0x100) Aug 26 18:24:25.374675: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.374677: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.374679: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.374680: | length: 8 (0x8) Aug 26 18:24:25.374682: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.374684: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.374687: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.374688: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.374690: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.374692: | length: 8 (0x8) Aug 26 18:24:25.374693: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.374695: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.374697: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.374699: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:24:25.374702: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:24:25.374704: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.374706: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 18:24:25.374709: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=b420b7be;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.374711: | converting proposal to internal trans attrs Aug 26 18:24:25.374714: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:24:25.374719: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 18:24:25.374722: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:25.374724: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 18:24:25.374726: | libevent_free: release ptr-libevent@0x55e6cc7131a8 Aug 26 18:24:25.374729: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e6cc6ab268 Aug 26 18:24:25.374731: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:25.374733: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.374735: | libevent_malloc: new ptr-libevent@0x55e6cc73b9b8 size 128 Aug 26 18:24:25.374742: | #3 spent 0.151 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 18:24:25.374762: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.374764: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 18:24:25.374766: | suspending state #3 and saving MD Aug 26 18:24:25.374768: | #3 is busy; has a suspended MD Aug 26 18:24:25.374770: | crypto helper 6 resuming Aug 26 18:24:25.374770: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.374784: | crypto helper 6 starting work-order 4 for state #3 Aug 26 18:24:25.374791: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.374798: | crypto helper 6 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 18:24:25.374805: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.374811: | #1 spent 0.476 milliseconds in ikev2_process_packet() Aug 26 18:24:25.374816: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.374820: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.374823: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.374828: | spent 0.493 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.375421: | crypto helper 6 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000623 seconds Aug 26 18:24:25.375449: | (#3) spent 0.644 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 18:24:25.375455: | crypto helper 6 sending results from work-order 4 for state #3 to event queue Aug 26 18:24:25.375459: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.375463: | libevent_malloc: new ptr-libevent@0x7fe824001f78 size 128 Aug 26 18:24:25.375483: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:25.375512: | processing resume sending helper answer for #3 Aug 26 18:24:25.375522: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.375526: | crypto helper 6 replies to request ID 4 Aug 26 18:24:25.375528: | calling continuation function 0x55e6cad629d0 Aug 26 18:24:25.375531: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 18:24:25.375534: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.375536: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.375538: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.375540: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.375542: | length: 16 (0x10) Aug 26 18:24:25.375543: | start port: 0 (0x0) Aug 26 18:24:25.375545: | end port: 65535 (0xffff) Aug 26 18:24:25.375547: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.375549: | TS low c0 00 03 00 Aug 26 18:24:25.375551: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.375552: | TS high c0 00 03 ff Aug 26 18:24:25.375554: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.375556: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.375557: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.375559: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.375561: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.375562: | length: 16 (0x10) Aug 26 18:24:25.375564: | start port: 0 (0x0) Aug 26 18:24:25.375565: | end port: 65535 (0xffff) Aug 26 18:24:25.375567: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.375569: | TS low c0 00 16 00 Aug 26 18:24:25.375570: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.375572: | TS high c0 00 16 ff Aug 26 18:24:25.375573: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.375577: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.375580: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.375585: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.375587: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.375588: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.375590: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.375592: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.375595: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.375599: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.375600: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.375602: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.375604: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.375606: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.375607: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.375609: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:25.375611: | printing contents struct traffic_selector Aug 26 18:24:25.375612: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.375614: | ipprotoid: 0 Aug 26 18:24:25.375615: | port range: 0-65535 Aug 26 18:24:25.375618: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.375619: | printing contents struct traffic_selector Aug 26 18:24:25.375621: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.375622: | ipprotoid: 0 Aug 26 18:24:25.375624: | port range: 0-65535 Aug 26 18:24:25.375626: | ip range: 192.0.22.0-192.0.22.255 Aug 26 18:24:25.375629: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.375764: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:24:25.375768: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:24:25.375770: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.375772: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.375774: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.375776: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.375777: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.375780: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.375783: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.375785: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.375787: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.375789: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.375792: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.375794: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.375797: | netlink: enabling tunnel mode Aug 26 18:24:25.375799: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.375801: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.375867: | netlink response for Add SA esp.b420b7be@192.1.2.23 included non-error error Aug 26 18:24:25.375872: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.375875: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.375877: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.375879: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.375881: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.375883: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.375885: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.375887: | netlink: enabling tunnel mode Aug 26 18:24:25.375888: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.375890: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.375919: | netlink response for Add SA esp.b2cb20e3@192.1.3.33 included non-error error Aug 26 18:24:25.375924: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.375929: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:25.375932: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.375951: | raw_eroute result=success Aug 26 18:24:25.375955: | set up incoming SA, ref=0/0 Aug 26 18:24:25.375957: | sr for #3: unrouted Aug 26 18:24:25.375959: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.375961: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.375962: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.375964: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.375966: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.375968: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.375970: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.375973: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 18:24:25.375975: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.375979: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:25.375981: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.375990: | raw_eroute result=success Aug 26 18:24:25.375994: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.375998: | command executing up-client Aug 26 18:24:25.376017: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.376021: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.376033: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:24:25.376035: | popen cmd is 1408 chars long Aug 26 18:24:25.376037: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.376039: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 18:24:25.376041: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 18:24:25.376043: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:25.376044: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:25.376046: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 18:24:25.376048: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:25.376050: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 18:24:25.376051: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Aug 26 18:24:25.376053: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:25.376055: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:25.376056: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:25.376058: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Aug 26 18:24:25.376060: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:24:25.376061: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:24:25.376063: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:24:25.376065: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:24:25.376066: | cmd(1360):0xb420b7be SPI_OUT=0xb2cb20e3 ipsec _updown 2>&1: Aug 26 18:24:25.389436: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.389454: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:25.389457: | command executing prepare-client Aug 26 18:24:25.389479: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.389484: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.389502: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Aug 26 18:24:25.389505: | popen cmd is 1413 chars long Aug 26 18:24:25.389507: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:25.389509: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:25.389511: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.389512: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:25.389514: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:25.389516: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 18:24:25.389518: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 18:24:25.389519: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 18:24:25.389521: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:24:25.389523: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:24:25.389524: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Aug 26 18:24:25.389526: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Aug 26 18:24:25.389528: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Aug 26 18:24:25.389530: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Aug 26 18:24:25.389533: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Aug 26 18:24:25.389536: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Aug 26 18:24:25.389539: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Aug 26 18:24:25.389542: | cmd(1360):I_IN=0xb420b7be SPI_OUT=0xb2cb20e3 ipsec _updown 2>&1: Aug 26 18:24:25.404281: | running updown command "ipsec _updown" for verb route Aug 26 18:24:25.404322: | command executing route-client Aug 26 18:24:25.404356: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.404364: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.404386: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Aug 26 18:24:25.404393: | popen cmd is 1411 chars long Aug 26 18:24:25.404397: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:25.404400: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 18:24:25.404402: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 18:24:25.404405: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:25.404408: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:25.404411: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Aug 26 18:24:25.404414: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:25.404416: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 18:24:25.404419: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Aug 26 18:24:25.404422: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:25.404425: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:25.404427: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:25.404430: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 18:24:25.404433: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 18:24:25.404436: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 18:24:25.404439: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 18:24:25.404442: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 18:24:25.404444: | cmd(1360):IN=0xb420b7be SPI_OUT=0xb2cb20e3 ipsec _updown 2>&1: Aug 26 18:24:25.420178: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55e6cc71cbd8,sr=0x55e6cc71cbd8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.421336: | #1 spent 1.92 milliseconds in install_ipsec_sa() Aug 26 18:24:25.421354: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:24:25.421360: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.421373: | libevent_free: release ptr-libevent@0x55e6cc73b9b8 Aug 26 18:24:25.421381: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:25.421394: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.421400: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 18:24:25.421404: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 18:24:25.421409: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:25.421413: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:24:25.421419: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 18:24:25.421430: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.421433: | pstats #3 ikev2.child established Aug 26 18:24:25.421442: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Aug 26 18:24:25.421454: | NAT-T: encaps is 'auto' Aug 26 18:24:25.421460: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xb420b7be <0xb2cb20e3 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.421464: | releasing whack for #3 (sock=fd@25) Aug 26 18:24:25.421471: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:24:25.421474: | releasing whack and unpending for parent #1 Aug 26 18:24:25.421476: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 18:24:25.421482: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 18:24:25.421485: | event_schedule: new EVENT_SA_REKEY-pe@0x55e6cc6ab268 Aug 26 18:24:25.421488: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 18:24:25.421493: | libevent_malloc: new ptr-libevent@0x55e6cc72bbe8 size 128 Aug 26 18:24:25.421503: | #3 spent 2.33 milliseconds in resume sending helper answer Aug 26 18:24:25.421508: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.421512: | libevent_free: release ptr-libevent@0x7fe824001f78 Aug 26 18:24:25.421678: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.421685: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.421689: | spent 0.00458 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.421691: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.421694: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.421696: | spent 0.00276 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.421698: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.421701: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.421705: | spent 0.00349 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.490228: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:25.490585: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:25.490597: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:25.490763: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:25.490769: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:25.490780: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:25.490807: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:25.490830: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:25.490839: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:25.490862: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:25.490871: | spent 0.627 milliseconds in whack Aug 26 18:24:27.718755: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:27.718780: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:27.718785: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:27.718794: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:27.718812: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:27.718835: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:27.718843: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:27.718864: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:27.718872: | spent 0.125 milliseconds in whack Aug 26 18:24:28.610217: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:28.610441: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:28.610455: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:28.610607: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:28.610611: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:28.610620: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:28.610640: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:28.610659: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:28.610667: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:28.610686: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:28.610694: | spent 0.472 milliseconds in whack Aug 26 18:24:29.008624: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:29.008653: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:29.008659: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.008662: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.008666: | 24 bd 99 28 c3 9f cb 71 38 86 7d b8 fe 62 fa 92 Aug 26 18:24:29.008669: | 17 78 70 e2 09 76 1b 0b aa ca 96 49 ae f4 65 e3 Aug 26 18:24:29.008671: | ab 9f ea fb 17 Aug 26 18:24:29.008677: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:29.008681: | **parse ISAKMP Message: Aug 26 18:24:29.008685: | initiator cookie: Aug 26 18:24:29.008688: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.008691: | responder cookie: Aug 26 18:24:29.008693: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.008697: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:29.008701: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.008704: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.008709: | flags: none (0x0) Aug 26 18:24:29.008713: | Message ID: 0 (0x0) Aug 26 18:24:29.008716: | length: 69 (0x45) Aug 26 18:24:29.008720: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:29.008724: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:29.008730: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:29.008737: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:29.008741: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:29.008747: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:29.008751: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:29.008757: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:24:29.008760: | unpacking clear payload Aug 26 18:24:29.008764: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:29.008768: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:29.008771: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:29.008774: | flags: none (0x0) Aug 26 18:24:29.008777: | length: 41 (0x29) Aug 26 18:24:29.008781: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:29.008787: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:29.008790: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:29.008818: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:29.008822: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:29.008826: | **parse IKEv2 Delete Payload: Aug 26 18:24:29.008829: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.008832: | flags: none (0x0) Aug 26 18:24:29.008835: | length: 12 (0xc) Aug 26 18:24:29.008839: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.008842: | SPI size: 4 (0x4) Aug 26 18:24:29.008845: | number of SPIs: 1 (0x1) Aug 26 18:24:29.008848: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:29.008854: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:29.008857: | Now let's proceed with state specific processing Aug 26 18:24:29.008860: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:29.008864: | an informational request should send a response Aug 26 18:24:29.008888: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:29.008893: | **emit ISAKMP Message: Aug 26 18:24:29.008896: | initiator cookie: Aug 26 18:24:29.008899: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.008902: | responder cookie: Aug 26 18:24:29.008905: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.008908: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.008912: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.008915: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.008919: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:29.008922: | Message ID: 0 (0x0) Aug 26 18:24:29.008926: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.008929: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.008933: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.008936: | flags: none (0x0) Aug 26 18:24:29.008940: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.008944: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:29.008949: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.008964: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:29.008967: | SPI b4 20 b7 be Aug 26 18:24:29.008970: | delete PROTO_v2_ESP SA(0xb420b7be) Aug 26 18:24:29.008975: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:29.008979: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:29.008982: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xb420b7be) Aug 26 18:24:29.008986: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 18:24:29.008990: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.008994: | libevent_free: release ptr-libevent@0x55e6cc72bbe8 Aug 26 18:24:29.008998: | free_event_entry: release EVENT_SA_REKEY-pe@0x55e6cc6ab268 Aug 26 18:24:29.009002: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:29.009007: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 18:24:29.009012: | libevent_malloc: new ptr-libevent@0x7fe824001f78 size 128 Aug 26 18:24:29.009016: | ****emit IKEv2 Delete Payload: Aug 26 18:24:29.009020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.009023: | flags: none (0x0) Aug 26 18:24:29.009026: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.009029: | SPI size: 4 (0x4) Aug 26 18:24:29.009032: | number of SPIs: 1 (0x1) Aug 26 18:24:29.009036: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:29.009041: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:29.009045: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:29.009048: | local SPIs b2 cb 20 e3 Aug 26 18:24:29.009051: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:29.009054: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.009059: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.009063: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.009066: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:29.009069: | emitting length of ISAKMP Message: 69 Aug 26 18:24:29.009106: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:29.009113: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.009116: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.009119: | a2 8e 87 5a 3d 98 a4 6a bd 4a a0 08 ae 30 27 36 Aug 26 18:24:29.009123: | 28 03 0a 4c a3 04 d8 14 ce b7 8b b9 a1 22 52 15 Aug 26 18:24:29.009126: | 7e 82 57 a1 6c Aug 26 18:24:29.009164: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:29.009172: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:29.009179: | #1 spent 0.283 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:29.009187: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.009191: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:29.009195: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:29.009201: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:29.009207: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:29.009211: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:29.009217: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:29.009223: | #1 spent 0.554 milliseconds in ikev2_process_packet() Aug 26 18:24:29.009228: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:29.009232: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:29.009236: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:29.009241: | spent 0.573 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:29.009249: | timer_event_cb: processing event@0x55e6cc6ab268 Aug 26 18:24:29.009253: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 18:24:29.009259: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.009264: | picked newest_ipsec_sa #3 for #3 Aug 26 18:24:29.009267: | replacing stale CHILD SA Aug 26 18:24:29.009272: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:29.009275: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:29.009280: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:29.009285: | creating state object #4 at 0x55e6cc733df8 Aug 26 18:24:29.009295: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:24:29.009309: | pstats #4 ikev2.child started Aug 26 18:24:29.009314: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 18:24:29.009321: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:29.009331: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:29.009338: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:29.009344: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:29.009349: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:29.009369: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.009376: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 18:24:29.009380: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55e6cc72a978 Aug 26 18:24:29.009385: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 18:24:29.009389: | libevent_malloc: new ptr-libevent@0x55e6cc73b9b8 size 128 Aug 26 18:24:29.009396: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:29.009401: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fe834002b78 Aug 26 18:24:29.009405: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 18:24:29.009410: | libevent_malloc: new ptr-libevent@0x55e6cc741308 size 128 Aug 26 18:24:29.009414: | libevent_free: release ptr-libevent@0x7fe824001f78 Aug 26 18:24:29.009418: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:29.009423: | #3 spent 0.166 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:29.009427: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.009433: | timer_event_cb: processing event@0x55e6cc72a978 Aug 26 18:24:29.009436: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 18:24:29.009442: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.009448: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 18:24:29.009452: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:29.009456: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:24:29.009460: | libevent_malloc: new ptr-libevent@0x7fe824001f78 size 128 Aug 26 18:24:29.009469: | libevent_free: release ptr-libevent@0x55e6cc73b9b8 Aug 26 18:24:29.009473: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55e6cc72a978 Aug 26 18:24:29.009477: | crypto helper 5 resuming Aug 26 18:24:29.009478: | #4 spent 0.044 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:29.009503: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.009510: | timer_event_cb: processing event@0x7fe834002b78 Aug 26 18:24:29.009513: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 18:24:29.009518: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.009522: | picked newest_ipsec_sa #3 for #3 Aug 26 18:24:29.009524: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:29.009527: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 18:24:29.009530: | pstats #3 ikev2.child deleted completed Aug 26 18:24:29.009534: | #3 spent 4.31 milliseconds in total Aug 26 18:24:29.009539: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:29.009543: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.655s and NOT sending notification Aug 26 18:24:29.009547: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:29.009552: | get_sa_info esp.b420b7be@192.1.2.23 Aug 26 18:24:29.009567: | get_sa_info esp.b2cb20e3@192.1.3.33 Aug 26 18:24:29.009576: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Aug 26 18:24:29.009580: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:29.009629: | running updown command "ipsec _updown" for verb down Aug 26 18:24:29.009634: | command executing down-client Aug 26 18:24:29.009666: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:29.009674: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:29.009693: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_ Aug 26 18:24:29.009697: | popen cmd is 1419 chars long Aug 26 18:24:29.009700: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:29.009704: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 18:24:29.009707: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 18:24:29.009710: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 18:24:29.009714: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:29.009716: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 18:24:29.009719: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:29.009723: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 18:24:29.009726: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Aug 26 18:24:29.009729: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:29.009732: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Aug 26 18:24:29.009735: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Aug 26 18:24:29.009737: | cmd( 960): PLUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Aug 26 18:24:29.009740: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Aug 26 18:24:29.009743: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 18:24:29.009745: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 18:24:29.009748: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 18:24:29.009751: | cmd(1360):no' SPI_IN=0xb420b7be SPI_OUT=0xb2cb20e3 ipsec _updown 2>&1: Aug 26 18:24:29.009492: | crypto helper 5 starting work-order 5 for state #4 Aug 26 18:24:29.010132: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 18:24:29.011073: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000942 seconds Aug 26 18:24:29.011090: | (#4) spent 0.952 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:29.011097: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Aug 26 18:24:29.011102: | scheduling resume sending helper answer for #4 Aug 26 18:24:29.011106: | libevent_malloc: new ptr-libevent@0x7fe828002888 size 128 Aug 26 18:24:29.011119: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:29.032852: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:29.032873: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.032878: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.032884: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:29.032926: | delete esp.b420b7be@192.1.2.23 Aug 26 18:24:29.032950: | netlink response for Del SA esp.b420b7be@192.1.2.23 included non-error error Aug 26 18:24:29.032955: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.032963: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:29.032982: | raw_eroute result=success Aug 26 18:24:29.032987: | delete esp.b2cb20e3@192.1.3.33 Aug 26 18:24:29.032997: | netlink response for Del SA esp.b2cb20e3@192.1.3.33 included non-error error Aug 26 18:24:29.033010: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.033014: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:24:29.033021: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:29.033057: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:29.033081: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:29.033085: | can't expire unused IKE SA #1; it has the child #4 Aug 26 18:24:29.033091: | libevent_free: release ptr-libevent@0x55e6cc741308 Aug 26 18:24:29.033098: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fe834002b78 Aug 26 18:24:29.033102: | in statetime_stop() and could not find #3 Aug 26 18:24:29.033105: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.033129: | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:29.033148: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:29.033153: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.033156: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.033159: | 4d 69 a5 6e 27 ba 31 31 ae 72 89 37 88 af 3a 8e Aug 26 18:24:29.033162: | 76 5a bd 13 f7 59 e5 30 7a b5 6e a3 86 7a 8d c0 Aug 26 18:24:29.033165: | 94 32 d4 07 b3 Aug 26 18:24:29.033171: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:29.033177: | **parse ISAKMP Message: Aug 26 18:24:29.033180: | initiator cookie: Aug 26 18:24:29.033183: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.033186: | responder cookie: Aug 26 18:24:29.033188: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.033192: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:29.033195: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.033199: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.033204: | flags: none (0x0) Aug 26 18:24:29.033207: | Message ID: 1 (0x1) Aug 26 18:24:29.033210: | length: 69 (0x45) Aug 26 18:24:29.033214: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:29.033218: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:29.033222: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:29.033230: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:29.033234: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:29.033244: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:29.033248: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:29.033253: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:24:29.033256: | unpacking clear payload Aug 26 18:24:29.033259: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:29.033833: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:29.033845: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:29.033848: | flags: none (0x0) Aug 26 18:24:29.033852: | length: 41 (0x29) Aug 26 18:24:29.033855: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:29.033860: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:29.033864: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:29.033890: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:29.033894: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:29.033897: | **parse IKEv2 Delete Payload: Aug 26 18:24:29.033900: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.033903: | flags: none (0x0) Aug 26 18:24:29.033906: | length: 12 (0xc) Aug 26 18:24:29.033909: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.033911: | SPI size: 4 (0x4) Aug 26 18:24:29.033914: | number of SPIs: 1 (0x1) Aug 26 18:24:29.033917: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:29.033920: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:29.033923: | Now let's proceed with state specific processing Aug 26 18:24:29.033925: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:29.033929: | an informational request should send a response Aug 26 18:24:29.033953: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:29.033958: | **emit ISAKMP Message: Aug 26 18:24:29.033961: | initiator cookie: Aug 26 18:24:29.033964: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.033967: | responder cookie: Aug 26 18:24:29.033969: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.033972: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.033975: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.033978: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.033981: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:29.033983: | Message ID: 1 (0x1) Aug 26 18:24:29.033986: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.033990: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.033993: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.033996: | flags: none (0x0) Aug 26 18:24:29.033999: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.034002: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:29.034006: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.034019: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:29.034022: | SPI 68 2f 54 e6 Aug 26 18:24:29.034025: | delete PROTO_v2_ESP SA(0x682f54e6) Aug 26 18:24:29.034028: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:29.034031: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:29.034034: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x682f54e6) Aug 26 18:24:29.034038: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:24:29.034041: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.034045: | libevent_free: release ptr-libevent@0x55e6cc714808 Aug 26 18:24:29.034050: | free_event_entry: release EVENT_SA_REKEY-pe@0x55e6cc734de8 Aug 26 18:24:29.034054: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e6cc734de8 Aug 26 18:24:29.034057: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:24:29.034061: | libevent_malloc: new ptr-libevent@0x7fe830003878 size 128 Aug 26 18:24:29.034065: | ****emit IKEv2 Delete Payload: Aug 26 18:24:29.034068: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.034071: | flags: none (0x0) Aug 26 18:24:29.034073: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:29.034076: | SPI size: 4 (0x4) Aug 26 18:24:29.034078: | number of SPIs: 1 (0x1) Aug 26 18:24:29.034081: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:29.034084: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:29.034088: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:29.034091: | local SPIs cc 5e 1e 56 Aug 26 18:24:29.034093: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:29.034096: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.034099: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.034102: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.034105: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:29.034107: | emitting length of ISAKMP Message: 69 Aug 26 18:24:29.034127: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:29.034133: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.034136: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:29.034138: | 0b 5f d9 6b 18 24 93 48 54 af 73 d0 63 05 17 30 Aug 26 18:24:29.034141: | d9 9a 53 45 a3 1a 8c e1 dc 94 a8 04 44 e2 cc 89 Aug 26 18:24:29.034144: | ce bd 02 b7 fa Aug 26 18:24:29.034200: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:29.034206: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:29.034213: | #1 spent 0.253 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:29.034221: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.034224: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:29.034228: | Message ID: updating counters for #1 to 1 after switching state Aug 26 18:24:29.034232: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:29.034237: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:29.034240: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:29.034246: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:29.034251: | #1 spent 0.521 milliseconds in ikev2_process_packet() Aug 26 18:24:29.034256: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:29.034260: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:29.034263: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:29.034267: | spent 0.538 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:29.034278: | processing resume sending helper answer for #4 Aug 26 18:24:29.034284: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 18:24:29.034292: | crypto helper 5 replies to request ID 5 Aug 26 18:24:29.034298: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:29.034302: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 18:24:29.034306: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:29.034309: | libevent_free: release ptr-libevent@0x7fe824001f78 Aug 26 18:24:29.034315: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc6ab268 Aug 26 18:24:29.034318: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:29.034322: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 18:24:29.034325: | libevent_malloc: new ptr-libevent@0x55e6cc741308 size 128 Aug 26 18:24:29.034331: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:29.034334: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:29.034337: | libevent_malloc: new ptr-libevent@0x55e6cc73b9b8 size 128 Aug 26 18:24:29.034342: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.034346: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 18:24:29.034348: | suspending state #4 and saving MD Aug 26 18:24:29.034351: | #4 is busy; has a suspended MD Aug 26 18:24:29.034355: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:29.034358: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:29.034362: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 18:24:29.034366: | #4 spent 0.0745 milliseconds in resume sending helper answer Aug 26 18:24:29.034371: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 18:24:29.034374: | libevent_free: release ptr-libevent@0x7fe828002888 Aug 26 18:24:29.034377: | processing signal PLUTO_SIGCHLD Aug 26 18:24:29.034382: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:29.034386: | spent 0.00529 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:29.034394: | timer_event_cb: processing event@0x55e6cc734de8 Aug 26 18:24:29.034397: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:24:29.034402: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.034406: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:29.034408: | replacing stale CHILD SA Aug 26 18:24:29.034413: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:29.034416: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:29.034420: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:29.034425: | creating state object #5 at 0x55e6cc732098 Aug 26 18:24:29.034428: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 18:24:29.034436: | pstats #5 ikev2.child started Aug 26 18:24:29.034439: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 18:24:29.034445: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:29.034451: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:29.034454: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.034458: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:29.034465: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:29.034469: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:29.034473: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:29.034477: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Aug 26 18:24:29.034482: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:29.034489: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.034492: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:29.034496: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.034500: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:29.034504: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.034507: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:29.034511: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.034519: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:29.034525: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:24:29.034528: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fe828002b78 Aug 26 18:24:29.034532: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 18:24:29.034536: | libevent_malloc: new ptr-libevent@0x7fe828002888 size 128 Aug 26 18:24:29.034541: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:29.034544: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fe834002b78 Aug 26 18:24:29.034548: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:24:29.034551: | libevent_malloc: new ptr-libevent@0x55e6cc73bbf8 size 128 Aug 26 18:24:29.034554: | libevent_free: release ptr-libevent@0x7fe830003878 Aug 26 18:24:29.034558: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e6cc734de8 Aug 26 18:24:29.034562: | #2 spent 0.167 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:29.034566: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.034569: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:29.034574: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 18:24:29.034580: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:29.034584: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:29.034588: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:29.034595: | **emit ISAKMP Message: Aug 26 18:24:29.034599: | initiator cookie: Aug 26 18:24:29.034602: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.034605: | responder cookie: Aug 26 18:24:29.034608: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.034611: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.034617: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.034621: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:29.034624: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:29.034628: | Message ID: 3 (0x3) Aug 26 18:24:29.034631: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.034635: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.034638: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.034641: | flags: none (0x0) Aug 26 18:24:29.034645: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.034649: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.034653: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.034678: | netlink_get_spi: allocated 0xd2085f10 for esp.0@192.1.3.33 Aug 26 18:24:29.034682: | Emitting ikev2_proposals ... Aug 26 18:24:29.034685: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:29.034688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.034691: | flags: none (0x0) Aug 26 18:24:29.034694: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:29.034698: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.034700: | discarding INTEG=NONE Aug 26 18:24:29.034703: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.034706: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.034709: | prop #: 1 (0x1) Aug 26 18:24:29.034712: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:29.034715: | spi size: 4 (0x4) Aug 26 18:24:29.034717: | # transforms: 3 (0x3) Aug 26 18:24:29.034720: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.034724: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:29.034727: | our spi d2 08 5f 10 Aug 26 18:24:29.034730: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034735: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.034738: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:29.034741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034744: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.034747: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.034750: | length/value: 256 (0x100) Aug 26 18:24:29.034753: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.034755: | discarding INTEG=NONE Aug 26 18:24:29.034758: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.034764: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.034767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034772: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.034774: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034776: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.034779: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:29.034781: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:29.034785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034790: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.034793: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:29.034796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.034798: | discarding INTEG=NONE Aug 26 18:24:29.034801: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.034804: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.034806: | prop #: 2 (0x2) Aug 26 18:24:29.034809: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:29.034811: | spi size: 4 (0x4) Aug 26 18:24:29.034814: | # transforms: 3 (0x3) Aug 26 18:24:29.034817: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.034820: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.034823: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:29.034826: | our spi d2 08 5f 10 Aug 26 18:24:29.034828: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034830: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034833: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.034836: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:29.034839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034842: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.034845: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.034848: | length/value: 128 (0x80) Aug 26 18:24:29.034851: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.034854: | discarding INTEG=NONE Aug 26 18:24:29.034857: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034863: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.034866: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.034870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034876: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.034880: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034882: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.034886: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:29.034888: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:29.034892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034899: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.034903: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:29.034909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.034914: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.034917: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.034922: | prop #: 3 (0x3) Aug 26 18:24:29.034926: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:29.034929: | spi size: 4 (0x4) Aug 26 18:24:29.034932: | # transforms: 5 (0x5) Aug 26 18:24:29.034937: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.034942: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.034948: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:29.034951: | our spi d2 08 5f 10 Aug 26 18:24:29.034954: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034956: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034959: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.034962: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:29.034965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034968: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.034971: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.034974: | length/value: 256 (0x100) Aug 26 18:24:29.034977: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.034980: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.034983: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034985: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.034988: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:29.034992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.034994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.034997: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035000: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035004: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.035007: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:29.035009: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035015: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035017: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.035026: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.035029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035035: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035038: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035040: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.035043: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:29.035046: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:29.035049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035057: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035060: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:29.035064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.035067: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.035069: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:29.035072: | prop #: 4 (0x4) Aug 26 18:24:29.035075: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:29.035078: | spi size: 4 (0x4) Aug 26 18:24:29.035080: | # transforms: 5 (0x5) Aug 26 18:24:29.035084: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.035087: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.035091: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:29.035094: | our spi d2 08 5f 10 Aug 26 18:24:29.035097: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035103: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.035106: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:29.035109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035113: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.035116: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.035119: | length/value: 128 (0x80) Aug 26 18:24:29.035122: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.035125: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035131: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.035134: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:29.035138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035145: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035148: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035154: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.035157: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:29.035161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035170: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.035179: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.035183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035190: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035195: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.035198: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.035201: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:29.035203: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:29.035207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.035211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.035214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.035217: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:29.035220: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.035223: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:29.035227: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:29.035231: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 18:24:29.035234: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 18:24:29.035240: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.035245: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 18:24:29.035476: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 18:24:29.035489: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:29.035495: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:29.035503: | #1 spent 0.756 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:29.035508: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 18:24:29.035513: | libevent_free: release ptr-libevent@0x55e6cc73b9b8 Aug 26 18:24:29.035521: | timer_event_cb: processing event@0x7fe828002b78 Aug 26 18:24:29.035524: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 18:24:29.035529: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.035535: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 18:24:29.035539: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc734de8 Aug 26 18:24:29.035543: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:24:29.035546: | libevent_malloc: new ptr-libevent@0x55e6cc73b9b8 size 128 Aug 26 18:24:29.035556: | libevent_free: release ptr-libevent@0x7fe828002888 Aug 26 18:24:29.035560: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fe828002b78 Aug 26 18:24:29.035565: | #5 spent 0.0431 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:29.035570: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.035573: | timer_event_cb: processing event@0x7fe834002b78 Aug 26 18:24:29.035577: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:24:29.035581: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:29.035585: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:29.035588: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:29.035591: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:24:29.035594: | pstats #2 ikev2.child deleted completed Aug 26 18:24:29.035598: | #2 spent 7.9 milliseconds in total Aug 26 18:24:29.035605: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:29.035609: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 3.844s and NOT sending notification Aug 26 18:24:29.035612: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:29.035617: | get_sa_info esp.682f54e6@192.1.2.23 Aug 26 18:24:29.035631: | get_sa_info esp.cc5e1e56@192.1.3.33 Aug 26 18:24:29.035639: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:29.035643: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:29.035687: | crypto helper 4 resuming Aug 26 18:24:29.035694: | crypto helper 4 starting work-order 6 for state #5 Aug 26 18:24:29.035698: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 18:24:29.036929: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.001228 seconds Aug 26 18:24:29.036948: | (#5) spent 0.872 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:29.036952: | crypto helper 4 sending results from work-order 6 for state #5 to event queue Aug 26 18:24:29.036956: | scheduling resume sending helper answer for #5 Aug 26 18:24:29.036959: | libevent_malloc: new ptr-libevent@0x7fe81c002888 size 128 Aug 26 18:24:29.036967: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:29.036984: | running updown command "ipsec _updown" for verb down Aug 26 18:24:29.036989: | command executing down-client Aug 26 18:24:29.037020: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:29.037027: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:29.037046: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CO Aug 26 18:24:29.037050: | popen cmd is 1417 chars long Aug 26 18:24:29.037053: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:29.037056: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 18:24:29.037058: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 18:24:29.037060: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 18:24:29.037063: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:29.037065: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Aug 26 18:24:29.037067: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:29.037070: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 18:24:29.037072: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 18:24:29.037078: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:29.037082: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:29.037084: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:29.037087: | cmd( 960):LUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Aug 26 18:24:29.037090: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Aug 26 18:24:29.037093: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Aug 26 18:24:29.037095: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Aug 26 18:24:29.037097: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Aug 26 18:24:29.037099: | cmd(1360):' SPI_IN=0x682f54e6 SPI_OUT=0xcc5e1e56 ipsec _updown 2>&1: Aug 26 18:24:29.056669: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:29.056689: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.056693: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.056699: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:29.056740: | delete esp.682f54e6@192.1.2.23 Aug 26 18:24:29.056760: | netlink response for Del SA esp.682f54e6@192.1.2.23 included non-error error Aug 26 18:24:29.056764: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.056772: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:29.056794: | raw_eroute result=success Aug 26 18:24:29.056799: | delete esp.cc5e1e56@192.1.3.33 Aug 26 18:24:29.056812: | netlink response for Del SA esp.cc5e1e56@192.1.3.33 included non-error error Aug 26 18:24:29.056825: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:29.056830: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:24:29.056836: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:29.056847: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:29.056864: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:29.056868: | can't expire unused IKE SA #1; it has the child #5 Aug 26 18:24:29.056876: | libevent_free: release ptr-libevent@0x55e6cc73bbf8 Aug 26 18:24:29.056882: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fe834002b78 Aug 26 18:24:29.056887: | in statetime_stop() and could not find #2 Aug 26 18:24:29.056890: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:29.056917: | spent 0.0024 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:29.056936: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:29.056941: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.056944: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:24:29.056947: | 80 ff d2 2a 50 11 75 05 33 f1 49 0f c6 f7 7c eb Aug 26 18:24:29.056950: | 1c 69 c6 a9 a8 4a 95 4d 36 09 cd 8d 11 d7 39 8f Aug 26 18:24:29.056952: | 7c Aug 26 18:24:29.056958: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:29.056963: | **parse ISAKMP Message: Aug 26 18:24:29.056966: | initiator cookie: Aug 26 18:24:29.056969: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.056972: | responder cookie: Aug 26 18:24:29.056975: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.056978: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:29.056981: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.056984: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.056990: | flags: none (0x0) Aug 26 18:24:29.056993: | Message ID: 2 (0x2) Aug 26 18:24:29.056996: | length: 65 (0x41) Aug 26 18:24:29.056999: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:29.057003: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:29.057007: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:29.057014: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:29.057017: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:29.057022: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:29.057026: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:24:29.057030: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 18:24:29.057033: | unpacking clear payload Aug 26 18:24:29.057036: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:29.057039: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:29.057042: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:29.057045: | flags: none (0x0) Aug 26 18:24:29.057047: | length: 37 (0x25) Aug 26 18:24:29.057050: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:24:29.057055: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:29.057059: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:29.057088: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:29.057092: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:29.057095: | **parse IKEv2 Delete Payload: Aug 26 18:24:29.057098: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.057101: | flags: none (0x0) Aug 26 18:24:29.057103: | length: 8 (0x8) Aug 26 18:24:29.057106: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:29.057109: | SPI size: 0 (0x0) Aug 26 18:24:29.057112: | number of SPIs: 0 (0x0) Aug 26 18:24:29.057115: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:24:29.057118: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:29.057120: | Now let's proceed with state specific processing Aug 26 18:24:29.057123: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:29.057127: | an informational request should send a response Aug 26 18:24:29.057151: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:29.057155: | **emit ISAKMP Message: Aug 26 18:24:29.057158: | initiator cookie: Aug 26 18:24:29.057161: | e1 aa 77 0d bc 9a a4 2e Aug 26 18:24:29.057163: | responder cookie: Aug 26 18:24:29.057166: | 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.057169: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.057172: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.057175: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:29.057178: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:29.057181: | Message ID: 2 (0x2) Aug 26 18:24:29.057184: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.057187: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:29.057189: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.057192: | flags: none (0x0) Aug 26 18:24:29.057196: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:29.057199: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:29.057203: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:29.057223: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:29.057229: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:29.057233: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:29.057236: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:24:29.057239: | emitting length of ISAKMP Message: 57 Aug 26 18:24:29.057261: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:29.057266: | e1 aa 77 0d bc 9a a4 2e 31 e5 6e 5f 7d 40 b5 4b Aug 26 18:24:29.057269: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 18:24:29.057271: | a4 ea 52 85 ba 11 90 dc 36 c1 16 a5 17 3c 8e 8f Aug 26 18:24:29.057274: | 24 62 e7 54 22 72 09 c7 af Aug 26 18:24:29.057350: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:24:29.057362: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:24:29.057366: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:29.057370: | pstats #5 ikev2.child deleted other Aug 26 18:24:29.057374: | #5 spent 0.0431 milliseconds in total Aug 26 18:24:29.057380: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:29.057385: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:29.057390: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.022s and NOT sending notification Aug 26 18:24:29.057393: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 18:24:29.057396: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:29.057401: | libevent_free: release ptr-libevent@0x55e6cc73b9b8 Aug 26 18:24:29.057405: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc734de8 Aug 26 18:24:29.057409: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.057416: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:29.057430: | raw_eroute result=success Aug 26 18:24:29.057434: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:29.057437: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 18:24:29.057445: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:29.057450: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.057454: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.057459: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:29.057462: | pstats #4 ikev2.child deleted other Aug 26 18:24:29.057465: | #4 spent 1.07 milliseconds in total Aug 26 18:24:29.057470: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:29.057475: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:29.057478: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.048s and NOT sending notification Aug 26 18:24:29.057481: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 18:24:29.057485: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:29.057488: | libevent_free: release ptr-libevent@0x55e6cc741308 Aug 26 18:24:29.057491: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e6cc6ab268 Aug 26 18:24:29.057497: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.057503: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:29.057513: | raw_eroute result=success Aug 26 18:24:29.057519: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.057522: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 18:24:29.057525: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:29.057559: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.057567: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.057573: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:24:29.057578: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:24:29.057582: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:29.057587: | #1 spent 33.8 milliseconds in total Aug 26 18:24:29.057593: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:29.057597: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 3.880s and NOT sending notification Aug 26 18:24:29.057601: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:24:29.092310: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:29.092332: | libevent_free: release ptr-libevent@0x55e6cc744228 Aug 26 18:24:29.092340: | free_event_entry: release EVENT_SA_REKEY-pe@0x55e6cc71bde8 Aug 26 18:24:29.092347: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:29.092351: | picked newest_isakmp_sa #0 for #1 Aug 26 18:24:29.092356: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:29.092361: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Aug 26 18:24:29.092366: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:24:29.092372: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.092376: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:24:29.092381: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:29.092393: | unreference key: 0x55e6cc71f238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 18:24:29.092427: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:29.092441: | unreference key: 0x55e6cc71f238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.092449: | unreference key: 0x55e6cc72a9e8 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.092455: | unreference key: 0x55e6cc732f08 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:29.092462: | unreference key: 0x55e6cc73ddb8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.092469: | unreference key: 0x55e6cc7330a8 192.1.2.23 cnt 1-- Aug 26 18:24:29.092500: | in statetime_stop() and could not find #1 Aug 26 18:24:29.092505: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.092511: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:24:29.092514: | STF_OK but no state object remains Aug 26 18:24:29.092518: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:29.092522: | in statetime_stop() and could not find #1 Aug 26 18:24:29.092527: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:29.092532: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:29.092536: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:29.092549: | spent 0.923 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:29.092559: | processing resume sending helper answer for #5 Aug 26 18:24:29.092564: | crypto helper 4 replies to request ID 6 Aug 26 18:24:29.092567: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:29.092571: | work-order 6 state #5 crypto result suppressed Aug 26 18:24:29.092595: | (#5) spent 0.0302 milliseconds in resume sending helper answer Aug 26 18:24:29.092600: | libevent_free: release ptr-libevent@0x7fe81c002888 Aug 26 18:24:29.092604: | processing signal PLUTO_SIGCHLD Aug 26 18:24:29.092610: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:29.092615: | spent 0.00593 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:29.092623: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:24:29.092628: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 18:24:29.092632: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:29.092638: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:29.092642: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 18:24:29.092646: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:29.092649: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:29.092661: | creating state object #6 at 0x55e6cc7223f8 Aug 26 18:24:29.092665: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 18:24:29.092671: | pstats #6 ikev2.ike started Aug 26 18:24:29.092676: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:29.092680: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:29.092688: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:29.092695: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:29.092701: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:29.092705: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:29.092711: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Aug 26 18:24:29.092716: "northnet-eastnets/0x2" #6: initiating v2 parent SA Aug 26 18:24:29.092741: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:29.092749: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 18:24:29.092753: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc734de8 Aug 26 18:24:29.092758: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:24:29.092762: | libevent_malloc: new ptr-libevent@0x55e6cc73bbf8 size 128 Aug 26 18:24:29.092780: | crypto helper 3 resuming Aug 26 18:24:29.092786: | crypto helper 3 starting work-order 7 for state #6 Aug 26 18:24:29.092791: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 18:24:29.093722: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.00093 seconds Aug 26 18:24:29.093740: | (#6) spent 0.944 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 18:24:29.093747: | crypto helper 3 sending results from work-order 7 for state #6 to event queue Aug 26 18:24:29.093751: | scheduling resume sending helper answer for #6 Aug 26 18:24:29.093755: | libevent_malloc: new ptr-libevent@0x7fe820002888 size 128 Aug 26 18:24:29.093761: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:29.093771: | #6 spent 0.139 milliseconds in ikev2_parent_outI1() Aug 26 18:24:29.093778: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:29.093781: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:29.093784: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:29.093790: | spent 0.167 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:24:29.093799: | processing resume sending helper answer for #6 Aug 26 18:24:29.093805: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:29.093810: | crypto helper 3 replies to request ID 7 Aug 26 18:24:29.093812: | calling continuation function 0x55e6cad61b50 Aug 26 18:24:29.093815: | ikev2_parent_outI1_continue for #6 Aug 26 18:24:29.093823: | **emit ISAKMP Message: Aug 26 18:24:29.093827: | initiator cookie: Aug 26 18:24:29.093829: | 26 41 5b 4b 0c 5e 9f 76 Aug 26 18:24:29.093832: | responder cookie: Aug 26 18:24:29.093855: | 00 00 00 00 00 00 00 00 Aug 26 18:24:29.093858: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:29.093861: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:29.093864: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:29.093867: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:29.093869: | Message ID: 0 (0x0) Aug 26 18:24:29.093873: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:29.093975: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:29.093982: | Emitting ikev2_proposals ... Aug 26 18:24:29.093987: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:29.093991: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.093994: | flags: none (0x0) Aug 26 18:24:29.093999: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:29.094003: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.094027: | discarding INTEG=NONE Aug 26 18:24:29.094030: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.094034: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.094061: | prop #: 1 (0x1) Aug 26 18:24:29.094064: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:29.094067: | spi size: 0 (0x0) Aug 26 18:24:29.094069: | # transforms: 11 (0xb) Aug 26 18:24:29.094073: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.094076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094085: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.094088: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:29.094091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094095: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.094098: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.094101: | length/value: 256 (0x100) Aug 26 18:24:29.094104: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.094107: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094114: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094117: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:29.094122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094148: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094152: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094159: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094162: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:29.094167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094185: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094188: | discarding INTEG=NONE Aug 26 18:24:29.094191: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094198: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094201: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.094206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094217: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094224: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094227: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:29.094232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094240: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094243: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094247: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094250: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094253: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:29.094258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094268: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094272: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094278: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094282: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:29.094287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094320: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094324: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094353: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:29.094388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094420: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094429: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:29.094432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094439: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094441: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094450: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:29.094453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094460: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094463: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094467: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.094470: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094473: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:29.094478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094486: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094489: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:29.094493: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.094497: | discarding INTEG=NONE Aug 26 18:24:29.094500: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.094504: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.094509: | prop #: 2 (0x2) Aug 26 18:24:29.094513: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:29.094516: | spi size: 0 (0x0) Aug 26 18:24:29.094519: | # transforms: 11 (0xb) Aug 26 18:24:29.094523: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.094528: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.094531: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094538: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.094541: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:29.094545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094549: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.094552: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.094556: | length/value: 128 (0x80) Aug 26 18:24:29.094559: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.094563: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094570: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094573: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:29.094578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094582: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094605: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094620: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094623: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:29.094632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094640: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094643: | discarding INTEG=NONE Aug 26 18:24:29.094646: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094656: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.094661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094665: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094672: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094682: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:29.094687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094695: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094700: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094707: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094710: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:29.094714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094726: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094732: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094736: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:29.094740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094752: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094761: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:29.094766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094774: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094777: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094784: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094787: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:29.094792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094800: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094803: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094810: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094813: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:29.094818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094826: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094829: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094832: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.094836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.094839: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:29.094844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094853: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094857: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:29.094861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.094864: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.094868: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.094871: | prop #: 3 (0x3) Aug 26 18:24:29.094874: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:29.094877: | spi size: 0 (0x0) Aug 26 18:24:29.094881: | # transforms: 13 (0xd) Aug 26 18:24:29.094885: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.094889: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.094893: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094900: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.094903: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:29.094907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094911: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.094914: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.094917: | length/value: 256 (0x100) Aug 26 18:24:29.094921: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.094924: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094931: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094934: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:29.094939: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094947: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094950: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094957: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.094960: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:29.094965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.094973: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.094981: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.094985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.094993: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.094996: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:29.095001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095022: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095048: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.095052: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:29.095057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095065: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095075: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095079: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.095083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095091: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095094: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095104: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:29.095109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095113: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095116: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095120: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095131: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:29.095135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095143: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095146: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095156: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:29.095161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095236: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095239: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095248: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:29.095251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095260: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095263: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095272: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:29.095292: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095303: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095317: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095366: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:29.095370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095403: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095407: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.095410: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095413: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:29.095430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095438: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095452: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:29.095457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.095461: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:29.095464: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:29.095467: | prop #: 4 (0x4) Aug 26 18:24:29.095471: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:29.095474: | spi size: 0 (0x0) Aug 26 18:24:29.095477: | # transforms: 13 (0xd) Aug 26 18:24:29.095482: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:29.095486: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:29.095489: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095496: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:29.095499: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:29.095504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095507: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:29.095511: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:29.095514: | length/value: 128 (0x80) Aug 26 18:24:29.095518: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:29.095532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095539: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.095544: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:29.095549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095557: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095560: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095567: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:29.095570: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:29.095575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095595: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095598: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095601: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095604: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.095607: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:29.095610: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095617: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095620: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095626: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:29.095629: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:29.095632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095668: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095682: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095707: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095711: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.095727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095736: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095739: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095760: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:29.095765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095773: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095778: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095788: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:29.095793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095801: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095804: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095808: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095811: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095814: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:29.095819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095823: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095827: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095830: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095840: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:29.095845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095852: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095856: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095862: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095866: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:29.095871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095933: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095944: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:29.095948: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.095957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:29.095960: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:29.095963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:29.095966: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:29.095969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:29.095972: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:29.095998: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:29.096003: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:29.096027: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:29.096031: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:29.096036: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:29.096040: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:29.096055: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.096059: | flags: none (0x0) Aug 26 18:24:29.096062: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:29.096067: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:29.096071: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.096076: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:29.096089: | ikev2 g^x 87 c8 aa fe 84 fe 85 7d 40 7c bb b3 45 d9 7d 27 Aug 26 18:24:29.096093: | ikev2 g^x c6 0a 22 69 55 8d 63 a6 d8 a9 1e 1d cf 78 18 df Aug 26 18:24:29.096096: | ikev2 g^x d8 81 1b f1 d9 96 fe 45 29 43 a0 fc 46 a5 c5 cf Aug 26 18:24:29.096099: | ikev2 g^x c1 61 16 15 ac 72 1f 2f 98 36 7c a0 80 6b b6 9c Aug 26 18:24:29.096102: | ikev2 g^x 5b f8 a6 f6 9d 20 f6 3d 91 04 b5 77 01 04 2a 98 Aug 26 18:24:29.096105: | ikev2 g^x 97 17 0b 40 73 34 8f 6a 7c bf 8d d9 b6 d9 4d 9c Aug 26 18:24:29.096109: | ikev2 g^x dd 8d 04 7c 9c b0 6e 8e 72 cc 83 51 e0 a0 e5 59 Aug 26 18:24:29.096121: | ikev2 g^x e6 38 52 41 21 70 69 ba cb 5d 04 cf b9 60 4f f3 Aug 26 18:24:29.096124: | ikev2 g^x e0 c3 83 35 f3 36 f1 22 0c 0b e7 da 7f 76 e5 bc Aug 26 18:24:29.096127: | ikev2 g^x 2e a9 e8 30 28 5c 52 6c 90 7c e8 78 9e 3e 64 a1 Aug 26 18:24:29.096131: | ikev2 g^x cf e9 bb 93 b0 b4 36 2e 7f 2f 8f 89 41 6a d9 b4 Aug 26 18:24:29.096134: | ikev2 g^x 35 86 2b 1f 0d ed 9c e0 99 de 2d b2 cf a3 64 db Aug 26 18:24:29.096137: | ikev2 g^x e8 c2 3e f0 f1 af ad ce 62 e5 13 c8 8c 03 38 f6 Aug 26 18:24:29.096140: | ikev2 g^x ab 98 71 53 2f d1 3d 89 33 4c d0 05 b0 9a 0e 32 Aug 26 18:24:29.096143: | ikev2 g^x be 23 bb 6b c3 28 e9 b5 79 3e 1c 3a 1d 9d 36 0b Aug 26 18:24:29.096146: | ikev2 g^x e4 e9 c3 95 73 9b b7 5e 4c 04 af a6 81 2d ab 3d Aug 26 18:24:29.096150: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:29.096153: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:29.096156: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:29.096159: | flags: none (0x0) Aug 26 18:24:29.096163: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:29.096168: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:29.096172: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.096176: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:29.096179: | IKEv2 nonce 86 e1 84 a6 1f ec 91 c9 2a ba 65 58 83 39 46 d0 Aug 26 18:24:29.096182: | IKEv2 nonce 4b 7a d1 be 48 89 e4 c1 03 27 86 46 26 d2 4c d2 Aug 26 18:24:29.096185: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:29.096189: | Adding a v2N Payload Aug 26 18:24:29.096192: | ***emit IKEv2 Notify Payload: Aug 26 18:24:29.096195: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.096198: | flags: none (0x0) Aug 26 18:24:29.096201: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:29.096204: | SPI size: 0 (0x0) Aug 26 18:24:29.096208: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:29.096214: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:29.096218: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.096222: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:29.096226: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:29.096229: | natd_hash: rcookie is zero Aug 26 18:24:29.096308: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:29.096316: | natd_hash: icookie= 26 41 5b 4b 0c 5e 9f 76 Aug 26 18:24:29.096319: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:29.096322: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:29.096325: | natd_hash: port=500 Aug 26 18:24:29.096329: | natd_hash: hash= da ba 94 b4 b6 84 b6 8a 34 a7 27 af f6 c4 11 14 Aug 26 18:24:29.096331: | natd_hash: hash= 01 d1 b0 1d Aug 26 18:24:29.096334: | Adding a v2N Payload Aug 26 18:24:29.096338: | ***emit IKEv2 Notify Payload: Aug 26 18:24:29.096341: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.096344: | flags: none (0x0) Aug 26 18:24:29.096347: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:29.096350: | SPI size: 0 (0x0) Aug 26 18:24:29.096354: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:29.096359: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:29.096362: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.096366: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:29.096370: | Notify data da ba 94 b4 b6 84 b6 8a 34 a7 27 af f6 c4 11 14 Aug 26 18:24:29.096373: | Notify data 01 d1 b0 1d Aug 26 18:24:29.096376: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:29.096379: | natd_hash: rcookie is zero Aug 26 18:24:29.096387: | natd_hash: hasher=0x55e6cae36800(20) Aug 26 18:24:29.096390: | natd_hash: icookie= 26 41 5b 4b 0c 5e 9f 76 Aug 26 18:24:29.096393: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:29.096396: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:29.096399: | natd_hash: port=500 Aug 26 18:24:29.096402: | natd_hash: hash= 5d e9 7e d7 29 9a 8e 92 77 ad cd 35 08 95 7d 8d Aug 26 18:24:29.096405: | natd_hash: hash= 63 00 74 f0 Aug 26 18:24:29.096408: | Adding a v2N Payload Aug 26 18:24:29.096411: | ***emit IKEv2 Notify Payload: Aug 26 18:24:29.096414: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:29.096417: | flags: none (0x0) Aug 26 18:24:29.096420: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:29.096423: | SPI size: 0 (0x0) Aug 26 18:24:29.096427: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:29.096431: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:29.096435: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:29.096439: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:29.096442: | Notify data 5d e9 7e d7 29 9a 8e 92 77 ad cd 35 08 95 7d 8d Aug 26 18:24:29.096445: | Notify data 63 00 74 f0 Aug 26 18:24:29.096448: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:29.096451: | emitting length of ISAKMP Message: 828 Aug 26 18:24:29.096460: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:29.096469: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:29.096474: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:29.096478: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:29.096484: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:29.096488: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 18:24:29.096492: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 18:24:29.096498: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:29.096502: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:29.096508: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:29.096515: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 18:24:29.096519: | 26 41 5b 4b 0c 5e 9f 76 00 00 00 00 00 00 00 00 Aug 26 18:24:29.096522: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:29.096525: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:29.096528: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:29.096531: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:29.096534: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:29.096537: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:29.096540: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:29.096543: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:29.096546: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:29.096549: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:29.096552: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:29.096555: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:29.096558: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:29.096561: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:29.096564: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:29.096567: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:29.096570: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:29.096573: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:29.096576: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:29.096579: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:29.096582: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:29.096585: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:29.096589: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:29.096592: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:29.096595: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:29.096598: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:29.096601: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:29.096604: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:29.096607: | 28 00 01 08 00 0e 00 00 87 c8 aa fe 84 fe 85 7d Aug 26 18:24:29.096610: | 40 7c bb b3 45 d9 7d 27 c6 0a 22 69 55 8d 63 a6 Aug 26 18:24:29.096613: | d8 a9 1e 1d cf 78 18 df d8 81 1b f1 d9 96 fe 45 Aug 26 18:24:29.096616: | 29 43 a0 fc 46 a5 c5 cf c1 61 16 15 ac 72 1f 2f Aug 26 18:24:29.096619: | 98 36 7c a0 80 6b b6 9c 5b f8 a6 f6 9d 20 f6 3d Aug 26 18:24:29.096622: | 91 04 b5 77 01 04 2a 98 97 17 0b 40 73 34 8f 6a Aug 26 18:24:29.096625: | 7c bf 8d d9 b6 d9 4d 9c dd 8d 04 7c 9c b0 6e 8e Aug 26 18:24:29.096628: | 72 cc 83 51 e0 a0 e5 59 e6 38 52 41 21 70 69 ba Aug 26 18:24:29.096631: | cb 5d 04 cf b9 60 4f f3 e0 c3 83 35 f3 36 f1 22 Aug 26 18:24:29.096634: | 0c 0b e7 da 7f 76 e5 bc 2e a9 e8 30 28 5c 52 6c Aug 26 18:24:29.096637: | 90 7c e8 78 9e 3e 64 a1 cf e9 bb 93 b0 b4 36 2e Aug 26 18:24:29.096640: | 7f 2f 8f 89 41 6a d9 b4 35 86 2b 1f 0d ed 9c e0 Aug 26 18:24:29.096643: | 99 de 2d b2 cf a3 64 db e8 c2 3e f0 f1 af ad ce Aug 26 18:24:29.096646: | 62 e5 13 c8 8c 03 38 f6 ab 98 71 53 2f d1 3d 89 Aug 26 18:24:29.096651: | 33 4c d0 05 b0 9a 0e 32 be 23 bb 6b c3 28 e9 b5 Aug 26 18:24:29.096654: | 79 3e 1c 3a 1d 9d 36 0b e4 e9 c3 95 73 9b b7 5e Aug 26 18:24:29.096657: | 4c 04 af a6 81 2d ab 3d 29 00 00 24 86 e1 84 a6 Aug 26 18:24:29.096660: | 1f ec 91 c9 2a ba 65 58 83 39 46 d0 4b 7a d1 be Aug 26 18:24:29.096663: | 48 89 e4 c1 03 27 86 46 26 d2 4c d2 29 00 00 08 Aug 26 18:24:29.096666: | 00 00 40 2e 29 00 00 1c 00 00 40 04 da ba 94 b4 Aug 26 18:24:29.096669: | b6 84 b6 8a 34 a7 27 af f6 c4 11 14 01 d1 b0 1d Aug 26 18:24:29.096672: | 00 00 00 1c 00 00 40 05 5d e9 7e d7 29 9a 8e 92 Aug 26 18:24:29.096675: | 77 ad cd 35 08 95 7d 8d 63 00 74 f0 Aug 26 18:24:29.096725: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:29.096732: | libevent_free: release ptr-libevent@0x55e6cc73bbf8 Aug 26 18:24:29.096736: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e6cc734de8 Aug 26 18:24:29.096740: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:29.096744: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:29.096748: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e6cc734de8 Aug 26 18:24:29.096753: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Aug 26 18:24:29.096757: | libevent_malloc: new ptr-libevent@0x55e6cc714808 size 128 Aug 26 18:24:29.096763: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29154.839214 Aug 26 18:24:29.096768: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:29.096776: | #6 spent 2.23 milliseconds in resume sending helper answer Aug 26 18:24:29.096782: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:29.096786: | libevent_free: release ptr-libevent@0x7fe820002888 Aug 26 18:24:29.704079: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:29.704100: shutting down Aug 26 18:24:29.704109: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:29.704113: destroying root certificate cache Aug 26 18:24:29.704140: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:29.704144: forgetting secrets Aug 26 18:24:29.704153: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:29.704164: | unreference key: 0x55e6cc71f028 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.704168: | unreference key: 0x55e6cc71ead8 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.704173: | unreference key: 0x55e6cc71e8b8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:29.704177: | unreference key: 0x55e6cc71d108 east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.704181: | unreference key: 0x55e6cc71de58 192.1.2.23 cnt 1-- Aug 26 18:24:29.704186: | unreference key: 0x55e6cc718588 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.704189: | unreference key: 0x55e6cc718368 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.704193: | unreference key: 0x55e6cc714ec8 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:29.704197: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 18:24:29.704199: | removing pending policy for no connection {0x55e6cc5ff898} Aug 26 18:24:29.704202: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.704203: | pass 0 Aug 26 18:24:29.704205: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.704207: | state #6 Aug 26 18:24:29.704210: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.704219: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.704221: | pstats #6 ikev2.ike deleted other Aug 26 18:24:29.704225: | #6 spent 3.31 milliseconds in total Aug 26 18:24:29.704228: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:29.704232: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.611s and NOT sending notification Aug 26 18:24:29.704234: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 18:24:29.704237: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:29.704239: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:29.704243: | libevent_free: release ptr-libevent@0x55e6cc714808 Aug 26 18:24:29.704246: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e6cc734de8 Aug 26 18:24:29.704250: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:29.704254: | picked newest_isakmp_sa #0 for #6 Aug 26 18:24:29.704257: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:29.704261: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Aug 26 18:24:29.704264: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:24:29.704271: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:29.704274: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:29.704277: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.704281: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 18:24:29.704285: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:24:29.704322: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:29.704332: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:29.704335: | pass 1 Aug 26 18:24:29.704337: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.704342: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.704346: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.704350: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.704391: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.704404: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.704408: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.704412: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:29.704415: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.704418: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.704422: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 18:24:29.704425: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:29.704428: | command executing unroute-client Aug 26 18:24:29.704463: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Aug 26 18:24:29.704470: | popen cmd is 1282 chars long Aug 26 18:24:29.704474: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:29.704477: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:29.704480: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:29.704483: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:29.704487: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:29.704490: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 18:24:29.704493: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 18:24:29.704495: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 18:24:29.704498: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:24:29.704501: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 18:24:29.704504: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Aug 26 18:24:29.704506: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:24:29.704509: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:24:29.704512: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:24:29.704514: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:24:29.704517: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Aug 26 18:24:29.704520: | cmd(1280):&1: Aug 26 18:24:29.716432: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716458: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716461: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716465: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716492: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716525: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716538: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716554: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716567: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716579: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716593: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716610: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716624: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716638: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716650: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716662: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716677: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716691: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716701: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716711: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716721: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716737: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716751: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716764: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716777: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716790: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716810: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716823: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716835: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716845: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716855: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716866: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716876: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716885: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716894: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716904: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716914: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716924: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716933: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716942: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716952: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716963: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716972: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716982: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.716993: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.717006: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.717191: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.717208: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.735034: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Aug 26 18:24:29.735058: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:29.735083: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 18:24:29.735087: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.735090: | pass 0 Aug 26 18:24:29.735093: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.735095: | pass 1 Aug 26 18:24:29.735098: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.735102: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.735105: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.735109: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.735146: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.735158: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.735162: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.735165: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.735169: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:24:29.735172: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:29.735175: | command executing unroute-client Aug 26 18:24:29.735214: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Aug 26 18:24:29.735223: | popen cmd is 1280 chars long Aug 26 18:24:29.735226: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:29.735229: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:29.735232: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:29.735234: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:29.735237: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:29.735240: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 18:24:29.735243: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 18:24:29.735245: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 18:24:29.735248: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:24:29.735251: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:29.735254: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 18:24:29.735256: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 18:24:29.735259: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 18:24:29.735262: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 18:24:29.735264: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 18:24:29.735267: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:29.753603: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753621: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753624: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753627: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753630: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753632: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753635: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753637: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753640: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753642: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753645: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753650: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753653: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753656: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753658: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753661: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753663: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753666: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753669: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753671: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753674: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753676: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753679: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753681: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753684: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753687: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753689: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753692: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753694: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753697: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753699: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753702: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753705: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753707: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753710: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753712: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753715: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753718: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753720: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753723: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753725: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753728: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753730: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753733: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753736: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753738: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753741: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.753743: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.782688: | free hp@0x55e6cc71c9a8 Aug 26 18:24:29.782706: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 18:24:29.782713: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 18:24:29.782755: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:29.782759: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:29.782774: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:29.782779: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:29.782782: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:29.782786: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:24:29.782789: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:29.782793: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:24:29.782798: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:29.782812: | libevent_free: release ptr-libevent@0x55e6cc705738 Aug 26 18:24:29.782817: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711408 Aug 26 18:24:29.782829: | libevent_free: release ptr-libevent@0x55e6cc6abf18 Aug 26 18:24:29.782833: | free_event_entry: release EVENT_NULL-pe@0x55e6cc7114b8 Aug 26 18:24:29.782841: | libevent_free: release ptr-libevent@0x55e6cc6abfc8 Aug 26 18:24:29.782846: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711568 Aug 26 18:24:29.782855: | libevent_free: release ptr-libevent@0x55e6cc6aaf88 Aug 26 18:24:29.782859: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711618 Aug 26 18:24:29.782866: | libevent_free: release ptr-libevent@0x55e6cc6b3298 Aug 26 18:24:29.782869: | free_event_entry: release EVENT_NULL-pe@0x55e6cc7116c8 Aug 26 18:24:29.782876: | libevent_free: release ptr-libevent@0x55e6cc6b3db8 Aug 26 18:24:29.782879: | free_event_entry: release EVENT_NULL-pe@0x55e6cc711778 Aug 26 18:24:29.782887: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:29.783546: | libevent_free: release ptr-libevent@0x55e6cc7057e8 Aug 26 18:24:29.783557: | free_event_entry: release EVENT_NULL-pe@0x55e6cc6f9988 Aug 26 18:24:29.783563: | libevent_free: release ptr-libevent@0x55e6cc6f2468 Aug 26 18:24:29.783566: | free_event_entry: release EVENT_NULL-pe@0x55e6cc6f94e8 Aug 26 18:24:29.783570: | libevent_free: release ptr-libevent@0x55e6cc6f23b8 Aug 26 18:24:29.783573: | free_event_entry: release EVENT_NULL-pe@0x55e6cc6b3458 Aug 26 18:24:29.783577: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:29.783580: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:29.783583: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:29.783586: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:29.783588: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:29.783591: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:29.783593: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:29.783596: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:29.783599: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:29.783604: | libevent_free: release ptr-libevent@0x55e6cc6b7a28 Aug 26 18:24:29.783608: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:29.783611: | libevent_free: release ptr-libevent@0x55e6cc62e308 Aug 26 18:24:29.783615: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:29.783618: | libevent_free: release ptr-libevent@0x55e6cc638508 Aug 26 18:24:29.783621: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:29.783624: | libevent_free: release ptr-libevent@0x55e6cc6303b8 Aug 26 18:24:29.783627: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:29.783629: | releasing event base Aug 26 18:24:29.783642: | libevent_free: release ptr-libevent@0x55e6cc710e48 Aug 26 18:24:29.783645: | libevent_free: release ptr-libevent@0x55e6cc6f3da8 Aug 26 18:24:29.783649: | libevent_free: release ptr-libevent@0x55e6cc6f3d58 Aug 26 18:24:29.783652: | libevent_free: release ptr-libevent@0x55e6cc713ee8 Aug 26 18:24:29.783659: | libevent_free: release ptr-libevent@0x55e6cc6f3d18 Aug 26 18:24:29.783662: | libevent_free: release ptr-libevent@0x55e6cc710ad8 Aug 26 18:24:29.783665: | libevent_free: release ptr-libevent@0x55e6cc710d48 Aug 26 18:24:29.783668: | libevent_free: release ptr-libevent@0x55e6cc6f3f58 Aug 26 18:24:29.783670: | libevent_free: release ptr-libevent@0x55e6cc6f9558 Aug 26 18:24:29.783673: | libevent_free: release ptr-libevent@0x55e6cc6f91b8 Aug 26 18:24:29.783676: | libevent_free: release ptr-libevent@0x55e6cc7117e8 Aug 26 18:24:29.783678: | libevent_free: release ptr-libevent@0x55e6cc711738 Aug 26 18:24:29.783681: | libevent_free: release ptr-libevent@0x55e6cc711688 Aug 26 18:24:29.783684: | libevent_free: release ptr-libevent@0x55e6cc7115d8 Aug 26 18:24:29.783686: | libevent_free: release ptr-libevent@0x55e6cc711528 Aug 26 18:24:29.783689: | libevent_free: release ptr-libevent@0x55e6cc711478 Aug 26 18:24:29.783692: | libevent_free: release ptr-libevent@0x55e6cc62ca38 Aug 26 18:24:29.783694: | libevent_free: release ptr-libevent@0x55e6cc710dc8 Aug 26 18:24:29.783697: | libevent_free: release ptr-libevent@0x55e6cc710d88 Aug 26 18:24:29.783700: | libevent_free: release ptr-libevent@0x55e6cc710c48 Aug 26 18:24:29.783702: | libevent_free: release ptr-libevent@0x55e6cc710e08 Aug 26 18:24:29.783705: | libevent_free: release ptr-libevent@0x55e6cc710b18 Aug 26 18:24:29.783708: | libevent_free: release ptr-libevent@0x55e6cc6b95b8 Aug 26 18:24:29.783711: | libevent_free: release ptr-libevent@0x55e6cc6b9538 Aug 26 18:24:29.783714: | libevent_free: release ptr-libevent@0x55e6cc62cda8 Aug 26 18:24:29.783716: | releasing global libevent data Aug 26 18:24:29.783719: | libevent_free: release ptr-libevent@0x55e6cc6b9738 Aug 26 18:24:29.783722: | libevent_free: release ptr-libevent@0x55e6cc6b96b8 Aug 26 18:24:29.783725: | libevent_free: release ptr-libevent@0x55e6cc6b9638 Aug 26 18:24:29.783762: leak detective found no leaks