Aug 26 18:24:22.102360: FIPS Product: YES Aug 26 18:24:22.102479: FIPS Kernel: NO Aug 26 18:24:22.102483: FIPS Mode: NO Aug 26 18:24:22.102486: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:22.102643: Initializing NSS Aug 26 18:24:22.102651: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:22.138355: NSS initialized Aug 26 18:24:22.138375: NSS crypto library initialized Aug 26 18:24:22.138379: FIPS HMAC integrity support [enabled] Aug 26 18:24:22.138381: FIPS mode disabled for pluto daemon Aug 26 18:24:22.191110: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:22.191680: libcap-ng support [enabled] Aug 26 18:24:22.191697: Linux audit support [enabled] Aug 26 18:24:22.191725: Linux audit activated Aug 26 18:24:22.191736: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13297 Aug 26 18:24:22.191739: core dump dir: /tmp Aug 26 18:24:22.191742: secrets file: /etc/ipsec.secrets Aug 26 18:24:22.191744: leak-detective enabled Aug 26 18:24:22.191746: NSS crypto [enabled] Aug 26 18:24:22.191748: XAUTH PAM support [enabled] Aug 26 18:24:22.191828: | libevent is using pluto's memory allocator Aug 26 18:24:22.191837: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:22.191852: | libevent_malloc: new ptr-libevent@0x555f34cf4a88 size 40 Aug 26 18:24:22.191860: | libevent_malloc: new ptr-libevent@0x555f34cf4a08 size 40 Aug 26 18:24:22.191864: | libevent_malloc: new ptr-libevent@0x555f34cf4988 size 40 Aug 26 18:24:22.191867: | creating event base Aug 26 18:24:22.191871: | libevent_malloc: new ptr-libevent@0x555f34ce65b8 size 56 Aug 26 18:24:22.191875: | libevent_malloc: new ptr-libevent@0x555f34c67ce8 size 664 Aug 26 18:24:22.191888: | libevent_malloc: new ptr-libevent@0x555f34d2f0a8 size 24 Aug 26 18:24:22.191891: | libevent_malloc: new ptr-libevent@0x555f34d2f0f8 size 384 Aug 26 18:24:22.191901: | libevent_malloc: new ptr-libevent@0x555f34d2f068 size 16 Aug 26 18:24:22.191904: | libevent_malloc: new ptr-libevent@0x555f34cf4908 size 40 Aug 26 18:24:22.191907: | libevent_malloc: new ptr-libevent@0x555f34cf4888 size 48 Aug 26 18:24:22.191913: | libevent_realloc: new ptr-libevent@0x555f34c67978 size 256 Aug 26 18:24:22.191917: | libevent_malloc: new ptr-libevent@0x555f34d2f2a8 size 16 Aug 26 18:24:22.191924: | libevent_free: release ptr-libevent@0x555f34ce65b8 Aug 26 18:24:22.191928: | libevent initialized Aug 26 18:24:22.191932: | libevent_realloc: new ptr-libevent@0x555f34ce65b8 size 64 Aug 26 18:24:22.191939: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:22.191959: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:22.191962: NAT-Traversal support [enabled] Aug 26 18:24:22.191966: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:22.191973: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:22.191977: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:22.192013: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:22.192018: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:22.192021: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:22.192073: Encryption algorithms: Aug 26 18:24:22.192081: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:22.192086: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:22.192090: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:22.192094: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:22.192097: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:22.192107: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:22.192111: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:22.192115: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:22.192119: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:22.192123: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:22.192126: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:22.192129: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:22.192134: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:22.192138: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:22.192142: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:22.192145: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:22.192149: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:22.192156: Hash algorithms: Aug 26 18:24:22.192159: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:22.192162: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:22.192165: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:22.192168: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:22.192172: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:22.192186: PRF algorithms: Aug 26 18:24:22.192190: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:22.192193: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:22.192196: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:22.192200: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:22.192203: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:22.192206: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:22.192232: Integrity algorithms: Aug 26 18:24:22.192237: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:22.192241: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:22.192245: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:22.192249: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:22.192253: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:22.192255: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:22.192257: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:22.192259: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:22.192261: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:22.192269: DH algorithms: Aug 26 18:24:22.192271: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:22.192273: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:22.192275: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:22.192279: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:22.192281: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:22.192283: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:22.192285: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:22.192287: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:22.192298: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:22.192301: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:22.192304: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:22.192307: testing CAMELLIA_CBC: Aug 26 18:24:22.192309: Camellia: 16 bytes with 128-bit key Aug 26 18:24:22.192441: Camellia: 16 bytes with 128-bit key Aug 26 18:24:22.192474: Camellia: 16 bytes with 256-bit key Aug 26 18:24:22.192508: Camellia: 16 bytes with 256-bit key Aug 26 18:24:22.192538: testing AES_GCM_16: Aug 26 18:24:22.192542: empty string Aug 26 18:24:22.192571: one block Aug 26 18:24:22.192597: two blocks Aug 26 18:24:22.192627: two blocks with associated data Aug 26 18:24:22.192655: testing AES_CTR: Aug 26 18:24:22.192659: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:22.192685: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:22.192716: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:22.192748: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:22.192776: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:22.192805: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:22.192835: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:22.192860: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:22.192887: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:22.192914: testing AES_CBC: Aug 26 18:24:22.192919: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:22.192949: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.192981: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.193011: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:22.193046: testing AES_XCBC: Aug 26 18:24:22.193050: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:22.193174: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:22.193317: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:22.193455: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:22.193586: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:22.193721: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:22.193858: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:22.194166: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:22.194309: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:22.194456: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:22.194704: testing HMAC_MD5: Aug 26 18:24:22.194710: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:22.194893: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:22.195052: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:22.195282: 8 CPU cores online Aug 26 18:24:22.195355: starting up 7 crypto helpers Aug 26 18:24:22.195389: started thread for crypto helper 0 Aug 26 18:24:22.195394: | starting up helper thread 0 Aug 26 18:24:22.195410: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:22.195414: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:22.195414: started thread for crypto helper 1 Aug 26 18:24:22.195420: | starting up helper thread 1 Aug 26 18:24:22.195432: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:22.195436: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:22.195437: started thread for crypto helper 2 Aug 26 18:24:22.195439: | starting up helper thread 2 Aug 26 18:24:22.195446: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:22.195449: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:22.195457: started thread for crypto helper 3 Aug 26 18:24:22.195461: | starting up helper thread 3 Aug 26 18:24:22.195468: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:22.195471: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:22.195472: started thread for crypto helper 4 Aug 26 18:24:22.195502: started thread for crypto helper 5 Aug 26 18:24:22.195523: started thread for crypto helper 6 Aug 26 18:24:22.195531: | checking IKEv1 state table Aug 26 18:24:22.195539: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195542: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:22.195545: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195548: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:22.195551: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:22.195553: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:22.195556: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.195558: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.195561: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:22.195564: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:22.195566: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.195568: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:22.195570: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:22.195573: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.195575: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.195578: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:22.195581: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:22.195583: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.195586: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.195588: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:22.195591: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:22.195594: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195596: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:22.195597: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195599: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195601: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:22.195602: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195604: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:22.195605: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:22.195607: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:22.195609: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:22.195610: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:22.195612: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:22.195613: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195615: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.195617: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195618: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:22.195620: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:22.195622: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:22.195623: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:22.195625: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:22.195626: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:22.195628: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:22.195630: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195631: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:22.195633: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195635: | INFO: category: informational flags: 0: Aug 26 18:24:22.195636: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195642: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:22.195644: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195646: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:22.195647: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:22.195649: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:22.195650: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:22.195652: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:22.195654: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:22.195656: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:22.195657: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:22.195659: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.195660: | -> UNDEFINED EVENT_NULL Aug 26 18:24:22.195662: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:22.195664: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:22.195665: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.195667: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:22.195669: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:22.195670: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:22.195675: | checking IKEv2 state table Aug 26 18:24:22.195680: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:22.195682: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:22.195684: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195685: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:22.195687: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:22.195689: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:22.195691: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:22.195693: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:22.195695: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:22.195696: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:22.195698: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:22.195700: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:22.195702: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:22.195703: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:22.195705: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:22.195707: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:22.195708: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195710: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:22.195712: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:22.195714: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:22.195716: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:22.195717: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:22.195719: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:22.195721: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:22.195722: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:22.195724: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:22.195726: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.195728: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:22.195729: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:22.195731: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:22.195734: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.195736: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:22.195738: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:22.195740: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:22.195742: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:22.195744: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:22.195746: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:22.195747: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:22.195749: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:22.195751: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:22.195753: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:22.195755: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:22.195756: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:22.195758: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:22.195760: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:22.195762: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:22.195763: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:22.195811: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:22.196089: | Hard-wiring algorithms Aug 26 18:24:22.196092: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:22.196095: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:22.196097: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:22.196099: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:22.196101: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:22.196103: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:22.196104: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:22.196106: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:22.196107: | adding AES_CTR to kernel algorithm db Aug 26 18:24:22.196109: | adding AES_CBC to kernel algorithm db Aug 26 18:24:22.196111: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:22.196113: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:22.196114: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:22.196116: | adding NULL to kernel algorithm db Aug 26 18:24:22.196118: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:22.196120: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:22.196122: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:22.196123: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:22.196125: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:22.196127: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:22.196128: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:22.196130: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:22.196132: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:22.196133: | adding NONE to kernel algorithm db Aug 26 18:24:22.196150: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:22.196155: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:22.196157: | setup kernel fd callback Aug 26 18:24:22.196159: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555f34cee7a8 Aug 26 18:24:22.196162: | libevent_malloc: new ptr-libevent@0x555f34d2d818 size 128 Aug 26 18:24:22.196164: | libevent_malloc: new ptr-libevent@0x555f34d348a8 size 16 Aug 26 18:24:22.196169: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555f34d34838 Aug 26 18:24:22.196173: | libevent_malloc: new ptr-libevent@0x555f34ce7268 size 128 Aug 26 18:24:22.196176: | libevent_malloc: new ptr-libevent@0x555f34d34508 size 16 Aug 26 18:24:22.196314: | starting up helper thread 6 Aug 26 18:24:22.196326: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:22.196329: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:22.196335: | starting up helper thread 5 Aug 26 18:24:22.196341: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:22.196343: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:22.196374: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:22.196382: selinux support is enabled. Aug 26 18:24:22.196450: | starting up helper thread 4 Aug 26 18:24:22.196462: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:22.196466: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:22.197010: | unbound context created - setting debug level to 5 Aug 26 18:24:22.197041: | /etc/hosts lookups activated Aug 26 18:24:22.197059: | /etc/resolv.conf usage activated Aug 26 18:24:22.197124: | outgoing-port-avoid set 0-65535 Aug 26 18:24:22.197155: | outgoing-port-permit set 32768-60999 Aug 26 18:24:22.197159: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:22.197163: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:22.197166: | Setting up events, loop start Aug 26 18:24:22.197169: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555f34d34cd8 Aug 26 18:24:22.197173: | libevent_malloc: new ptr-libevent@0x555f34d40b38 size 128 Aug 26 18:24:22.197177: | libevent_malloc: new ptr-libevent@0x555f34d4be28 size 16 Aug 26 18:24:22.197185: | libevent_realloc: new ptr-libevent@0x555f34d4be68 size 256 Aug 26 18:24:22.197189: | libevent_malloc: new ptr-libevent@0x555f34d4bf98 size 8 Aug 26 18:24:22.197192: | libevent_realloc: new ptr-libevent@0x555f34d4bfd8 size 144 Aug 26 18:24:22.197196: | libevent_malloc: new ptr-libevent@0x555f34cf2d78 size 152 Aug 26 18:24:22.197200: | libevent_malloc: new ptr-libevent@0x555f34d4c098 size 16 Aug 26 18:24:22.197205: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:22.197208: | libevent_malloc: new ptr-libevent@0x555f34d4c0d8 size 8 Aug 26 18:24:22.197211: | libevent_malloc: new ptr-libevent@0x555f34c6ad38 size 152 Aug 26 18:24:22.197214: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:22.197217: | libevent_malloc: new ptr-libevent@0x555f34d4c118 size 8 Aug 26 18:24:22.197220: | libevent_malloc: new ptr-libevent@0x555f34c73748 size 152 Aug 26 18:24:22.197223: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:22.197226: | libevent_malloc: new ptr-libevent@0x555f34d4c158 size 8 Aug 26 18:24:22.197229: | libevent_realloc: release ptr-libevent@0x555f34d4bfd8 Aug 26 18:24:22.197232: | libevent_realloc: new ptr-libevent@0x555f34d4c198 size 256 Aug 26 18:24:22.197234: | libevent_malloc: new ptr-libevent@0x555f34c6b578 size 152 Aug 26 18:24:22.197238: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:22.197648: | created addconn helper (pid:13455) using fork+execve Aug 26 18:24:22.197672: | forked child 13455 Aug 26 18:24:22.197720: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.198096: listening for IKE messages Aug 26 18:24:22.198561: | Inspecting interface lo Aug 26 18:24:22.198574: | found lo with address 127.0.0.1 Aug 26 18:24:22.198581: | Inspecting interface eth0 Aug 26 18:24:22.198586: | found eth0 with address 192.0.2.254 Aug 26 18:24:22.198591: | Inspecting interface eth1 Aug 26 18:24:22.198595: | found eth1 with address 192.1.2.23 Aug 26 18:24:22.198683: Kernel supports NIC esp-hw-offload Aug 26 18:24:22.198696: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:24:22.198748: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.198754: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.198758: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:22.198793: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:24:22.198817: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.198821: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.198826: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:22.198852: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:22.198875: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:22.198879: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:22.198883: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:22.198965: | no interfaces to sort Aug 26 18:24:22.198971: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:22.198980: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c758 Aug 26 18:24:22.198985: | libevent_malloc: new ptr-libevent@0x555f34d40a88 size 128 Aug 26 18:24:22.198990: | libevent_malloc: new ptr-libevent@0x555f34d4c7c8 size 16 Aug 26 18:24:22.198999: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:22.199002: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c808 Aug 26 18:24:22.199007: | libevent_malloc: new ptr-libevent@0x555f34ce7318 size 128 Aug 26 18:24:22.199011: | libevent_malloc: new ptr-libevent@0x555f34d4c878 size 16 Aug 26 18:24:22.199016: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:22.199020: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c8b8 Aug 26 18:24:22.199024: | libevent_malloc: new ptr-libevent@0x555f34ce6c38 size 128 Aug 26 18:24:22.199027: | libevent_malloc: new ptr-libevent@0x555f34d4c928 size 16 Aug 26 18:24:22.199032: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:22.199035: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c968 Aug 26 18:24:22.199040: | libevent_malloc: new ptr-libevent@0x555f34cee4f8 size 128 Aug 26 18:24:22.199043: | libevent_malloc: new ptr-libevent@0x555f34d4c9d8 size 16 Aug 26 18:24:22.199048: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:22.199051: | add_fd_read_event_handler: new ethX-pe@0x555f34d4ca18 Aug 26 18:24:22.199054: | libevent_malloc: new ptr-libevent@0x555f34cee5f8 size 128 Aug 26 18:24:22.199057: | libevent_malloc: new ptr-libevent@0x555f34d4ca88 size 16 Aug 26 18:24:22.199063: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:22.199066: | add_fd_read_event_handler: new ethX-pe@0x555f34d4cac8 Aug 26 18:24:22.199069: | libevent_malloc: new ptr-libevent@0x555f34cee6f8 size 128 Aug 26 18:24:22.199072: | libevent_malloc: new ptr-libevent@0x555f34d4cb38 size 16 Aug 26 18:24:22.199078: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:22.199083: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:22.199086: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:22.199110: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:22.199125: | saving Modulus Aug 26 18:24:22.199129: | saving PublicExponent Aug 26 18:24:22.199133: | ignoring PrivateExponent Aug 26 18:24:22.199136: | ignoring Prime1 Aug 26 18:24:22.199140: | ignoring Prime2 Aug 26 18:24:22.199143: | ignoring Exponent1 Aug 26 18:24:22.199146: | ignoring Exponent2 Aug 26 18:24:22.199149: | ignoring Coefficient Aug 26 18:24:22.199152: | ignoring CKAIDNSS Aug 26 18:24:22.199189: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:22.199192: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:22.199197: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:22.199202: | certs and keys locked by 'process_secret' Aug 26 18:24:22.199206: | certs and keys unlocked by 'process_secret' Aug 26 18:24:22.199216: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.199224: | spent 1.51 milliseconds in whack Aug 26 18:24:22.235322: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.235357: listening for IKE messages Aug 26 18:24:22.235483: | Inspecting interface lo Aug 26 18:24:22.235492: | found lo with address 127.0.0.1 Aug 26 18:24:22.235496: | Inspecting interface eth0 Aug 26 18:24:22.235501: | found eth0 with address 192.0.2.254 Aug 26 18:24:22.235503: | Inspecting interface eth1 Aug 26 18:24:22.235508: | found eth1 with address 192.1.2.23 Aug 26 18:24:22.235596: | no interfaces to sort Aug 26 18:24:22.235607: | libevent_free: release ptr-libevent@0x555f34d40a88 Aug 26 18:24:22.235611: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c758 Aug 26 18:24:22.235614: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c758 Aug 26 18:24:22.235618: | libevent_malloc: new ptr-libevent@0x555f34d40a88 size 128 Aug 26 18:24:22.235625: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:22.235629: | libevent_free: release ptr-libevent@0x555f34ce7318 Aug 26 18:24:22.235633: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c808 Aug 26 18:24:22.235635: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c808 Aug 26 18:24:22.235638: | libevent_malloc: new ptr-libevent@0x555f34ce7318 size 128 Aug 26 18:24:22.235644: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:22.235647: | libevent_free: release ptr-libevent@0x555f34ce6c38 Aug 26 18:24:22.235650: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c8b8 Aug 26 18:24:22.235653: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c8b8 Aug 26 18:24:22.235655: | libevent_malloc: new ptr-libevent@0x555f34ce6c38 size 128 Aug 26 18:24:22.235660: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:22.235664: | libevent_free: release ptr-libevent@0x555f34cee4f8 Aug 26 18:24:22.235667: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c968 Aug 26 18:24:22.235670: | add_fd_read_event_handler: new ethX-pe@0x555f34d4c968 Aug 26 18:24:22.235673: | libevent_malloc: new ptr-libevent@0x555f34cee4f8 size 128 Aug 26 18:24:22.235678: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:22.235682: | libevent_free: release ptr-libevent@0x555f34cee5f8 Aug 26 18:24:22.235685: | free_event_entry: release EVENT_NULL-pe@0x555f34d4ca18 Aug 26 18:24:22.235688: | add_fd_read_event_handler: new ethX-pe@0x555f34d4ca18 Aug 26 18:24:22.235691: | libevent_malloc: new ptr-libevent@0x555f34cee5f8 size 128 Aug 26 18:24:22.235696: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:22.235700: | libevent_free: release ptr-libevent@0x555f34cee6f8 Aug 26 18:24:22.235703: | free_event_entry: release EVENT_NULL-pe@0x555f34d4cac8 Aug 26 18:24:22.235706: | add_fd_read_event_handler: new ethX-pe@0x555f34d4cac8 Aug 26 18:24:22.235709: | libevent_malloc: new ptr-libevent@0x555f34cee6f8 size 128 Aug 26 18:24:22.235714: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:22.235718: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:22.235720: forgetting secrets Aug 26 18:24:22.235729: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:22.235744: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:22.235762: | saving Modulus Aug 26 18:24:22.235765: | saving PublicExponent Aug 26 18:24:22.235769: | ignoring PrivateExponent Aug 26 18:24:22.235773: | ignoring Prime1 Aug 26 18:24:22.235776: | ignoring Prime2 Aug 26 18:24:22.235779: | ignoring Exponent1 Aug 26 18:24:22.235782: | ignoring Exponent2 Aug 26 18:24:22.235786: | ignoring Coefficient Aug 26 18:24:22.235789: | ignoring CKAIDNSS Aug 26 18:24:22.235815: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:22.235818: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:22.235823: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:22.235831: | certs and keys locked by 'process_secret' Aug 26 18:24:22.235834: | certs and keys unlocked by 'process_secret' Aug 26 18:24:22.235843: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.235851: | spent 0.54 milliseconds in whack Aug 26 18:24:22.239321: | processing signal PLUTO_SIGCHLD Aug 26 18:24:22.239350: | waitpid returned pid 13455 (exited with status 0) Aug 26 18:24:22.239358: | reaped addconn helper child (status 0) Aug 26 18:24:22.239363: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:22.239370: | spent 0.0296 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:22.308551: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.308592: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.308598: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.308601: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.308605: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.308611: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.308622: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.308627: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:22.308710: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:22.308716: | from whack: got --esp= Aug 26 18:24:22.308775: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:22.309843: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.309865: | loading left certificate 'north' pubkey Aug 26 18:24:22.309993: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d539e8 Aug 26 18:24:22.310001: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d53ae8 Aug 26 18:24:22.310005: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d544f8 Aug 26 18:24:22.310162: | unreference key: 0x555f34c3ac48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.310306: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:24:22.310322: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:22.310679: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.310687: | loading right certificate 'east' pubkey Aug 26 18:24:22.310778: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d54968 Aug 26 18:24:22.310784: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d53e08 Aug 26 18:24:22.310787: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d50278 Aug 26 18:24:22.310790: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d543f8 Aug 26 18:24:22.310793: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d4fe78 Aug 26 18:24:22.311035: | unreference key: 0x555f34d58538 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.311223: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:24:22.311230: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:24:22.311238: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:22.311252: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 18:24:22.311255: | new hp@0x555f34d5aed8 Aug 26 18:24:22.311261: added connection description "northnet-eastnets/0x1" Aug 26 18:24:22.311278: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.311319: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:24:22.311331: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.311340: | spent 2.78 milliseconds in whack Aug 26 18:24:22.311429: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.311441: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.311445: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.311448: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.311450: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:22.311453: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:22.311459: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.311463: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:22.311514: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:22.311518: | from whack: got --esp= Aug 26 18:24:22.311556: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:22.311665: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.311673: | loading left certificate 'north' pubkey Aug 26 18:24:22.311734: | unreference key: 0x555f34d549b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.311751: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5b8e8 Aug 26 18:24:22.311756: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5b898 Aug 26 18:24:22.311760: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5c9b8 Aug 26 18:24:22.311822: | unreference key: 0x555f34d54028 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:22.311874: | unreference key: 0x555f34d54798 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.311926: | unreference key: 0x555f34d5bae8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:22.312034: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:24:22.312045: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:22.312125: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:22.312132: | loading right certificate 'east' pubkey Aug 26 18:24:22.312181: | unreference key: 0x555f34d5aa58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.312194: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5b898 Aug 26 18:24:22.312202: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5c9b8 Aug 26 18:24:22.312205: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5bd18 Aug 26 18:24:22.312208: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5bcc8 Aug 26 18:24:22.312211: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d5bc78 Aug 26 18:24:22.312271: | unreference key: 0x555f34d599b8 192.1.2.23 cnt 1-- Aug 26 18:24:22.312340: | unreference key: 0x555f34d59ec8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.312398: | unreference key: 0x555f34d5a128 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:22.312449: | unreference key: 0x555f34d5a848 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.312509: | unreference key: 0x555f34d5be98 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:22.312568: | secrets entry for east already exists Aug 26 18:24:22.312580: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:22.312590: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:22.312597: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x555f34d5aed8: northnet-eastnets/0x1 Aug 26 18:24:22.312600: added connection description "northnet-eastnets/0x2" Aug 26 18:24:22.312612: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:22.312637: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:24:22.312647: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.312655: | spent 1.22 milliseconds in whack Aug 26 18:24:22.388516: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.388854: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:22.388866: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:22.389033: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:22.389048: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.389057: | spent 0.55 milliseconds in whack Aug 26 18:24:22.453354: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:22.453385: | old debugging base+cpu-usage + none Aug 26 18:24:22.453390: | base debugging = base+cpu-usage Aug 26 18:24:22.453393: | old impairing none + suppress-retransmits Aug 26 18:24:22.453396: | base impairing = suppress-retransmits Aug 26 18:24:22.453403: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:22.453411: | spent 0.0649 milliseconds in whack Aug 26 18:24:24.907554: | spent 0.00315 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.907588: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.907592: | 73 77 1e 27 b8 01 d1 a1 00 00 00 00 00 00 00 00 Aug 26 18:24:24.907595: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:24.907598: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:24.907600: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:24.907602: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:24.907605: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:24.907607: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:24.907610: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:24.907612: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:24.907618: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:24.907621: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:24.907623: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:24.907625: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:24.907628: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:24.907630: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:24.907633: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:24.907635: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:24.907637: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:24.907640: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:24.907642: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:24.907645: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:24.907647: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:24.907650: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:24.907652: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:24.907654: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:24.907657: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:24.907659: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:24.907662: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:24.907664: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:24.907667: | 28 00 01 08 00 0e 00 00 bf 4a 4b da d1 35 36 11 Aug 26 18:24:24.907669: | a2 2c 0c ff 79 0f a4 e7 75 1a 6c e5 9f 12 02 1c Aug 26 18:24:24.907672: | 82 e7 24 56 7a f8 e4 0a 98 d8 2d f9 7c 3a a9 80 Aug 26 18:24:24.907674: | f2 08 75 c5 15 09 2d 13 dd ed 07 4c c3 7a 0b 1f Aug 26 18:24:24.907676: | e9 6f 65 46 ee 2e a5 9a bc 5f a0 be ee 1b 48 1d Aug 26 18:24:24.907679: | 57 0b 96 27 b7 7e d7 67 b7 f6 87 73 6e 8f 9f ad Aug 26 18:24:24.907681: | c0 b3 87 fc 4c 91 6b 37 31 7a 11 70 f5 19 61 71 Aug 26 18:24:24.907684: | 5a 25 ec 40 bc 16 45 b7 82 f6 ed 8c 29 9c 74 46 Aug 26 18:24:24.907686: | f0 ce fc 60 f9 b0 de de 08 d5 d7 ed 24 25 6c 86 Aug 26 18:24:24.907689: | c6 75 de c9 e6 7e 72 bb 7a b0 f0 b7 93 e1 2b 48 Aug 26 18:24:24.907691: | db c2 32 36 03 63 93 48 31 7b 7b 69 c9 23 1a ea Aug 26 18:24:24.907693: | 1c 97 c8 2f a4 4f 60 2d f1 6e 86 4b 9e 06 03 fe Aug 26 18:24:24.907696: | 03 cf 93 fc 80 94 60 dc fe 52 4b 38 bd f1 ae 0d Aug 26 18:24:24.907698: | 91 b0 11 ba 99 03 6f c3 72 35 4b bc 86 12 9f 4c Aug 26 18:24:24.907701: | 3c 07 30 a9 77 b6 32 8c de fd ec ef 77 20 03 f4 Aug 26 18:24:24.907703: | 92 4b 34 92 03 97 6b 54 b6 46 c4 c2 98 f9 be 87 Aug 26 18:24:24.907706: | 41 ec 67 4f 49 93 6f 93 29 00 00 24 c3 2b cc cf Aug 26 18:24:24.907708: | dc c2 da b5 43 d8 c9 c5 0a 82 a9 d2 dd 25 e3 82 Aug 26 18:24:24.907711: | a4 c0 ef aa 68 63 95 3e bf eb ae 74 29 00 00 08 Aug 26 18:24:24.907713: | 00 00 40 2e 29 00 00 1c 00 00 40 04 d8 fc c3 8f Aug 26 18:24:24.907715: | 04 c1 16 ff 20 f0 df 05 94 cc e6 5f 1c 40 5b 8a Aug 26 18:24:24.907718: | 00 00 00 1c 00 00 40 05 6b 37 20 31 e0 c9 f7 b4 Aug 26 18:24:24.907720: | b8 00 14 c1 3b be f7 b2 74 aa 89 be Aug 26 18:24:24.907727: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.907731: | **parse ISAKMP Message: Aug 26 18:24:24.907734: | initiator cookie: Aug 26 18:24:24.907736: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.907738: | responder cookie: Aug 26 18:24:24.907741: | 00 00 00 00 00 00 00 00 Aug 26 18:24:24.907744: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:24.907746: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.907749: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:24.907752: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.907756: | Message ID: 0 (0x0) Aug 26 18:24:24.907759: | length: 828 (0x33c) Aug 26 18:24:24.907762: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:24.907766: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:24:24.907770: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:24.907773: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:24.907777: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:24.907780: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:24.907782: | flags: none (0x0) Aug 26 18:24:24.907785: | length: 436 (0x1b4) Aug 26 18:24:24.907787: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:24:24.907790: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:24.907793: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:24.907796: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:24.907798: | flags: none (0x0) Aug 26 18:24:24.907800: | length: 264 (0x108) Aug 26 18:24:24.907803: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.907806: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:24.907808: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:24.907811: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:24.907813: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.907816: | flags: none (0x0) Aug 26 18:24:24.907818: | length: 36 (0x24) Aug 26 18:24:24.907821: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:24.907823: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.907826: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.907829: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.907831: | flags: none (0x0) Aug 26 18:24:24.907834: | length: 8 (0x8) Aug 26 18:24:24.907836: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.907839: | SPI size: 0 (0x0) Aug 26 18:24:24.907842: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:24.907844: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:24.907847: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.907849: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.907852: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.907855: | flags: none (0x0) Aug 26 18:24:24.907857: | length: 28 (0x1c) Aug 26 18:24:24.907860: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.907862: | SPI size: 0 (0x0) Aug 26 18:24:24.907865: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:24.907867: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:24.907870: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.907872: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.907875: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.907877: | flags: none (0x0) Aug 26 18:24:24.907880: | length: 28 (0x1c) Aug 26 18:24:24.907882: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.907885: | SPI size: 0 (0x0) Aug 26 18:24:24.907887: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:24.907890: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:24.907893: | DDOS disabled and no cookie sent, continuing Aug 26 18:24:24.907899: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:24.907904: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:24.907907: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:24.907911: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 18:24:24.907914: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 18:24:24.907917: | find_next_host_connection returns empty Aug 26 18:24:24.907921: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:24.907926: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:24.907929: | find_next_host_connection returns empty Aug 26 18:24:24.907933: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:24:24.907937: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:24:24.907942: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:24.907945: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:24.907948: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 18:24:24.907950: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 18:24:24.907953: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:24.907956: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 18:24:24.907959: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 18:24:24.907961: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:24.907964: | find_next_host_connection returns empty Aug 26 18:24:24.907967: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 18:24:24.907988: | creating state object #1 at 0x555f34d5cfc8 Aug 26 18:24:24.907991: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:24.907999: | pstats #1 ikev2.ike started Aug 26 18:24:24.908002: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:24.908006: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:24:24.908011: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:24.908019: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.908023: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:24.908027: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:24.908030: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:24.908035: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:24.908039: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:24.908042: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:24:24.908045: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:24:24.908048: | Now let's proceed with state specific processing Aug 26 18:24:24.908050: | calling processor Respond to IKE_SA_INIT Aug 26 18:24:24.908056: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:24.908060: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 18:24:24.908069: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.908076: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.908080: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.908086: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.908089: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.908097: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.908101: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.908106: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.908117: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.908121: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:24:24.908125: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:24.908128: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:24.908130: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:24.908133: | local proposal 1 type DH has 8 transforms Aug 26 18:24:24.908136: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:24.908139: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:24.908142: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:24.908145: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:24.908147: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:24.908150: | local proposal 2 type DH has 8 transforms Aug 26 18:24:24.908152: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:24.908156: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:24.908158: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:24.908161: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:24.908164: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:24.908166: | local proposal 3 type DH has 8 transforms Aug 26 18:24:24.908169: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:24.908172: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:24.908174: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:24.908177: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:24.908180: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:24.908182: | local proposal 4 type DH has 8 transforms Aug 26 18:24:24.908185: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:24.908188: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:24.908191: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.908194: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.908197: | length: 100 (0x64) Aug 26 18:24:24.908199: | prop #: 1 (0x1) Aug 26 18:24:24.908202: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.908205: | spi size: 0 (0x0) Aug 26 18:24:24.908207: | # transforms: 11 (0xb) Aug 26 18:24:24.908211: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:24.908214: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908219: | length: 12 (0xc) Aug 26 18:24:24.908225: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.908228: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.908231: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.908234: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.908237: | length/value: 256 (0x100) Aug 26 18:24:24.908241: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:24.908244: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908247: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908249: | length: 8 (0x8) Aug 26 18:24:24.908251: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908254: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.908258: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:24.908261: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:24:24.908264: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:24:24.908268: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:24:24.908270: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908273: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908275: | length: 8 (0x8) Aug 26 18:24:24.908278: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908281: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.908283: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908295: | length: 8 (0x8) Aug 26 18:24:24.908298: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908300: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.908304: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:24.908307: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:24.908310: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:24.908313: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:24.908316: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908319: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908321: | length: 8 (0x8) Aug 26 18:24:24.908324: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908326: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.908329: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908331: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908334: | length: 8 (0x8) Aug 26 18:24:24.908336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908339: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.908341: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908346: | length: 8 (0x8) Aug 26 18:24:24.908348: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908351: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.908353: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908358: | length: 8 (0x8) Aug 26 18:24:24.908360: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908363: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.908366: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908370: | length: 8 (0x8) Aug 26 18:24:24.908372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908376: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.908379: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908383: | length: 8 (0x8) Aug 26 18:24:24.908385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908388: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.908395: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908399: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.908402: | length: 8 (0x8) Aug 26 18:24:24.908404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908408: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.908412: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:24.908419: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:24.908422: | remote proposal 1 matches local proposal 1 Aug 26 18:24:24.908425: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.908428: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.908431: | length: 100 (0x64) Aug 26 18:24:24.908434: | prop #: 2 (0x2) Aug 26 18:24:24.908437: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.908440: | spi size: 0 (0x0) Aug 26 18:24:24.908442: | # transforms: 11 (0xb) Aug 26 18:24:24.908447: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.908451: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908457: | length: 12 (0xc) Aug 26 18:24:24.908460: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.908463: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.908466: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.908470: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.908473: | length/value: 128 (0x80) Aug 26 18:24:24.908477: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908483: | length: 8 (0x8) Aug 26 18:24:24.908486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908489: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.908493: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908498: | length: 8 (0x8) Aug 26 18:24:24.908501: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908504: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.908508: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908514: | length: 8 (0x8) Aug 26 18:24:24.908517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908520: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.908524: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908530: | length: 8 (0x8) Aug 26 18:24:24.908533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908536: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.908540: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908547: | length: 8 (0x8) Aug 26 18:24:24.908550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908553: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.908557: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908563: | length: 8 (0x8) Aug 26 18:24:24.908566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908578: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.908583: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908590: | length: 8 (0x8) Aug 26 18:24:24.908593: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908596: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.908600: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908606: | length: 8 (0x8) Aug 26 18:24:24.908610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908614: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.908617: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908624: | length: 8 (0x8) Aug 26 18:24:24.908628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908631: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.908635: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908638: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.908641: | length: 8 (0x8) Aug 26 18:24:24.908645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908648: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.908653: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:24:24.908658: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:24:24.908662: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.908668: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.908672: | length: 116 (0x74) Aug 26 18:24:24.908674: | prop #: 3 (0x3) Aug 26 18:24:24.908677: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.908680: | spi size: 0 (0x0) Aug 26 18:24:24.908682: | # transforms: 13 (0xd) Aug 26 18:24:24.908686: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.908689: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908695: | length: 12 (0xc) Aug 26 18:24:24.908697: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.908700: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.908703: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.908706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.908709: | length/value: 256 (0x100) Aug 26 18:24:24.908712: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908717: | length: 8 (0x8) Aug 26 18:24:24.908720: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908723: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.908726: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908731: | length: 8 (0x8) Aug 26 18:24:24.908734: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908737: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.908740: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908748: | length: 8 (0x8) Aug 26 18:24:24.908753: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.908757: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.908761: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908767: | length: 8 (0x8) Aug 26 18:24:24.908770: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.908774: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.908782: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908789: | length: 8 (0x8) Aug 26 18:24:24.908792: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908796: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.908800: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908806: | length: 8 (0x8) Aug 26 18:24:24.908809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908812: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.908816: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908823: | length: 8 (0x8) Aug 26 18:24:24.908827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908830: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.908834: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908841: | length: 8 (0x8) Aug 26 18:24:24.908844: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908848: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.908852: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908855: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908858: | length: 8 (0x8) Aug 26 18:24:24.908861: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908865: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.908869: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908875: | length: 8 (0x8) Aug 26 18:24:24.908879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908882: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.908887: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908893: | length: 8 (0x8) Aug 26 18:24:24.908896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908900: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.908904: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908910: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.908914: | length: 8 (0x8) Aug 26 18:24:24.908917: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.908920: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.908924: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:24.908928: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:24.908931: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.908934: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.908936: | length: 116 (0x74) Aug 26 18:24:24.908939: | prop #: 4 (0x4) Aug 26 18:24:24.908942: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.908944: | spi size: 0 (0x0) Aug 26 18:24:24.908947: | # transforms: 13 (0xd) Aug 26 18:24:24.908950: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.908953: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908956: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908959: | length: 12 (0xc) Aug 26 18:24:24.908962: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.908964: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.908967: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.908970: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.908973: | length/value: 128 (0x80) Aug 26 18:24:24.908976: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908983: | length: 8 (0x8) Aug 26 18:24:24.908986: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.908988: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.908991: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.908994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.908996: | length: 8 (0x8) Aug 26 18:24:24.908999: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.909002: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.909005: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909010: | length: 8 (0x8) Aug 26 18:24:24.909012: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.909015: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.909018: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909023: | length: 8 (0x8) Aug 26 18:24:24.909025: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.909028: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.909031: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909036: | length: 8 (0x8) Aug 26 18:24:24.909039: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909041: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.909044: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909049: | length: 8 (0x8) Aug 26 18:24:24.909052: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909054: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.909057: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909062: | length: 8 (0x8) Aug 26 18:24:24.909065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909067: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.909070: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909075: | length: 8 (0x8) Aug 26 18:24:24.909078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909081: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.909083: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909088: | length: 8 (0x8) Aug 26 18:24:24.909091: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909094: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.909096: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909101: | length: 8 (0x8) Aug 26 18:24:24.909104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909107: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.909109: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.909114: | length: 8 (0x8) Aug 26 18:24:24.909117: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909120: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.909122: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.909125: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.909127: | length: 8 (0x8) Aug 26 18:24:24.909130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.909132: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.909137: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:24.909141: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:24.909147: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:24:24.909152: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:24:24.909155: | converting proposal to internal trans attrs Aug 26 18:24:24.909160: | natd_hash: rcookie is zero Aug 26 18:24:24.909175: | natd_hash: hasher=0x555f34996800(20) Aug 26 18:24:24.909178: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.909180: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:24.909183: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:24.909185: | natd_hash: port=500 Aug 26 18:24:24.909188: | natd_hash: hash= 6b 37 20 31 e0 c9 f7 b4 b8 00 14 c1 3b be f7 b2 Aug 26 18:24:24.909190: | natd_hash: hash= 74 aa 89 be Aug 26 18:24:24.909193: | natd_hash: rcookie is zero Aug 26 18:24:24.909198: | natd_hash: hasher=0x555f34996800(20) Aug 26 18:24:24.909201: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.909203: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:24.909206: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:24.909208: | natd_hash: port=500 Aug 26 18:24:24.909211: | natd_hash: hash= d8 fc c3 8f 04 c1 16 ff 20 f0 df 05 94 cc e6 5f Aug 26 18:24:24.909213: | natd_hash: hash= 1c 40 5b 8a Aug 26 18:24:24.909216: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:24.909219: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:24.909221: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:24.909225: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 18:24:24.909231: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:24:24.909235: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5cf58 Aug 26 18:24:24.909239: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:24.909243: | libevent_malloc: new ptr-libevent@0x555f34d54448 size 128 Aug 26 18:24:24.909258: | #1 spent 1.2 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:24:24.909266: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.909270: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:24.909270: | crypto helper 0 resuming Aug 26 18:24:24.909294: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:24.909305: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:24:24.910390: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001084 seconds Aug 26 18:24:24.910404: | (#1) spent 1.09 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:24:24.910409: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:24.910414: | scheduling resume sending helper answer for #1 Aug 26 18:24:24.910418: | libevent_malloc: new ptr-libevent@0x7f3c88002888 size 128 Aug 26 18:24:24.910426: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:24.909274: | suspending state #1 and saving MD Aug 26 18:24:24.910439: | #1 is busy; has a suspended MD Aug 26 18:24:24.910446: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:24.910450: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:24.910456: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.910461: | #1 spent 1.73 milliseconds in ikev2_process_packet() Aug 26 18:24:24.910465: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.910468: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.910470: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.910474: | spent 1.74 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.910484: | processing resume sending helper answer for #1 Aug 26 18:24:24.910489: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:24.910493: | crypto helper 0 replies to request ID 1 Aug 26 18:24:24.910495: | calling continuation function 0x555f348c1b50 Aug 26 18:24:24.910499: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:24:24.910530: | **emit ISAKMP Message: Aug 26 18:24:24.910534: | initiator cookie: Aug 26 18:24:24.910536: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.910538: | responder cookie: Aug 26 18:24:24.910540: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.910543: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.910547: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.910550: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:24.910553: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.910556: | Message ID: 0 (0x0) Aug 26 18:24:24.910560: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.910564: | Emitting ikev2_proposal ... Aug 26 18:24:24.910567: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:24.910570: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910573: | flags: none (0x0) Aug 26 18:24:24.910577: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:24.910580: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910584: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.910587: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.910590: | prop #: 1 (0x1) Aug 26 18:24:24.910594: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.910596: | spi size: 0 (0x0) Aug 26 18:24:24.910599: | # transforms: 3 (0x3) Aug 26 18:24:24.910603: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.910606: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.910609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.910612: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.910615: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.910618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.910622: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.910625: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.910628: | length/value: 256 (0x100) Aug 26 18:24:24.910631: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.910634: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.910637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.910642: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.910646: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.910649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.910653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.910656: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.910659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.910663: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.910666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.910669: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.910672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.910675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.910678: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.910681: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:24:24.910684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.910686: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:24:24.910689: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:24.910693: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:24.910696: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910701: | flags: none (0x0) Aug 26 18:24:24.910706: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.910710: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:24.910716: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910722: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:24.910725: | ikev2 g^x 27 7f df 01 e1 c7 d7 b9 53 90 4c 9e 1c 8d be 25 Aug 26 18:24:24.910728: | ikev2 g^x fa ec d4 07 19 02 39 ab c6 48 9f d8 74 cf 79 91 Aug 26 18:24:24.910730: | ikev2 g^x b3 a3 87 5a f8 03 07 75 94 8e c1 52 2b 81 98 dc Aug 26 18:24:24.910733: | ikev2 g^x ed 4e 37 96 a6 5c a4 df 27 1d 6b e1 7e d8 a5 1f Aug 26 18:24:24.910736: | ikev2 g^x e1 e3 aa d8 77 0f 78 13 67 fc 26 65 0b 56 9d b6 Aug 26 18:24:24.910738: | ikev2 g^x 80 e9 0b 82 eb 38 42 ca 09 04 d3 f2 42 b3 49 73 Aug 26 18:24:24.910741: | ikev2 g^x 77 3d e6 01 2c d4 4a 5a 37 bc 0b 93 e7 05 bd 51 Aug 26 18:24:24.910743: | ikev2 g^x 7d 96 0a 7f 10 5c c7 94 c6 95 fa 64 4e d4 51 77 Aug 26 18:24:24.910746: | ikev2 g^x 50 1e 1b 20 e0 c0 c0 60 b2 bf e8 f8 30 19 71 26 Aug 26 18:24:24.910749: | ikev2 g^x 3d e8 07 42 14 e6 f4 74 e2 fd ed dd 02 48 73 dd Aug 26 18:24:24.910751: | ikev2 g^x 20 bb 28 83 60 7c 02 e4 f8 ee 03 a4 a9 60 a2 20 Aug 26 18:24:24.910754: | ikev2 g^x 3f 08 aa 8e de 4c 10 ec ea ef 82 f2 46 fa 10 cc Aug 26 18:24:24.910757: | ikev2 g^x 3c a3 fc bc e7 42 32 eb 2c 43 0c 56 9d 96 01 c1 Aug 26 18:24:24.910759: | ikev2 g^x d1 73 45 43 59 74 f5 f0 de e8 92 36 db 83 87 9b Aug 26 18:24:24.910761: | ikev2 g^x a9 47 e5 13 93 ad 15 79 29 eb dc 41 44 56 25 21 Aug 26 18:24:24.910764: | ikev2 g^x 4e bd 97 5c 85 c1 72 28 1e b2 4b 36 35 cf d6 8e Aug 26 18:24:24.910766: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:24.910769: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:24.910771: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.910774: | flags: none (0x0) Aug 26 18:24:24.910777: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:24.910782: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:24.910784: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910787: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:24.910789: | IKEv2 nonce 26 de e1 c0 8b 63 e0 a4 67 12 5c 72 2f d1 52 ec Aug 26 18:24:24.910792: | IKEv2 nonce 88 66 b3 b4 ca 99 6f be 7d 68 81 7b 6a c1 e5 32 Aug 26 18:24:24.910794: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:24.910799: | Adding a v2N Payload Aug 26 18:24:24.910802: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.910805: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910807: | flags: none (0x0) Aug 26 18:24:24.910810: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.910812: | SPI size: 0 (0x0) Aug 26 18:24:24.910815: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:24.910818: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.910821: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910824: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:24.910827: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:24.910840: | natd_hash: hasher=0x555f34996800(20) Aug 26 18:24:24.910843: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.910846: | natd_hash: rcookie= ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.910848: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:24.910851: | natd_hash: port=500 Aug 26 18:24:24.910853: | natd_hash: hash= 69 69 1d 4a ff 68 24 13 3c 31 4f b1 d4 7e 71 b6 Aug 26 18:24:24.910856: | natd_hash: hash= bf 59 37 2f Aug 26 18:24:24.910858: | Adding a v2N Payload Aug 26 18:24:24.910861: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.910863: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910866: | flags: none (0x0) Aug 26 18:24:24.910869: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.910871: | SPI size: 0 (0x0) Aug 26 18:24:24.910875: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:24.910878: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.910881: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910884: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:24.910887: | Notify data 69 69 1d 4a ff 68 24 13 3c 31 4f b1 d4 7e 71 b6 Aug 26 18:24:24.910890: | Notify data bf 59 37 2f Aug 26 18:24:24.910893: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:24.910901: | natd_hash: hasher=0x555f34996800(20) Aug 26 18:24:24.910905: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.910907: | natd_hash: rcookie= ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.910910: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:24.910912: | natd_hash: port=500 Aug 26 18:24:24.910915: | natd_hash: hash= 05 e6 84 f6 84 dc 97 6c 75 cf 68 81 65 86 9d aa Aug 26 18:24:24.910918: | natd_hash: hash= df 8e ce eb Aug 26 18:24:24.910920: | Adding a v2N Payload Aug 26 18:24:24.910923: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.910926: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910929: | flags: none (0x0) Aug 26 18:24:24.910931: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.910934: | SPI size: 0 (0x0) Aug 26 18:24:24.910937: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:24.910941: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.910947: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.910951: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:24.910954: | Notify data 05 e6 84 f6 84 dc 97 6c 75 cf 68 81 65 86 9d aa Aug 26 18:24:24.910956: | Notify data df 8e ce eb Aug 26 18:24:24.910959: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:24.910961: | going to send a certreq Aug 26 18:24:24.910964: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 18:24:24.910968: | ***emit IKEv2 Certificate Request Payload: Aug 26 18:24:24.910971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.910973: | flags: none (0x0) Aug 26 18:24:24.910976: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.910980: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:24.910983: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.911785: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 18:24:24.911806: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 18:24:24.911811: | CA cert public key hash Aug 26 18:24:24.911815: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:24.911818: | 2b 92 25 e9 Aug 26 18:24:24.911821: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 18:24:24.911825: | emitting length of ISAKMP Message: 457 Aug 26 18:24:24.911837: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.911843: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:24:24.911846: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:24:24.911851: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:24:24.911855: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:24.911861: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:24.911867: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:24.911873: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:24.911880: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:24.911888: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.911896: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.911899: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 18:24:24.911902: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:24.911905: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:24.911908: | 04 00 00 0e 28 00 01 08 00 0e 00 00 27 7f df 01 Aug 26 18:24:24.911911: | e1 c7 d7 b9 53 90 4c 9e 1c 8d be 25 fa ec d4 07 Aug 26 18:24:24.911914: | 19 02 39 ab c6 48 9f d8 74 cf 79 91 b3 a3 87 5a Aug 26 18:24:24.911917: | f8 03 07 75 94 8e c1 52 2b 81 98 dc ed 4e 37 96 Aug 26 18:24:24.911920: | a6 5c a4 df 27 1d 6b e1 7e d8 a5 1f e1 e3 aa d8 Aug 26 18:24:24.911923: | 77 0f 78 13 67 fc 26 65 0b 56 9d b6 80 e9 0b 82 Aug 26 18:24:24.911926: | eb 38 42 ca 09 04 d3 f2 42 b3 49 73 77 3d e6 01 Aug 26 18:24:24.911929: | 2c d4 4a 5a 37 bc 0b 93 e7 05 bd 51 7d 96 0a 7f Aug 26 18:24:24.911932: | 10 5c c7 94 c6 95 fa 64 4e d4 51 77 50 1e 1b 20 Aug 26 18:24:24.911935: | e0 c0 c0 60 b2 bf e8 f8 30 19 71 26 3d e8 07 42 Aug 26 18:24:24.911940: | 14 e6 f4 74 e2 fd ed dd 02 48 73 dd 20 bb 28 83 Aug 26 18:24:24.911944: | 60 7c 02 e4 f8 ee 03 a4 a9 60 a2 20 3f 08 aa 8e Aug 26 18:24:24.911947: | de 4c 10 ec ea ef 82 f2 46 fa 10 cc 3c a3 fc bc Aug 26 18:24:24.911950: | e7 42 32 eb 2c 43 0c 56 9d 96 01 c1 d1 73 45 43 Aug 26 18:24:24.911953: | 59 74 f5 f0 de e8 92 36 db 83 87 9b a9 47 e5 13 Aug 26 18:24:24.911956: | 93 ad 15 79 29 eb dc 41 44 56 25 21 4e bd 97 5c Aug 26 18:24:24.911959: | 85 c1 72 28 1e b2 4b 36 35 cf d6 8e 29 00 00 24 Aug 26 18:24:24.911962: | 26 de e1 c0 8b 63 e0 a4 67 12 5c 72 2f d1 52 ec Aug 26 18:24:24.911965: | 88 66 b3 b4 ca 99 6f be 7d 68 81 7b 6a c1 e5 32 Aug 26 18:24:24.911967: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:24.911970: | 69 69 1d 4a ff 68 24 13 3c 31 4f b1 d4 7e 71 b6 Aug 26 18:24:24.911973: | bf 59 37 2f 26 00 00 1c 00 00 40 05 05 e6 84 f6 Aug 26 18:24:24.911976: | 84 dc 97 6c 75 cf 68 81 65 86 9d aa df 8e ce eb Aug 26 18:24:24.911979: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 18:24:24.911982: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:24.912047: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:24.912055: | libevent_free: release ptr-libevent@0x555f34d54448 Aug 26 18:24:24.912059: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5cf58 Aug 26 18:24:24.912063: | event_schedule: new EVENT_SO_DISCARD-pe@0x555f34d5cf58 Aug 26 18:24:24.912068: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:24:24.912073: | libevent_malloc: new ptr-libevent@0x555f34d65448 size 128 Aug 26 18:24:24.912079: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:24.912088: | #1 spent 1.55 milliseconds in resume sending helper answer Aug 26 18:24:24.912095: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:24.912099: | libevent_free: release ptr-libevent@0x7f3c88002888 Aug 26 18:24:24.926635: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.926660: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.926665: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926668: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:24.926671: | 00 01 00 05 99 f8 a6 0e 20 e6 77 eb 71 c3 02 c5 Aug 26 18:24:24.926674: | 35 1f a3 3f 15 7f 29 4e 78 20 9a ab e1 ea c1 5c Aug 26 18:24:24.926676: | bb 68 29 32 d7 82 13 fe 95 21 88 8b d1 bd 01 e4 Aug 26 18:24:24.926679: | 1c 6b 15 6e ae bc 08 3a 32 9d 9e cc 13 8c 24 50 Aug 26 18:24:24.926681: | c2 44 25 74 2b 0d 41 99 ed 99 ea 27 5d f6 ba c2 Aug 26 18:24:24.926684: | 22 1c e2 68 fe e7 77 f0 d7 49 77 0e 3d 6f e7 11 Aug 26 18:24:24.926687: | b2 f5 e3 7f df 86 a0 44 c4 ee ad 54 d2 29 e9 bf Aug 26 18:24:24.926689: | 64 ec 7c e7 37 78 ec 18 2b a8 af 79 e1 e4 be 16 Aug 26 18:24:24.926692: | be 18 e5 4a d0 54 c3 fd 43 9c 16 2e e9 ef 60 a7 Aug 26 18:24:24.926694: | 80 e9 c6 7a 59 09 33 14 f4 af 40 12 bb 61 80 54 Aug 26 18:24:24.926697: | 6b f2 cb c7 82 f7 90 81 76 9c 93 66 c7 36 9e a4 Aug 26 18:24:24.926699: | 9c 2d 27 0f ab af 86 cf 4c ea 92 5e 89 b2 2a 87 Aug 26 18:24:24.926702: | 75 66 f4 79 52 13 82 9e 9b a0 49 1f 6f 0e d3 e9 Aug 26 18:24:24.926704: | 30 a5 54 4f e7 6d 0d 40 cb 9b 42 78 87 5e 3b 3a Aug 26 18:24:24.926706: | 77 2d 5a b0 8f 69 78 fe e8 ed c2 e0 f9 e0 64 ca Aug 26 18:24:24.926709: | 29 cf 90 77 c1 a0 03 b7 f9 bd a8 46 6f 19 94 57 Aug 26 18:24:24.926711: | 01 5f 52 ea 03 05 94 bb 3d b1 50 07 3e 5c 1d aa Aug 26 18:24:24.926714: | bc f8 0a 6b e2 08 0e a9 3c b3 2e 96 f6 fb cd 25 Aug 26 18:24:24.926716: | 3e 7e ba 50 1e 59 60 5c 26 6d de 4c b7 ca fa 62 Aug 26 18:24:24.926719: | 55 7b 27 3a 3e 40 82 88 ea 5a db 8c 01 93 c2 ce Aug 26 18:24:24.926721: | e4 08 68 e6 f3 72 56 fa a6 84 a3 67 9a 63 15 e7 Aug 26 18:24:24.926726: | 74 8d d8 4b e8 59 b8 f7 ed c8 15 81 aa 43 d9 9b Aug 26 18:24:24.926729: | ee 21 ed ce 76 8a 55 1c dd 85 3c c0 60 67 c3 66 Aug 26 18:24:24.926732: | 57 eb 9c e3 ce eb fd 29 39 4a 7f 5e 7b 2d 00 2d Aug 26 18:24:24.926734: | ac 31 75 f7 72 27 da ad a5 c9 53 00 7d 49 3f c4 Aug 26 18:24:24.926737: | 95 a7 9f ba 30 86 5c d6 fe 32 14 b2 b0 83 c3 07 Aug 26 18:24:24.926739: | 01 2e cb 07 98 35 a4 a4 a0 37 69 10 33 35 e9 64 Aug 26 18:24:24.926742: | 1a b7 8f 90 ef 38 2d b5 95 04 5c 2b 25 a7 5b 16 Aug 26 18:24:24.926744: | 0d 41 aa dd 3c 8c 23 39 77 a6 c1 c6 2a 81 40 6c Aug 26 18:24:24.926747: | 12 fd 9c af 3e 2d 59 e3 2a 51 89 ee 8b 91 34 57 Aug 26 18:24:24.926749: | 29 cd 2c c6 68 ba 66 eb 70 c6 f0 a7 35 79 b1 c4 Aug 26 18:24:24.926752: | 73 9b 2b 31 97 0b 41 cf 17 d5 31 Aug 26 18:24:24.926757: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.926761: | **parse ISAKMP Message: Aug 26 18:24:24.926763: | initiator cookie: Aug 26 18:24:24.926766: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.926769: | responder cookie: Aug 26 18:24:24.926771: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926774: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.926777: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.926780: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.926783: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.926786: | Message ID: 1 (0x1) Aug 26 18:24:24.926788: | length: 539 (0x21b) Aug 26 18:24:24.926792: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.926795: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:24.926799: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:24.926806: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.926810: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:24.926814: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:24.926818: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:24.926822: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 18:24:24.926825: | unpacking clear payload Aug 26 18:24:24.926828: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.926832: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.926835: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:24.926838: | flags: none (0x0) Aug 26 18:24:24.926840: | length: 511 (0x1ff) Aug 26 18:24:24.926843: | fragment number: 1 (0x1) Aug 26 18:24:24.926846: | total fragments: 5 (0x5) Aug 26 18:24:24.926848: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.926854: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:24.926857: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.926861: | received IKE encrypted fragment number '1', total number '5', next payload '35' Aug 26 18:24:24.926864: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 18:24:24.926870: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.926876: | #1 spent 0.227 milliseconds in ikev2_process_packet() Aug 26 18:24:24.926881: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.926885: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.926888: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.926892: | spent 0.243 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.927058: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.927071: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.927075: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927077: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.927080: | 00 02 00 05 ad a1 de 45 c8 e0 54 4e c6 2c d9 d8 Aug 26 18:24:24.927082: | 70 68 e0 48 6f 3f 2c ff e4 1d bb 1e f8 19 2e 02 Aug 26 18:24:24.927085: | 0d f5 2d 3e 9f 9a 76 df e9 fd 16 8e 9c fd 51 ac Aug 26 18:24:24.927087: | 04 b5 8c 5a fc 5c da 1e b6 9a fb 2a bb a8 70 c2 Aug 26 18:24:24.927089: | ce e4 e5 da ca 40 94 53 3c c6 87 18 14 b8 b8 1d Aug 26 18:24:24.927092: | a4 0c 71 a1 aa 13 60 0f c8 07 fd 1d f7 70 af 53 Aug 26 18:24:24.927094: | 3e df 6b 7c 3a e9 77 25 72 b8 f3 f6 ea dc 16 b2 Aug 26 18:24:24.927097: | 6b d7 db 16 47 5d 7b 67 d3 7b 1f f9 d5 41 00 34 Aug 26 18:24:24.927099: | 49 c3 a1 ba 8d 52 ad 72 01 9a 14 90 80 2f a2 15 Aug 26 18:24:24.927101: | dc 5d c8 b8 29 3c 25 56 67 c5 61 55 8c 1a c7 f4 Aug 26 18:24:24.927104: | e6 64 99 ef 6e 36 89 6e 75 57 2d 7b 93 13 2f 82 Aug 26 18:24:24.927107: | 26 9b 86 13 34 98 de 4a fa ec 8f f3 d7 8a 56 cd Aug 26 18:24:24.927109: | 0b 79 40 1c a7 b6 a9 2e 4d 2f 25 eb e8 03 f4 0e Aug 26 18:24:24.927112: | 3b fd 33 5e e4 db 7b bf 3f 17 88 68 20 68 6c 6a Aug 26 18:24:24.927114: | 07 50 3f a3 5a 92 80 0c ff 8b ea 93 e8 ae 1c f8 Aug 26 18:24:24.927117: | 03 08 d5 66 52 1a 6c 74 21 a4 b8 ef e0 53 0d 57 Aug 26 18:24:24.927119: | af 30 fd db 17 bd ee 4b bc 73 2a 78 2f 14 d0 be Aug 26 18:24:24.927121: | 52 e1 c7 ba f9 4d e4 5b 21 71 37 8f db 4d 50 97 Aug 26 18:24:24.927124: | cc 47 a0 29 85 d1 f4 98 8a b1 53 bd 7f 5a 05 00 Aug 26 18:24:24.927126: | 85 c2 c8 20 e9 1a f5 d5 15 97 d5 23 b0 02 db c9 Aug 26 18:24:24.927129: | ce f7 9d 40 ba 7a c5 bd b4 39 ec b0 c7 5e de 45 Aug 26 18:24:24.927131: | f1 76 6b bc a1 79 34 8f a6 54 8d 77 1a 0d 7e 1c Aug 26 18:24:24.927134: | 7c 27 fe 5a 28 16 00 ec 46 b6 fa 11 39 41 b9 03 Aug 26 18:24:24.927136: | 28 05 9c 25 9e 4f 2b 91 30 ba 12 bf 14 72 a1 e1 Aug 26 18:24:24.927139: | bd 01 d6 b4 b1 3c 37 fc b1 ec c4 64 33 d1 47 d8 Aug 26 18:24:24.927141: | 73 c0 21 03 8f b0 66 af 65 67 d6 b5 df 1d 8d f3 Aug 26 18:24:24.927144: | e2 ea f0 34 e2 f4 63 42 c3 cc f4 ca de c6 bc 2f Aug 26 18:24:24.927146: | 10 13 a2 4f 60 03 2e b6 ac d3 11 5b 9f ae d9 88 Aug 26 18:24:24.927149: | 1b 81 c6 91 52 7f ad b4 7d 0f ea cb 86 9b 55 a3 Aug 26 18:24:24.927151: | 46 17 8b 18 ec 18 ac 54 1e 50 73 d5 32 1f 5b c0 Aug 26 18:24:24.927154: | 4a a5 11 1f 13 3a ab cc 2f ab d9 12 b8 66 33 8c Aug 26 18:24:24.927157: | fd b2 8f 07 e8 9d 14 f6 50 0e af Aug 26 18:24:24.927162: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.927165: | **parse ISAKMP Message: Aug 26 18:24:24.927168: | initiator cookie: Aug 26 18:24:24.927170: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.927173: | responder cookie: Aug 26 18:24:24.927175: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927178: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.927181: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.927184: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.927187: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.927189: | Message ID: 1 (0x1) Aug 26 18:24:24.927192: | length: 539 (0x21b) Aug 26 18:24:24.927195: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.927199: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:24.927202: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:24.927209: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.927213: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.927219: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:24.927222: | #1 is idle Aug 26 18:24:24.927224: | #1 idle Aug 26 18:24:24.927229: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:24.927232: | unpacking clear payload Aug 26 18:24:24.927235: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.927238: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.927241: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.927244: | flags: none (0x0) Aug 26 18:24:24.927246: | length: 511 (0x1ff) Aug 26 18:24:24.927249: | fragment number: 2 (0x2) Aug 26 18:24:24.927252: | total fragments: 5 (0x5) Aug 26 18:24:24.927254: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.927257: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.927261: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 18:24:24.927266: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.927271: | #1 spent 0.205 milliseconds in ikev2_process_packet() Aug 26 18:24:24.927276: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.927279: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.927282: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.927286: | spent 0.221 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.927422: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.927434: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.927437: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927440: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.927443: | 00 03 00 05 7f 1c 53 03 c6 d9 57 e0 d1 c2 32 97 Aug 26 18:24:24.927445: | d2 93 82 7d 9b 41 a3 8d 49 d1 4c ef 39 ea 9b 4d Aug 26 18:24:24.927448: | 19 47 d6 bc 48 3d 2b 77 31 4d e6 16 80 27 ab a3 Aug 26 18:24:24.927451: | a1 db 66 b2 9a 0b 25 a5 10 67 e2 5f 36 97 a8 2c Aug 26 18:24:24.927453: | 55 24 b2 08 f0 f7 d8 9f e6 87 77 c2 70 53 98 3c Aug 26 18:24:24.927456: | 5c bf f7 1b df dd 3a 5d 12 25 01 58 6f ff 68 5c Aug 26 18:24:24.927458: | 52 61 83 84 a9 09 e3 7a 2d 90 ea a9 0d 20 94 22 Aug 26 18:24:24.927461: | 8c 6f 66 e9 af f3 4d d0 df 66 fc b2 c6 d7 40 fb Aug 26 18:24:24.927463: | be d9 eb 20 ab 96 f8 78 e3 e1 5d ff 9d c0 12 08 Aug 26 18:24:24.927466: | ce ee 31 e5 f2 d8 fc 8f 8f 90 29 1d 43 b6 bd f6 Aug 26 18:24:24.927468: | 7e 8c 29 c4 16 98 14 27 e5 57 37 78 a7 08 b6 45 Aug 26 18:24:24.927470: | 3d 83 70 42 cd 25 69 37 50 16 41 f7 3e c0 1e 6d Aug 26 18:24:24.927473: | 71 2e bf 12 02 87 5b 3f fe ae 09 f7 d4 b6 27 6b Aug 26 18:24:24.927476: | a8 6e e2 08 4f 48 3b 44 04 d9 2b c1 12 4c e8 c0 Aug 26 18:24:24.927478: | 7e f6 75 d9 33 8a 66 c5 b6 95 2b ac de 86 86 31 Aug 26 18:24:24.927481: | ea a5 4d 64 b5 98 0a ad d7 de c5 06 0b af 27 d6 Aug 26 18:24:24.927483: | d0 0c 47 77 aa 15 8e 59 93 7b 65 f4 e6 5d bc a7 Aug 26 18:24:24.927486: | 04 16 59 c0 4d 6b 98 d0 32 f6 32 0a f8 8c 9c 63 Aug 26 18:24:24.927488: | dd 1b d0 c1 1f 4e e3 b8 57 c9 64 a4 c2 2c 26 23 Aug 26 18:24:24.927491: | 9e d0 a6 2a af 68 3f 02 52 ea 72 d5 66 5c 39 6a Aug 26 18:24:24.927493: | 2f 11 2e d4 64 1a ff cb fe de 10 25 62 73 49 df Aug 26 18:24:24.927496: | 46 97 c6 ac 2c 70 12 1c 04 3a 9e 90 e3 c6 e8 f2 Aug 26 18:24:24.927499: | ac c9 35 4b b6 67 af 2b 55 29 66 46 1d 4b b4 da Aug 26 18:24:24.927501: | 70 e6 d2 c7 6a a7 95 5f 35 d0 f6 a7 35 02 e7 31 Aug 26 18:24:24.927504: | f6 66 84 1d 6a a3 c6 d3 b4 b9 60 8d 7d da 38 d1 Aug 26 18:24:24.927509: | 6d d9 0b 8a b9 8e ce eb fa e5 a9 26 c0 34 ad 7a Aug 26 18:24:24.927511: | ae 1e 39 88 77 41 2e 20 64 f6 75 7e 84 b9 58 a1 Aug 26 18:24:24.927514: | ea 4a 3a 28 84 1a 31 4c 7f 13 fd 74 e4 dc ba a7 Aug 26 18:24:24.927516: | 80 e5 66 4c 0c 7a 5b f0 11 55 44 bd d2 12 7e 13 Aug 26 18:24:24.927519: | a5 bd b7 6b d4 0d b9 76 d0 19 e1 08 91 59 c7 6d Aug 26 18:24:24.927521: | a1 85 ea 46 3b fe 63 61 cd 83 3e bc cb 0d 3c e3 Aug 26 18:24:24.927524: | e7 71 d5 45 c9 2f a6 b8 f2 f5 7b Aug 26 18:24:24.927528: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.927532: | **parse ISAKMP Message: Aug 26 18:24:24.927535: | initiator cookie: Aug 26 18:24:24.927537: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.927540: | responder cookie: Aug 26 18:24:24.927542: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927545: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.927548: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.927551: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.927554: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.927557: | Message ID: 1 (0x1) Aug 26 18:24:24.927560: | length: 539 (0x21b) Aug 26 18:24:24.927563: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.927566: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:24.927569: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:24.927575: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.927580: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.927583: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:24.927586: | #1 is idle Aug 26 18:24:24.927588: | #1 idle Aug 26 18:24:24.927593: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:24.927595: | unpacking clear payload Aug 26 18:24:24.927598: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.927602: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.927605: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.927607: | flags: none (0x0) Aug 26 18:24:24.927610: | length: 511 (0x1ff) Aug 26 18:24:24.927612: | fragment number: 3 (0x3) Aug 26 18:24:24.927615: | total fragments: 5 (0x5) Aug 26 18:24:24.927618: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.927620: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.927623: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 18:24:24.927628: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.927634: | #1 spent 0.205 milliseconds in ikev2_process_packet() Aug 26 18:24:24.927638: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.927642: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.927645: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.927649: | spent 0.221 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.927774: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.927786: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.927789: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927792: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.927794: | 00 04 00 05 77 7a 6d c2 d1 62 52 bc f5 63 83 2f Aug 26 18:24:24.927797: | 8d 88 7c ad 9a 37 74 d6 eb dc a2 28 75 53 75 21 Aug 26 18:24:24.927802: | 89 ef bf 9e e1 dc bd 05 75 f9 7c 8d b1 47 06 e3 Aug 26 18:24:24.927804: | 4a df bb c2 80 a9 58 67 43 6e 49 b2 3b b3 39 f7 Aug 26 18:24:24.927807: | c9 7a 31 84 60 cf 1c 7f 56 d7 2f 5d 94 33 1f d0 Aug 26 18:24:24.927809: | 06 88 72 c6 70 25 58 5a e0 3e fc 07 b3 ba bf 4c Aug 26 18:24:24.927812: | 01 04 2f 68 d7 61 ea 64 6d c1 94 1c 26 59 27 de Aug 26 18:24:24.927815: | a2 a0 ba 6d 2d 51 72 1a b5 9f 7b 0d 33 4a 3c d5 Aug 26 18:24:24.927817: | 86 54 7f 4a dc 3f 92 b6 da d4 57 30 50 55 1c b2 Aug 26 18:24:24.927820: | 1c be be d5 54 2c c0 a1 28 2a 7a 79 24 2b 7d fc Aug 26 18:24:24.927822: | e0 44 94 70 a2 03 96 d9 32 9e 18 08 54 f9 55 10 Aug 26 18:24:24.927825: | 22 a9 ab f5 74 2e ae 36 a5 4f 84 89 9c dc e7 30 Aug 26 18:24:24.927827: | ed 4c b9 da 3d 90 ee 33 47 92 93 92 de de a4 c0 Aug 26 18:24:24.927830: | ea ed 5c 8d dc 9c 00 10 86 4e d5 da 4c d6 fb 6d Aug 26 18:24:24.927832: | 7f b3 23 f0 29 56 87 a1 0f 8a e2 d7 3c c2 68 33 Aug 26 18:24:24.927834: | 0b ad 6c ec 57 4f 26 39 ca 73 f7 c6 80 57 1b 21 Aug 26 18:24:24.927837: | 45 b2 b5 66 db b2 f1 a5 ff 34 b5 9f 1a 92 0c d5 Aug 26 18:24:24.927839: | e8 be 4d 68 df 43 e0 5b 69 0a d9 c1 da 2b 2c e7 Aug 26 18:24:24.927841: | 28 26 ab c0 a9 26 a2 03 3f ff 62 23 fe fd 69 99 Aug 26 18:24:24.927844: | 50 70 8b f0 1d 3e 8f 03 c9 17 39 60 7a 18 78 3a Aug 26 18:24:24.927846: | 4b e8 6b 1b 83 3a a3 91 9d ed 8b 60 7e 62 4f ef Aug 26 18:24:24.927848: | 5a 0f f9 5f 34 d3 27 40 e5 14 88 e6 21 f8 15 7d Aug 26 18:24:24.927851: | 77 b5 dc 39 0e 1f 41 c2 9e 0e 75 ae 95 ce 0d 65 Aug 26 18:24:24.927854: | 82 71 d1 3d a9 36 d4 99 05 d2 e9 b7 9e 73 47 c0 Aug 26 18:24:24.927856: | 58 6a d9 bd ec 0f 9d 54 35 00 25 2e 39 bc 97 cc Aug 26 18:24:24.927859: | c4 97 a8 2c 6c 8e da 15 bd 71 20 c1 0b d6 e3 ce Aug 26 18:24:24.927861: | 46 92 8c c7 c5 77 2f ac 7f 77 d5 67 ac 62 31 8d Aug 26 18:24:24.927864: | 17 71 7b 2b 49 09 03 2d d4 0c 26 c5 b8 49 99 ca Aug 26 18:24:24.927866: | 57 b7 fd b8 67 c5 51 3c 35 1a 8d 76 d9 ed 70 5a Aug 26 18:24:24.927869: | 3c 47 32 82 11 d8 99 f2 a2 90 ad 01 94 a7 91 cb Aug 26 18:24:24.927872: | df a5 5b 5e 4f ba c9 e1 7a e8 f6 c6 a4 25 20 b8 Aug 26 18:24:24.927874: | 00 2a 9d 74 46 15 33 85 3d b5 cc Aug 26 18:24:24.927879: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.927882: | **parse ISAKMP Message: Aug 26 18:24:24.927885: | initiator cookie: Aug 26 18:24:24.927887: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.927890: | responder cookie: Aug 26 18:24:24.927892: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927895: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.927897: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.927900: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.927902: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.927905: | Message ID: 1 (0x1) Aug 26 18:24:24.927908: | length: 539 (0x21b) Aug 26 18:24:24.927911: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.927914: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:24.927917: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:24.927923: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.927928: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.927931: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:24.927934: | #1 is idle Aug 26 18:24:24.927937: | #1 idle Aug 26 18:24:24.927941: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:24.927944: | unpacking clear payload Aug 26 18:24:24.927946: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.927952: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.927955: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.927957: | flags: none (0x0) Aug 26 18:24:24.927960: | length: 511 (0x1ff) Aug 26 18:24:24.927962: | fragment number: 4 (0x4) Aug 26 18:24:24.927965: | total fragments: 5 (0x5) Aug 26 18:24:24.927968: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.927971: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.927974: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 18:24:24.927979: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.927984: | #1 spent 0.203 milliseconds in ikev2_process_packet() Aug 26 18:24:24.927989: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.927992: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.927996: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.928000: | spent 0.219 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.928099: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.928111: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:24.928114: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.928117: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 18:24:24.928119: | 00 05 00 05 67 d0 bb 67 d0 7f 2f 60 e5 29 d8 ed Aug 26 18:24:24.928122: | 65 56 05 27 35 4d df cb c3 e5 48 63 d3 d1 30 a7 Aug 26 18:24:24.928124: | 95 d3 dc f1 10 b7 b5 39 fb 11 92 d6 2f 5a 26 bd Aug 26 18:24:24.928126: | d4 9a 30 3f 42 7d 75 1f 47 7f f6 a9 9f ce 18 7d Aug 26 18:24:24.928129: | d0 cf aa 0a 1d 81 be 3d 79 0a 28 26 fa ba ae 5f Aug 26 18:24:24.928131: | 6a 8c 59 5c 38 ed 33 e2 29 33 ed 53 51 9c df a6 Aug 26 18:24:24.928133: | f8 a8 d2 ab 8f 63 55 88 35 36 66 40 a1 22 c6 c6 Aug 26 18:24:24.928136: | 2c cf 75 c6 d8 a5 08 d5 94 fa 5f c3 87 4a 49 02 Aug 26 18:24:24.928138: | 7f 27 cd 46 d1 0b 83 8b 19 92 64 fe d2 d5 9d 4a Aug 26 18:24:24.928140: | 85 03 8a e6 a8 45 00 be d4 3f 86 0c 05 96 dc db Aug 26 18:24:24.928143: | 59 28 29 67 cc 75 d6 f7 32 b5 fa 0c af 6e aa eb Aug 26 18:24:24.928145: | 37 17 f5 3b 0d 05 37 a0 9f d5 69 5d 8f b0 f8 06 Aug 26 18:24:24.928148: | 33 4e 8a ea e5 8c b3 a5 9e 89 63 a2 23 7e f5 ec Aug 26 18:24:24.928150: | e2 5a 13 8a 71 2f 6c ba ef a1 1d 8f be 32 9b 25 Aug 26 18:24:24.928153: | 25 46 39 31 d2 08 c7 b6 71 f7 be ef 60 55 95 da Aug 26 18:24:24.928155: | 19 0f fa 6c f8 86 da 25 41 fd f4 2a e6 bf a7 34 Aug 26 18:24:24.928158: | 0d f6 38 73 66 30 d5 40 d9 af 34 7e ad 9f 58 db Aug 26 18:24:24.928161: | 57 40 de 57 1c d6 be ba 98 d9 f8 04 13 e7 b2 75 Aug 26 18:24:24.928163: | d4 8e 09 29 16 8d e3 82 78 ad ec fe 60 bd 9f 23 Aug 26 18:24:24.928166: | 3d e7 55 91 8f 74 44 39 5b 3d cc 26 f9 c5 03 22 Aug 26 18:24:24.928168: | d8 8f b8 65 7a 3d 8c 0f 02 60 98 8d 86 2b 4d 94 Aug 26 18:24:24.928171: | cf 2d e3 64 e8 9a 84 97 8a 1c a9 20 70 ed 56 1c Aug 26 18:24:24.928173: | 38 b8 09 e8 c1 73 63 20 d7 4f Aug 26 18:24:24.928178: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:24.928181: | **parse ISAKMP Message: Aug 26 18:24:24.928183: | initiator cookie: Aug 26 18:24:24.928186: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.928188: | responder cookie: Aug 26 18:24:24.928190: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.928193: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.928195: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.928198: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.928200: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.928203: | Message ID: 1 (0x1) Aug 26 18:24:24.928209: | length: 394 (0x18a) Aug 26 18:24:24.928213: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.928216: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:24:24.928219: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:24:24.928225: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.928230: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.928233: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:24.928236: | #1 is idle Aug 26 18:24:24.928239: | #1 idle Aug 26 18:24:24.928243: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:24.928246: | unpacking clear payload Aug 26 18:24:24.928249: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.928252: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.928255: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.928258: | flags: none (0x0) Aug 26 18:24:24.928260: | length: 366 (0x16e) Aug 26 18:24:24.928263: | fragment number: 5 (0x5) Aug 26 18:24:24.928266: | total fragments: 5 (0x5) Aug 26 18:24:24.928269: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Aug 26 18:24:24.928271: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.928274: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 18:24:24.928278: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:24.928281: | Now let's proceed with state specific processing Aug 26 18:24:24.928283: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:24:24.928286: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 18:24:24.928297: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:24.928301: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 18:24:24.928304: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:24:24.928309: | libevent_free: release ptr-libevent@0x555f34d65448 Aug 26 18:24:24.928312: | free_event_entry: release EVENT_SO_DISCARD-pe@0x555f34d5cf58 Aug 26 18:24:24.928316: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5cf58 Aug 26 18:24:24.928320: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:24.928324: | libevent_malloc: new ptr-libevent@0x7f3c88002888 size 128 Aug 26 18:24:24.928336: | #1 spent 0.0449 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 18:24:24.928342: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.928347: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:24.928355: | suspending state #1 and saving MD Aug 26 18:24:24.928359: | #1 is busy; has a suspended MD Aug 26 18:24:24.928344: | crypto helper 1 resuming Aug 26 18:24:24.928366: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:24.928378: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:24:24.928383: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:24.928386: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 18:24:24.928388: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.928400: | #1 spent 0.283 milliseconds in ikev2_process_packet() Aug 26 18:24:24.928405: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:24.928410: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.928413: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.928417: | spent 0.301 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.929252: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:24.929704: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001316 seconds Aug 26 18:24:24.929720: | (#1) spent 1.33 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 18:24:24.929726: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:24.929729: | scheduling resume sending helper answer for #1 Aug 26 18:24:24.929734: | libevent_malloc: new ptr-libevent@0x7f3c80000f48 size 128 Aug 26 18:24:24.929744: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:24.930573: | processing resume sending helper answer for #1 Aug 26 18:24:24.930593: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:24.930599: | crypto helper 1 replies to request ID 2 Aug 26 18:24:24.930602: | calling continuation function 0x555f348c1b50 Aug 26 18:24:24.930606: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 18:24:24.930610: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:24:24.930614: | already have all fragments, skipping fragment collection Aug 26 18:24:24.930617: | already have all fragments, skipping fragment collection Aug 26 18:24:24.930653: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:24.930657: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 18:24:24.930662: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 18:24:24.930665: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 18:24:24.930668: | flags: none (0x0) Aug 26 18:24:24.930671: | length: 193 (0xc1) Aug 26 18:24:24.930673: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.930676: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Aug 26 18:24:24.930678: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 18:24:24.930682: | **parse IKEv2 Certificate Payload: Aug 26 18:24:24.930684: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 18:24:24.930687: | flags: none (0x0) Aug 26 18:24:24.930690: | length: 1232 (0x4d0) Aug 26 18:24:24.930692: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.930695: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Aug 26 18:24:24.930697: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:24.930700: | **parse IKEv2 Certificate Request Payload: Aug 26 18:24:24.930703: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:24.930705: | flags: none (0x0) Aug 26 18:24:24.930707: | length: 25 (0x19) Aug 26 18:24:24.930710: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.930713: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 18:24:24.930716: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:24.930719: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:24.930721: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:24.930724: | flags: none (0x0) Aug 26 18:24:24.930726: | length: 191 (0xbf) Aug 26 18:24:24.930729: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.930731: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 18:24:24.930734: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:24.930737: | **parse IKEv2 Authentication Payload: Aug 26 18:24:24.930740: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:24.930742: | flags: none (0x0) Aug 26 18:24:24.930744: | length: 392 (0x188) Aug 26 18:24:24.930747: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:24.930749: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 18:24:24.930755: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:24.930759: | **parse IKEv2 Security Association Payload: Aug 26 18:24:24.930762: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:24.930764: | flags: none (0x0) Aug 26 18:24:24.930767: | length: 164 (0xa4) Aug 26 18:24:24.930770: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 18:24:24.930772: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:24.930775: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:24.930778: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:24.930781: | flags: none (0x0) Aug 26 18:24:24.930784: | length: 24 (0x18) Aug 26 18:24:24.930786: | number of TS: 1 (0x1) Aug 26 18:24:24.930789: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:24.930792: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:24.930795: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:24.930798: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.930800: | flags: none (0x0) Aug 26 18:24:24.930803: | length: 24 (0x18) Aug 26 18:24:24.930806: | number of TS: 1 (0x1) Aug 26 18:24:24.930809: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:24.930811: | selected state microcode Responder: process IKE_AUTH request Aug 26 18:24:24.930814: | Now let's proceed with state specific processing Aug 26 18:24:24.930817: | calling processor Responder: process IKE_AUTH request Aug 26 18:24:24.930824: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Aug 26 18:24:24.930831: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:24.930838: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:24:24.930843: loading root certificate cache Aug 26 18:24:24.934066: | spent 3.2 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:24:24.934118: | spent 0.0276 milliseconds in get_root_certs() filtering CAs Aug 26 18:24:24.934126: | #1 spent 3.28 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:24:24.934131: | checking for known CERT payloads Aug 26 18:24:24.934134: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:24:24.934177: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.934186: | #1 spent 0.0533 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:24:24.934191: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.934242: | #1 spent 0.0492 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:24:24.934247: | missing or expired CRL Aug 26 18:24:24.934251: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:24:24.934254: | verify_end_cert trying profile IPsec Aug 26 18:24:24.934363: | certificate is valid (profile IPsec) Aug 26 18:24:24.934376: | #1 spent 0.12 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:24:24.934382: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.934450: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d6bb08 Aug 26 18:24:24.934456: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d77cd8 Aug 26 18:24:24.934459: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555f34d77b28 Aug 26 18:24:24.934606: | unreference key: 0x555f34d78218 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:24.934618: | #1 spent 0.229 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:24:24.934627: | #1 spent 3.78 milliseconds in decode_certs() Aug 26 18:24:24.934632: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.934634: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.934637: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.934639: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.934642: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.934644: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.934646: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:24:24.934649: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:24:24.934651: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:24:24.934654: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:24:24.934656: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:24.934658: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.934661: | received IDr payload - extracting our alleged ID Aug 26 18:24:24.934664: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.934667: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.934669: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.934671: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.934674: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.934676: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.934678: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:24.934681: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.934683: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:24.934686: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:24.934688: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.934691: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.934704: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:24.934708: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 18:24:24.934712: | X509: CERT and ID matches current connection Aug 26 18:24:24.934715: | CERT_X509_SIGNATURE CR: Aug 26 18:24:24.934717: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:24.934720: | 2b 92 25 e9 Aug 26 18:24:24.934722: | cert blob content is not binary ASN.1 Aug 26 18:24:24.934726: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Aug 26 18:24:24.934733: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934740: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934744: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 18:24:24.934755: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:24.934760: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 18:24:24.934766: | The remote specified our ID in its IDr payload Aug 26 18:24:24.934773: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934780: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:24.934809: | received CERTREQ payload; going to decode it Aug 26 18:24:24.934814: | CERT_X509_SIGNATURE CR: Aug 26 18:24:24.934817: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:24.934820: | 2b 92 25 e9 Aug 26 18:24:24.934823: | cert blob content is not binary ASN.1 Aug 26 18:24:24.934825: | verifying AUTH payload Aug 26 18:24:24.934843: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934855: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:24:24.934861: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934868: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.934874: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.935046: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 18:24:24.935054: | #1 spent 0.175 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:24.935058: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 18:24:24.935063: | #1 spent 0.232 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:24.935068: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 18:24:24.935073: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:24.935077: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:24.935083: | libevent_free: release ptr-libevent@0x7f3c88002888 Aug 26 18:24:24.935087: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5cf58 Aug 26 18:24:24.935091: | event_schedule: new EVENT_SA_REKEY-pe@0x555f34d5cf58 Aug 26 18:24:24.935096: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 18:24:24.935101: | libevent_malloc: new ptr-libevent@0x555f34d78bc8 size 128 Aug 26 18:24:24.937401: | pstats #1 ikev2.ike established Aug 26 18:24:24.937417: | **emit ISAKMP Message: Aug 26 18:24:24.937421: | initiator cookie: Aug 26 18:24:24.937424: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.937426: | responder cookie: Aug 26 18:24:24.937429: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.937432: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.937435: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.937438: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.937441: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.937443: | Message ID: 1 (0x1) Aug 26 18:24:24.937446: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.937450: | IKEv2 CERT: send a certificate? Aug 26 18:24:24.937452: | IKEv2 CERT: OK to send a certificate (always) Aug 26 18:24:24.937455: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:24.937458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.937460: | flags: none (0x0) Aug 26 18:24:24.937464: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:24.937470: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.937474: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:24.937485: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:24.937542: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:24.937550: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.937553: | flags: none (0x0) Aug 26 18:24:24.937556: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.937560: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:24.937563: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.937567: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 18:24:24.937586: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.937592: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.937595: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.937598: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.937600: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.937603: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.937605: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:24.937608: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.937611: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:24.937614: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:24.937616: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.937619: | my identity 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.937622: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 18:24:24.937634: | assembled IDr payload Aug 26 18:24:24.937638: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.937641: | ****emit IKEv2 Certificate Payload: Aug 26 18:24:24.937648: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.937651: | flags: none (0x0) Aug 26 18:24:24.937654: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.937658: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 18:24:24.937661: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.937664: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 18:24:24.937667: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 18:24:24.937669: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:24:24.937672: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:24:24.937674: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:24:24.937677: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:24:24.937679: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:24:24.937681: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:24:24.937683: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:24:24.937686: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:24:24.937688: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:24:24.937690: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:24:24.937693: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:24:24.937695: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:24:24.937699: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:24:24.937702: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:24:24.937704: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:24:24.937706: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:24:24.937708: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:24:24.937711: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:24:24.937713: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:24:24.937715: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:24:24.937717: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 18:24:24.937720: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:24.937722: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 18:24:24.937724: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 18:24:24.937726: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:24.937729: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 18:24:24.937731: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 18:24:24.937733: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 18:24:24.937735: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 18:24:24.937738: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 18:24:24.937740: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 18:24:24.937742: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 18:24:24.937745: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 18:24:24.937747: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 18:24:24.937749: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 18:24:24.937751: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 18:24:24.937753: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 18:24:24.937756: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 18:24:24.937759: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 18:24:24.937761: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 18:24:24.937763: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 18:24:24.937765: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 18:24:24.937768: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 18:24:24.937770: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 18:24:24.937772: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 18:24:24.937775: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 18:24:24.937777: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 18:24:24.937779: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 18:24:24.937782: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 18:24:24.937784: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 18:24:24.937786: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 18:24:24.937789: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 18:24:24.937792: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 18:24:24.937795: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 18:24:24.937798: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:24.937801: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 18:24:24.937804: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:24.937807: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 18:24:24.937810: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 18:24:24.937813: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 18:24:24.937816: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 18:24:24.937821: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 18:24:24.937825: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 18:24:24.937827: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:24.937830: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 18:24:24.937833: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 18:24:24.937836: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 18:24:24.937839: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 18:24:24.937842: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 18:24:24.937845: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 18:24:24.937848: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 18:24:24.937851: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 18:24:24.937854: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 18:24:24.937857: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 18:24:24.937860: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 18:24:24.937863: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 18:24:24.937865: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 18:24:24.937868: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 18:24:24.937871: | emitting length of IKEv2 Certificate Payload: 1265 Aug 26 18:24:24.937875: | CHILD SA proposals received Aug 26 18:24:24.937878: | going to assemble AUTH payload Aug 26 18:24:24.937881: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:24.937885: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:24.937888: | flags: none (0x0) Aug 26 18:24:24.937891: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:24.937895: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:24:24.937899: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:24.937902: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.937911: | #1 spent 1 milliseconds Aug 26 18:24:24.937928: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 18:24:24.938046: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 18:24:24.947020: | #1 spent 8.49 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:24.947036: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:24.947040: | rsa signature 24 fb 95 f7 e5 a6 1a c6 73 92 3c 8b 8a 98 1a 37 Aug 26 18:24:24.947043: | rsa signature f4 be 09 c1 8c 4d eb b0 63 c0 0b cd f8 d2 42 53 Aug 26 18:24:24.947045: | rsa signature ac 2a 40 8b 44 c6 19 09 ba a9 6d eb d7 fb 4a b8 Aug 26 18:24:24.947048: | rsa signature c4 82 ce b4 ae 08 c6 42 cc 3a 06 0b 98 5e ec d5 Aug 26 18:24:24.947050: | rsa signature 48 64 99 fa be 78 c5 25 20 d6 8c fe b6 d9 bc fb Aug 26 18:24:24.947052: | rsa signature 09 e9 76 7b 99 93 b4 11 70 c1 85 f7 62 10 10 50 Aug 26 18:24:24.947055: | rsa signature ba 11 7f bb 57 4d 3f 3b a0 d5 4b ab ed 7c be 8d Aug 26 18:24:24.947057: | rsa signature 0d 27 c0 4c 85 01 01 aa aa 8a cc 09 c6 7e 82 81 Aug 26 18:24:24.947060: | rsa signature e5 23 5b 33 84 3d 70 de d1 bd ec 82 ea d6 4b 3b Aug 26 18:24:24.947062: | rsa signature 71 1b 63 7e 05 8e b4 b1 5d ca ff d6 f6 d9 3d e8 Aug 26 18:24:24.947065: | rsa signature 17 fa de 59 3e 00 23 df b3 db 35 35 7a a2 6b 8a Aug 26 18:24:24.947067: | rsa signature 06 ea 24 d7 d1 08 2d fd 54 96 98 dc d6 16 e1 d6 Aug 26 18:24:24.947072: | rsa signature fd f9 3b 51 4f 63 66 8b 8a 66 9c 77 9b 88 b5 b9 Aug 26 18:24:24.947075: | rsa signature c9 a7 62 5a 1a df 26 2a f2 dc 90 29 d9 63 c2 34 Aug 26 18:24:24.947077: | rsa signature 6c 69 b0 a2 1f d7 af e1 2a 1e c2 35 07 da a6 5f Aug 26 18:24:24.947080: | rsa signature 1d c1 e7 a1 ea ec 23 58 8e 60 3b c8 38 0a 9c 44 Aug 26 18:24:24.947083: | rsa signature df f0 03 61 3d 85 56 0a 06 38 f7 cb cb 72 46 64 Aug 26 18:24:24.947085: | rsa signature 26 20 50 88 f2 0f c9 a8 97 71 90 32 b5 20 82 69 Aug 26 18:24:24.947088: | rsa signature ba e6 96 7a 97 08 d7 1f e2 ea 4d 9c b6 b8 d9 0a Aug 26 18:24:24.947090: | rsa signature 21 01 26 68 81 61 45 a6 f2 36 e6 10 67 92 b2 e2 Aug 26 18:24:24.947093: | rsa signature 69 ff 81 a6 f8 76 97 f9 36 c0 5b 7c 7b d9 5b 26 Aug 26 18:24:24.947095: | rsa signature c6 fb e7 2a f4 9f 07 2d 51 0c d8 dd ff 5f 43 76 Aug 26 18:24:24.947097: | rsa signature 18 8d 02 38 c2 41 a4 ce a9 12 6e e3 84 ec ff c1 Aug 26 18:24:24.947100: | rsa signature fe e5 63 70 30 e0 0f 11 90 65 3c 3c 6e b0 54 e0 Aug 26 18:24:24.947105: | #1 spent 8.74 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:24.947109: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 18:24:24.947116: | creating state object #2 at 0x555f34d718a8 Aug 26 18:24:24.947120: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:24.947124: | pstats #2 ikev2.child started Aug 26 18:24:24.947128: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 18:24:24.947134: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:24.947142: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:24.947148: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:24.947153: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:24.947156: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 18:24:24.947159: | TSi: parsing 1 traffic selectors Aug 26 18:24:24.947164: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:24.947167: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.947170: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.947173: | length: 16 (0x10) Aug 26 18:24:24.947176: | start port: 0 (0x0) Aug 26 18:24:24.947178: | end port: 65535 (0xffff) Aug 26 18:24:24.947182: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:24.947185: | TS low c0 00 03 00 Aug 26 18:24:24.947188: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:24.947190: | TS high c0 00 03 ff Aug 26 18:24:24.947193: | TSi: parsed 1 traffic selectors Aug 26 18:24:24.947196: | TSr: parsing 1 traffic selectors Aug 26 18:24:24.947199: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:24.947202: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.947205: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.947207: | length: 16 (0x10) Aug 26 18:24:24.947210: | start port: 0 (0x0) Aug 26 18:24:24.947213: | end port: 65535 (0xffff) Aug 26 18:24:24.947216: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:24.947218: | TS low c0 00 02 00 Aug 26 18:24:24.947221: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:24.947224: | TS high c0 00 02 ff Aug 26 18:24:24.947227: | TSr: parsed 1 traffic selectors Aug 26 18:24:24.947229: | looking for best SPD in current connection Aug 26 18:24:24.947236: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:24.947243: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947250: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:24.947256: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:24.947260: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:24.947263: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:24.947266: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.947271: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947278: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 18:24:24.947281: | looking for better host pair Aug 26 18:24:24.947286: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:24.947299: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 18:24:24.947302: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 18:24:24.947317: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:24.947321: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:24.947324: | results matched Aug 26 18:24:24.947331: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.947337: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.947344: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:24.947349: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947355: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:24.947358: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:24.947361: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:24.947364: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:24.947367: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.947372: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947378: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 18:24:24.947381: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 18:24:24.947390: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:24.947393: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:24.947396: | results matched Aug 26 18:24:24.947402: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.947407: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.947413: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:24.947417: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947423: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:24.947426: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:24.947429: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:24.947432: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:24.947435: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.947439: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.947446: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:24.947449: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:24.947452: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:24.947454: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:24.947457: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.947460: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:24.947463: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Aug 26 18:24:24.947470: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:24.947474: | printing contents struct traffic_selector Aug 26 18:24:24.947476: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:24.947479: | ipprotoid: 0 Aug 26 18:24:24.947481: | port range: 0-65535 Aug 26 18:24:24.947485: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:24.947488: | printing contents struct traffic_selector Aug 26 18:24:24.947491: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:24.947493: | ipprotoid: 0 Aug 26 18:24:24.947496: | port range: 0-65535 Aug 26 18:24:24.947500: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:24.947505: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 18:24:24.947511: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:24.947518: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:24.947521: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:24.947526: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:24.947530: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:24.947535: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.947539: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:24.947543: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.947553: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.947557: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:24:24.947561: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:24.947564: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:24.947567: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:24.947570: | local proposal 1 type DH has 1 transforms Aug 26 18:24:24.947573: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:24.947577: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:24.947580: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:24.947583: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:24.947585: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:24.947588: | local proposal 2 type DH has 1 transforms Aug 26 18:24:24.947591: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:24.947594: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:24.947597: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:24.947600: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:24.947603: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:24.947606: | local proposal 3 type DH has 1 transforms Aug 26 18:24:24.947611: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:24.947614: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:24.947617: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:24.947620: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:24.947623: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:24.947626: | local proposal 4 type DH has 1 transforms Aug 26 18:24:24.947629: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:24.947632: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:24.947636: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.947639: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.947642: | length: 32 (0x20) Aug 26 18:24:24.947645: | prop #: 1 (0x1) Aug 26 18:24:24.947648: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.947650: | spi size: 4 (0x4) Aug 26 18:24:24.947653: | # transforms: 2 (0x2) Aug 26 18:24:24.947657: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:24.947660: | remote SPI 5c 2f 00 b5 Aug 26 18:24:24.947664: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:24.947667: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947673: | length: 12 (0xc) Aug 26 18:24:24.947675: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.947678: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.947682: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.947685: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.947688: | length/value: 256 (0x100) Aug 26 18:24:24.947692: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:24.947696: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947699: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.947701: | length: 8 (0x8) Aug 26 18:24:24.947704: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.947707: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.947710: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:24.947714: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:24:24.947717: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:24:24.947721: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:24:24.947724: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:24.947729: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:24.947732: | remote proposal 1 matches local proposal 1 Aug 26 18:24:24.947735: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.947738: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.947741: | length: 32 (0x20) Aug 26 18:24:24.947743: | prop #: 2 (0x2) Aug 26 18:24:24.947746: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.947748: | spi size: 4 (0x4) Aug 26 18:24:24.947751: | # transforms: 2 (0x2) Aug 26 18:24:24.947754: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:24.947757: | remote SPI 5c 2f 00 b5 Aug 26 18:24:24.947760: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.947763: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947768: | length: 12 (0xc) Aug 26 18:24:24.947771: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.947774: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.947779: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.947782: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.947785: | length/value: 128 (0x80) Aug 26 18:24:24.947788: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947791: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.947793: | length: 8 (0x8) Aug 26 18:24:24.947796: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.947798: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.947802: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 18:24:24.947805: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 18:24:24.947808: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.947811: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.947813: | length: 48 (0x30) Aug 26 18:24:24.947816: | prop #: 3 (0x3) Aug 26 18:24:24.947819: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.947821: | spi size: 4 (0x4) Aug 26 18:24:24.947824: | # transforms: 4 (0x4) Aug 26 18:24:24.947827: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:24.947829: | remote SPI 5c 2f 00 b5 Aug 26 18:24:24.947832: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.947835: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947841: | length: 12 (0xc) Aug 26 18:24:24.947843: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.947846: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.947849: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.947852: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.947854: | length/value: 256 (0x100) Aug 26 18:24:24.947857: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947863: | length: 8 (0x8) Aug 26 18:24:24.947865: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.947868: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.947871: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947876: | length: 8 (0x8) Aug 26 18:24:24.947879: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.947881: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.947884: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947887: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.947889: | length: 8 (0x8) Aug 26 18:24:24.947892: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.947894: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.947898: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:24.947901: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:24.947904: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.947907: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.947910: | length: 48 (0x30) Aug 26 18:24:24.947912: | prop #: 4 (0x4) Aug 26 18:24:24.947915: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.947918: | spi size: 4 (0x4) Aug 26 18:24:24.947920: | # transforms: 4 (0x4) Aug 26 18:24:24.947923: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:24.947926: | remote SPI 5c 2f 00 b5 Aug 26 18:24:24.947929: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:24.947932: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947937: | length: 12 (0xc) Aug 26 18:24:24.947940: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.947944: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.947947: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.947950: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.947953: | length/value: 128 (0x80) Aug 26 18:24:24.947956: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947961: | length: 8 (0x8) Aug 26 18:24:24.947963: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.947966: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.947968: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.947973: | length: 8 (0x8) Aug 26 18:24:24.947976: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.947979: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.947982: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.947985: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.947987: | length: 8 (0x8) Aug 26 18:24:24.947990: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.947992: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.947996: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:24:24.948000: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:24:24.948006: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=5c2f00b5;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:24:24.948011: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=5c2f00b5;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:24.948014: | converting proposal to internal trans attrs Aug 26 18:24:24.948039: | netlink_get_spi: allocated 0xc648b913 for esp.0@192.1.2.23 Aug 26 18:24:24.948043: | Emitting ikev2_proposal ... Aug 26 18:24:24.948046: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:24.948049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.948052: | flags: none (0x0) Aug 26 18:24:24.948057: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:24.948060: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.948064: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.948066: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.948069: | prop #: 1 (0x1) Aug 26 18:24:24.948072: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.948075: | spi size: 4 (0x4) Aug 26 18:24:24.948078: | # transforms: 2 (0x2) Aug 26 18:24:24.948081: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.948085: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:24.948088: | our spi c6 48 b9 13 Aug 26 18:24:24.948091: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.948093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.948096: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.948099: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.948103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.948106: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.948109: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.948112: | length/value: 256 (0x100) Aug 26 18:24:24.948115: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.948120: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.948124: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.948127: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.948129: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.948133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.948136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.948139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.948142: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:24.948146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.948149: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 18:24:24.948152: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:24.948155: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:24.948159: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.948162: | flags: none (0x0) Aug 26 18:24:24.948164: | number of TS: 1 (0x1) Aug 26 18:24:24.948168: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:24.948171: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.948175: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:24.948177: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.948180: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.948183: | start port: 0 (0x0) Aug 26 18:24:24.948186: | end port: 65535 (0xffff) Aug 26 18:24:24.948189: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:24.948192: | ipv4 start c0 00 03 00 Aug 26 18:24:24.948195: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:24.948198: | ipv4 end c0 00 03 ff Aug 26 18:24:24.948201: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:24.948204: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:24.948207: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:24.948210: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.948212: | flags: none (0x0) Aug 26 18:24:24.948215: | number of TS: 1 (0x1) Aug 26 18:24:24.948219: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:24.948222: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.948225: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:24.948228: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.948230: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.948233: | start port: 0 (0x0) Aug 26 18:24:24.948235: | end port: 65535 (0xffff) Aug 26 18:24:24.948238: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:24.948241: | ipv4 start c0 00 02 00 Aug 26 18:24:24.948243: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:24.948246: | ipv4 end c0 00 02 ff Aug 26 18:24:24.948248: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:24.948251: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:24.948254: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:24.948258: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:24.948446: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:24:24.948459: | #1 spent 1.35 milliseconds Aug 26 18:24:24.948463: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:24.948466: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:24:24.948469: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:24.948473: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.948476: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:24.948479: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.948481: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:24.948485: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:24.948489: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:24.948493: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:24.948496: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:24.948499: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:24.948504: | setting IPsec SA replay-window to 32 Aug 26 18:24:24.948507: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:24.948511: | netlink: enabling tunnel mode Aug 26 18:24:24.948514: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:24.948517: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:24.948815: | netlink response for Add SA esp.5c2f00b5@192.1.3.33 included non-error error Aug 26 18:24:24.948823: | set up outgoing SA, ref=0/0 Aug 26 18:24:24.948827: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:24.948831: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:24.948834: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:24.948837: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:24.948841: | setting IPsec SA replay-window to 32 Aug 26 18:24:24.948845: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:24.948848: | netlink: enabling tunnel mode Aug 26 18:24:24.948851: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:24.948854: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:24.949026: | netlink response for Add SA esp.c648b913@192.1.2.23 included non-error error Aug 26 18:24:24.949034: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:24.949042: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:24.949046: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:24.949304: | raw_eroute result=success Aug 26 18:24:24.949314: | set up incoming SA, ref=0/0 Aug 26 18:24:24.949318: | sr for #2: unrouted Aug 26 18:24:24.949321: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:24.949325: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:24.949328: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.949332: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:24.949335: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.949338: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:24.949343: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:24.949347: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:24.949351: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:24.949359: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:24:24.949363: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:24.949494: | raw_eroute result=success Aug 26 18:24:24.949502: | running updown command "ipsec _updown" for verb up Aug 26 18:24:24.949509: | command executing up-client Aug 26 18:24:24.949544: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.949552: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.949573: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:24:24.949577: | popen cmd is 1403 chars long Aug 26 18:24:24.949580: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:24.949583: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:24:24.949587: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:24:24.949590: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:24:24.949593: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 18:24:24.949596: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 18:24:24.949599: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 18:24:24.949602: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 18:24:24.949604: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 18:24:24.949607: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:24.949610: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:24.949613: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 18:24:24.949616: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Aug 26 18:24:24.949619: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 18:24:24.949622: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 18:24:24.949625: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 18:24:24.949628: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5c2: Aug 26 18:24:24.949631: | cmd(1360):f00b5 SPI_OUT=0xc648b913 ipsec _updown 2>&1: Aug 26 18:24:24.961070: | route_and_eroute: firewall_notified: true Aug 26 18:24:24.961092: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:24.961095: | command executing prepare-client Aug 26 18:24:24.961118: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.961122: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.961139: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 18:24:24.961142: | popen cmd is 1408 chars long Aug 26 18:24:24.961144: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:24.961146: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:24:24.961148: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:24.961150: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:24.961153: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:24.961155: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:24.961158: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:24.961160: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 18:24:24.961163: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 18:24:24.961166: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:24.961168: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:24.961171: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:24.961174: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Aug 26 18:24:24.961176: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:24:24.961179: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:24:24.961182: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:24:24.961184: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:24:24.961187: | cmd(1360):0x5c2f00b5 SPI_OUT=0xc648b913 ipsec _updown 2>&1: Aug 26 18:24:24.970952: | running updown command "ipsec _updown" for verb route Aug 26 18:24:24.970975: | command executing route-client Aug 26 18:24:24.971016: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.971025: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.971054: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 18:24:24.971062: | popen cmd is 1406 chars long Aug 26 18:24:24.971066: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:24.971070: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 18:24:24.971074: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 18:24:24.971077: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 18:24:24.971081: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Aug 26 18:24:24.971085: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Aug 26 18:24:24.971088: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Aug 26 18:24:24.971092: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Aug 26 18:24:24.971095: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Aug 26 18:24:24.971099: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:24:24.971103: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 18:24:24.971106: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 18:24:24.971110: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Aug 26 18:24:24.971113: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:24:24.971117: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:24:24.971120: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:24:24.971124: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:24:24.971128: | cmd(1360):5c2f00b5 SPI_OUT=0xc648b913 ipsec _updown 2>&1: Aug 26 18:24:24.985755: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x555f34d4d358,sr=0x555f34d4d358} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:24.986060: | #1 spent 2.19 milliseconds in install_ipsec_sa() Aug 26 18:24:24.986071: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:24.986075: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986079: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:24.986085: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:24.986088: | emitting length of IKEv2 Encryption Payload: 1961 Aug 26 18:24:24.986092: | emitting length of ISAKMP Message: 1989 Aug 26 18:24:24.986102: | **parse ISAKMP Message: Aug 26 18:24:24.986106: | initiator cookie: Aug 26 18:24:24.986108: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986111: | responder cookie: Aug 26 18:24:24.986113: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986117: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:24.986120: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986125: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986130: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986133: | Message ID: 1 (0x1) Aug 26 18:24:24.986136: | length: 1989 (0x7c5) Aug 26 18:24:24.986139: | **parse IKEv2 Encryption Payload: Aug 26 18:24:24.986141: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:24.986144: | flags: none (0x0) Aug 26 18:24:24.986146: | length: 1961 (0x7a9) Aug 26 18:24:24.986149: | **emit ISAKMP Message: Aug 26 18:24:24.986151: | initiator cookie: Aug 26 18:24:24.986154: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986156: | responder cookie: Aug 26 18:24:24.986158: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986161: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.986165: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986167: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986170: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986173: | Message ID: 1 (0x1) Aug 26 18:24:24.986176: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.986180: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.986183: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:24.986185: | flags: none (0x0) Aug 26 18:24:24.986188: | fragment number: 1 (0x1) Aug 26 18:24:24.986190: | total fragments: 5 (0x5) Aug 26 18:24:24.986194: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Aug 26 18:24:24.986197: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.986200: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.986204: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.986222: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.986226: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 18:24:24.986229: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:24.986232: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:24.986235: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:24.986238: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.986240: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:24.986243: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:24.986245: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:24.986248: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:24.986251: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:24.986254: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:24.986257: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Aug 26 18:24:24.986259: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Aug 26 18:24:24.986262: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Aug 26 18:24:24.986265: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Aug 26 18:24:24.986268: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Aug 26 18:24:24.986271: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Aug 26 18:24:24.986273: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Aug 26 18:24:24.986276: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Aug 26 18:24:24.986279: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Aug 26 18:24:24.986282: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Aug 26 18:24:24.986286: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Aug 26 18:24:24.986311: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Aug 26 18:24:24.986314: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Aug 26 18:24:24.986317: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 18:24:24.986320: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 Aug 26 18:24:24.986323: | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 Aug 26 18:24:24.986325: | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 Aug 26 18:24:24.986328: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Aug 26 18:24:24.986344: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:24.986347: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986350: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.986354: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.986357: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.986360: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.986391: | **emit ISAKMP Message: Aug 26 18:24:24.986395: | initiator cookie: Aug 26 18:24:24.986398: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986401: | responder cookie: Aug 26 18:24:24.986403: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986406: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.986409: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986412: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986415: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986417: | Message ID: 1 (0x1) Aug 26 18:24:24.986420: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.986423: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.986426: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.986429: | flags: none (0x0) Aug 26 18:24:24.986431: | fragment number: 2 (0x2) Aug 26 18:24:24.986434: | total fragments: 5 (0x5) Aug 26 18:24:24.986437: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.986440: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.986443: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.986446: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.986451: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.986453: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:24.986456: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.986458: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:24.986461: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:24.986463: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:24.986466: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:24.986468: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:24.986471: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:24.986473: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Aug 26 18:24:24.986476: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Aug 26 18:24:24.986478: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Aug 26 18:24:24.986481: | cleartext fragment b1 1e 7c b3 bf 11 96 94 23 ca 97 5e c7 66 36 55 Aug 26 18:24:24.986485: | cleartext fragment 71 49 95 8d 0c 2a 5c 30 4d 58 29 a3 7b 4d 3b 3f Aug 26 18:24:24.986488: | cleartext fragment 03 06 46 a6 04 63 71 0d e1 59 4f 9c ec 3a 17 24 Aug 26 18:24:24.986491: | cleartext fragment 8d 91 6a a8 e2 da 57 41 de f4 ff 65 bf f6 11 34 Aug 26 18:24:24.986493: | cleartext fragment d3 7d 5a 7f 6e 3a 3b 74 3c 51 2b e4 bf ce 6b b2 Aug 26 18:24:24.986496: | cleartext fragment 14 47 26 52 f5 57 28 bc c5 fb f9 bc 2d 4e b9 f8 Aug 26 18:24:24.986498: | cleartext fragment 46 54 c7 95 41 a7 a4 b4 d3 b3 fe 55 4b df f5 c3 Aug 26 18:24:24.986501: | cleartext fragment 78 39 8b 4e 04 57 c0 1d 5b 17 3c 28 eb 40 9d 1d Aug 26 18:24:24.986503: | cleartext fragment 7c b3 bb 0f f0 63 c7 c0 84 b0 4e e4 a9 7c c5 4b Aug 26 18:24:24.986504: | cleartext fragment 08 43 a6 2d 00 22 fd 98 d4 03 d0 ad 97 85 d1 48 Aug 26 18:24:24.986506: | cleartext fragment 15 d3 e4 e5 2d 46 7c ab 41 97 05 27 61 77 3d b6 Aug 26 18:24:24.986507: | cleartext fragment b1 58 a0 5f e0 8d 26 84 9b 03 20 ce 5e 27 7f 7d Aug 26 18:24:24.986509: | cleartext fragment 14 03 b6 9d 6b 9f fd 0c d4 c7 2d eb be ea 62 87 Aug 26 18:24:24.986510: | cleartext fragment fa 99 e0 a6 1c 85 4f 34 da 93 2e 5f db 03 10 58 Aug 26 18:24:24.986512: | cleartext fragment a8 c4 99 17 2d b1 bc e5 7b bd af 0e 28 aa a5 74 Aug 26 18:24:24.986513: | cleartext fragment ea 69 74 5e fa 2c c3 00 3c 2f 58 d0 20 cf e3 46 Aug 26 18:24:24.986515: | cleartext fragment 8d de aa f9 f7 30 5c 16 05 04 89 4c 92 9b 8a 33 Aug 26 18:24:24.986516: | cleartext fragment 11 70 83 17 58 24 2a 4b ab be b6 ec 84 9c 78 9c Aug 26 18:24:24.986518: | cleartext fragment 11 04 2a 02 ce 27 83 a1 1f 2b 38 3f 27 7d Aug 26 18:24:24.986520: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986522: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.986524: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.986526: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.986527: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.986536: | **emit ISAKMP Message: Aug 26 18:24:24.986538: | initiator cookie: Aug 26 18:24:24.986540: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986541: | responder cookie: Aug 26 18:24:24.986543: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986544: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.986546: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986548: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986549: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986551: | Message ID: 1 (0x1) Aug 26 18:24:24.986553: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.986554: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.986556: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.986558: | flags: none (0x0) Aug 26 18:24:24.986559: | fragment number: 3 (0x3) Aug 26 18:24:24.986561: | total fragments: 5 (0x5) Aug 26 18:24:24.986563: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.986565: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.986566: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.986583: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.986586: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.986588: | cleartext fragment 46 94 63 ff 64 59 4e 6c 87 ca 3e e6 31 df 1e 7d Aug 26 18:24:24.986589: | cleartext fragment 48 88 02 c7 9d fa 4a d7 f2 5b a5 fd 7f 1b c6 dc Aug 26 18:24:24.986591: | cleartext fragment 1a bb a6 c4 f8 32 cd bf a7 0b 71 8b 2b 31 41 17 Aug 26 18:24:24.986594: | cleartext fragment 25 a4 18 52 7d 32 fc 0f 5f b8 bb ca e1 94 1a 42 Aug 26 18:24:24.986595: | cleartext fragment 4d 1f 37 16 67 84 ae b4 32 42 9c 5a 91 71 62 b4 Aug 26 18:24:24.986597: | cleartext fragment 4b 07 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Aug 26 18:24:24.986599: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Aug 26 18:24:24.986600: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Aug 26 18:24:24.986602: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 18:24:24.986603: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Aug 26 18:24:24.986605: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Aug 26 18:24:24.986606: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Aug 26 18:24:24.986608: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Aug 26 18:24:24.986610: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Aug 26 18:24:24.986611: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Aug 26 18:24:24.986613: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Aug 26 18:24:24.986614: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 18:24:24.986616: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Aug 26 18:24:24.986617: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Aug 26 18:24:24.986619: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 18:24:24.986621: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:24:24.986622: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Aug 26 18:24:24.986624: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Aug 26 18:24:24.986625: | cleartext fragment 03 81 81 00 3a 56 a3 7d b1 4e 62 2f 82 0d e3 fe Aug 26 18:24:24.986627: | cleartext fragment 74 40 ef cb eb 93 ea ad e4 74 8b 80 6f ae 8b 65 Aug 26 18:24:24.986628: | cleartext fragment 87 12 a6 24 0d 21 9c 5f 70 5c 6f d9 66 8d 98 8b Aug 26 18:24:24.986643: | cleartext fragment ea 59 f8 96 52 6a 6c 86 d6 7d ba 37 a9 8c 33 8c Aug 26 18:24:24.986644: | cleartext fragment 77 18 23 0b 1b 2a 66 47 e7 95 94 e6 75 84 30 d4 Aug 26 18:24:24.986646: | cleartext fragment db b8 23 eb 89 82 a9 fd ed 46 8b ce 46 7f f9 19 Aug 26 18:24:24.986647: | cleartext fragment 8f 49 da 29 2e 1e 97 cd 12 42 86 c7 57 fc Aug 26 18:24:24.986649: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986664: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.986666: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.986667: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.986669: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.986674: | **emit ISAKMP Message: Aug 26 18:24:24.986676: | initiator cookie: Aug 26 18:24:24.986677: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986679: | responder cookie: Aug 26 18:24:24.986680: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986682: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.986684: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986686: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986687: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986689: | Message ID: 1 (0x1) Aug 26 18:24:24.986691: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.986692: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.986707: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.986709: | flags: none (0x0) Aug 26 18:24:24.986710: | fragment number: 4 (0x4) Aug 26 18:24:24.986712: | total fragments: 5 (0x5) Aug 26 18:24:24.986713: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.986731: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.986733: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.986735: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.986741: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.986743: | cleartext fragment 4f 0a 19 26 8a a1 0d 26 81 4d 53 f4 5c 92 a1 03 Aug 26 18:24:24.986744: | cleartext fragment 03 8d 6c 51 33 cc 21 00 01 88 01 00 00 00 24 fb Aug 26 18:24:24.986746: | cleartext fragment 95 f7 e5 a6 1a c6 73 92 3c 8b 8a 98 1a 37 f4 be Aug 26 18:24:24.986747: | cleartext fragment 09 c1 8c 4d eb b0 63 c0 0b cd f8 d2 42 53 ac 2a Aug 26 18:24:24.986749: | cleartext fragment 40 8b 44 c6 19 09 ba a9 6d eb d7 fb 4a b8 c4 82 Aug 26 18:24:24.986750: | cleartext fragment ce b4 ae 08 c6 42 cc 3a 06 0b 98 5e ec d5 48 64 Aug 26 18:24:24.986752: | cleartext fragment 99 fa be 78 c5 25 20 d6 8c fe b6 d9 bc fb 09 e9 Aug 26 18:24:24.986754: | cleartext fragment 76 7b 99 93 b4 11 70 c1 85 f7 62 10 10 50 ba 11 Aug 26 18:24:24.986755: | cleartext fragment 7f bb 57 4d 3f 3b a0 d5 4b ab ed 7c be 8d 0d 27 Aug 26 18:24:24.986770: | cleartext fragment c0 4c 85 01 01 aa aa 8a cc 09 c6 7e 82 81 e5 23 Aug 26 18:24:24.986771: | cleartext fragment 5b 33 84 3d 70 de d1 bd ec 82 ea d6 4b 3b 71 1b Aug 26 18:24:24.986773: | cleartext fragment 63 7e 05 8e b4 b1 5d ca ff d6 f6 d9 3d e8 17 fa Aug 26 18:24:24.986774: | cleartext fragment de 59 3e 00 23 df b3 db 35 35 7a a2 6b 8a 06 ea Aug 26 18:24:24.986776: | cleartext fragment 24 d7 d1 08 2d fd 54 96 98 dc d6 16 e1 d6 fd f9 Aug 26 18:24:24.986777: | cleartext fragment 3b 51 4f 63 66 8b 8a 66 9c 77 9b 88 b5 b9 c9 a7 Aug 26 18:24:24.986779: | cleartext fragment 62 5a 1a df 26 2a f2 dc 90 29 d9 63 c2 34 6c 69 Aug 26 18:24:24.986781: | cleartext fragment b0 a2 1f d7 af e1 2a 1e c2 35 07 da a6 5f 1d c1 Aug 26 18:24:24.986782: | cleartext fragment e7 a1 ea ec 23 58 8e 60 3b c8 38 0a 9c 44 df f0 Aug 26 18:24:24.986784: | cleartext fragment 03 61 3d 85 56 0a 06 38 f7 cb cb 72 46 64 26 20 Aug 26 18:24:24.986785: | cleartext fragment 50 88 f2 0f c9 a8 97 71 90 32 b5 20 82 69 ba e6 Aug 26 18:24:24.986787: | cleartext fragment 96 7a 97 08 d7 1f e2 ea 4d 9c b6 b8 d9 0a 21 01 Aug 26 18:24:24.986788: | cleartext fragment 26 68 81 61 45 a6 f2 36 e6 10 67 92 b2 e2 69 ff Aug 26 18:24:24.986790: | cleartext fragment 81 a6 f8 76 97 f9 36 c0 5b 7c 7b d9 5b 26 c6 fb Aug 26 18:24:24.986791: | cleartext fragment e7 2a f4 9f 07 2d 51 0c d8 dd ff 5f 43 76 18 8d Aug 26 18:24:24.986793: | cleartext fragment 02 38 c2 41 a4 ce a9 12 6e e3 84 ec ff c1 fe e5 Aug 26 18:24:24.986794: | cleartext fragment 63 70 30 e0 0f 11 90 65 3c 3c 6e b0 54 e0 2c 00 Aug 26 18:24:24.986796: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 c6 48 b9 13 03 00 Aug 26 18:24:24.986797: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 18:24:24.986799: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Aug 26 18:24:24.986800: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Aug 26 18:24:24.986802: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986804: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.986806: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.986807: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.986809: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.986813: | **emit ISAKMP Message: Aug 26 18:24:24.986814: | initiator cookie: Aug 26 18:24:24.986816: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.986820: | responder cookie: Aug 26 18:24:24.986822: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986824: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.986825: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.986827: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.986829: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.986830: | Message ID: 1 (0x1) Aug 26 18:24:24.986832: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.986834: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.986835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.986837: | flags: none (0x0) Aug 26 18:24:24.986838: | fragment number: 5 (0x5) Aug 26 18:24:24.986840: | total fragments: 5 (0x5) Aug 26 18:24:24.986842: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.986844: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.986845: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.986847: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.986849: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.986851: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Aug 26 18:24:24.986853: | cleartext fragment c0 00 02 ff Aug 26 18:24:24.986854: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.986856: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.986858: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.986860: | emitting length of IKEv2 Encrypted Fragment: 53 Aug 26 18:24:24.986861: | emitting length of ISAKMP Message: 81 Aug 26 18:24:24.986866: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 18:24:24.986872: | #1 spent 18.3 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 18:24:24.986878: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.986882: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.986885: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 18:24:24.986887: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 18:24:24.986889: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 18:24:24.986891: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:24.986895: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:24.986898: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:24:24.986900: | pstats #2 ikev2.child established Aug 26 18:24:24.986906: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:24.986909: | NAT-T: encaps is 'auto' Aug 26 18:24:24.986912: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x5c2f00b5 <0xc648b913 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:24.986915: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:24.986917: | sending fragments ... Aug 26 18:24:24.986922: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.986925: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.986926: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 18:24:24.986928: | 00 01 00 05 9b 26 60 18 08 a3 04 f9 aa 4f 27 ac Aug 26 18:24:24.986929: | 76 ac 2a f2 39 f6 b0 a1 42 79 43 b4 04 00 26 3f Aug 26 18:24:24.986931: | 13 07 93 ac 53 df 7a 36 d5 cc 9a 62 1f ac 1b 0d Aug 26 18:24:24.986932: | 99 88 1c c6 1d 97 ee 27 91 11 85 1a de 1c 39 19 Aug 26 18:24:24.986934: | 4f 82 68 d2 07 83 7d 2f 96 12 8b 99 47 6d 3b 01 Aug 26 18:24:24.986935: | be 3d 97 f6 1c 7c 6c 24 50 dc b1 d7 ac 96 a7 c9 Aug 26 18:24:24.986937: | e3 59 77 7b 5d b9 15 20 eb 9a 53 55 a2 08 f6 15 Aug 26 18:24:24.986938: | 14 2f f5 70 c3 d6 65 db 69 60 55 5d 77 05 fc e9 Aug 26 18:24:24.986940: | 26 65 24 7e 39 f6 c4 0f 45 bb 4c e5 66 18 37 13 Aug 26 18:24:24.986941: | 74 69 96 d8 60 ea 1c cf b7 ae 32 eb 38 f2 e7 de Aug 26 18:24:24.986943: | be f9 b3 dc 8f fa 95 7e 83 df 07 9c 48 c8 0a 24 Aug 26 18:24:24.986944: | 34 7c 31 16 ae 43 ee 1a ef 82 1a 20 c9 68 23 c3 Aug 26 18:24:24.986946: | ad 6e b7 5c 81 02 56 9f e6 29 99 2e 38 bf 56 46 Aug 26 18:24:24.986947: | 44 52 d1 c1 30 a4 6b ca 95 95 eb b1 67 3c f3 f3 Aug 26 18:24:24.986949: | bb ce d4 ef 63 b2 73 6a 3d a2 59 dd 37 3a f6 9e Aug 26 18:24:24.986950: | 15 17 68 ea 59 11 af 50 e0 e1 e2 7c 6b 64 80 56 Aug 26 18:24:24.986952: | 99 bd 30 cf 3c 06 3b cc d4 d7 86 6f 25 0d 67 73 Aug 26 18:24:24.986953: | 7d 36 84 ab f2 e9 d6 4f a2 86 ad 9d 32 6e fa 44 Aug 26 18:24:24.986955: | 13 ab c0 c9 c7 fb 63 34 b7 54 b2 29 f5 f5 a8 52 Aug 26 18:24:24.986956: | 5c ac 4e 41 dc 31 39 86 bf 57 22 e8 fd b2 c0 64 Aug 26 18:24:24.986957: | b0 6c 4e 51 ce 95 20 13 69 bd 51 4a a9 2e 3c ba Aug 26 18:24:24.986959: | 4d ac 08 14 9f 5b a7 a6 b8 5e ed 0a d7 3e 63 19 Aug 26 18:24:24.986960: | ac 86 df 63 bb bb 7b 91 dd 2d f2 fa ab 64 b0 d5 Aug 26 18:24:24.986962: | 07 51 f0 a1 06 97 c0 2b a9 ec 58 ba 0e 13 9b f4 Aug 26 18:24:24.986963: | c7 1e a5 83 78 c0 48 66 cd 11 fe 27 dd b8 b1 b4 Aug 26 18:24:24.986965: | 86 c4 81 aa b5 96 71 2f 33 72 70 56 05 bd 05 6f Aug 26 18:24:24.986966: | ad 75 4b c3 6d 63 3e d6 34 3f f7 ce f4 92 17 7a Aug 26 18:24:24.986968: | 96 3e 25 22 89 50 79 33 04 96 c8 19 5f 17 68 a6 Aug 26 18:24:24.986969: | 28 4c c7 17 34 ad 60 4c aa 5d 00 63 f0 f8 51 a8 Aug 26 18:24:24.986971: | f2 ca 4a 5d e1 0d a4 d1 51 c8 b2 61 68 84 d7 b1 Aug 26 18:24:24.986972: | a1 19 01 ed c3 d3 bb 8f 02 2d 67 36 bd 9c 65 62 Aug 26 18:24:24.986974: | e3 ae 6d 51 2d cb be 80 bd 74 c3 Aug 26 18:24:24.987249: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.987252: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987254: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.987256: | 00 02 00 05 57 c9 52 c7 bf 2c a4 4a 2c 28 c9 8a Aug 26 18:24:24.987257: | ce 6b 0c 48 4e cb c5 0e 39 0f c4 51 fd 72 86 55 Aug 26 18:24:24.987258: | 3a b6 aa 22 e1 e7 9d 0e b8 92 2f 84 12 17 29 0f Aug 26 18:24:24.987260: | a3 5b 4e ed 56 4f 18 13 a2 77 62 8e c7 f3 87 4d Aug 26 18:24:24.987261: | 79 8c e3 3c 47 e4 71 07 24 3b 78 ba 18 56 7e 65 Aug 26 18:24:24.987263: | 5c 3b c8 23 d8 b3 51 34 fd ee e5 d7 b9 c0 18 66 Aug 26 18:24:24.987264: | e7 75 06 08 24 81 11 71 8c 27 7e be 2c ed b2 55 Aug 26 18:24:24.987266: | cc 4f 38 a0 72 4c fc 50 b6 38 3f 82 66 f7 0b f6 Aug 26 18:24:24.987267: | 17 f2 4a 57 d0 44 ac 62 5a b5 27 a6 95 d4 fe 21 Aug 26 18:24:24.987269: | e2 21 9a 90 c7 13 4f 02 0d ab d7 fb 5f 93 04 e6 Aug 26 18:24:24.987270: | a4 ee 49 9e 50 ca 0b 5d a6 ba d8 4e d7 6f 30 d9 Aug 26 18:24:24.987272: | 03 03 f9 e5 75 63 40 ee 07 96 eb e1 39 21 b6 79 Aug 26 18:24:24.987273: | 9e c6 f2 78 9e 50 a7 e9 60 42 44 70 1a 32 df 46 Aug 26 18:24:24.987275: | ff 8b 2d c2 90 74 a3 83 eb 87 ff e9 56 60 c4 fb Aug 26 18:24:24.987276: | 8a 5c f6 18 b1 83 85 1d c2 e8 2e 58 3c 4a 9e f8 Aug 26 18:24:24.987279: | 58 fd da f4 dd da e7 07 da 42 99 cf 93 b9 5a 77 Aug 26 18:24:24.987281: | 3a 39 6a 38 d6 be c0 9e ec bf 5d 86 7b 29 89 f9 Aug 26 18:24:24.987282: | 22 0c 82 88 40 25 04 b3 3d 9d 94 0b f1 c3 22 55 Aug 26 18:24:24.987284: | cc e1 bc e1 c5 96 73 76 c4 46 31 4c 51 08 ac aa Aug 26 18:24:24.987285: | 02 54 c9 a3 49 28 21 f9 d2 78 7d 76 ad 33 76 c2 Aug 26 18:24:24.987287: | b2 96 b3 9e bd cc e3 16 0d 9a 5d f8 e1 0b 89 b9 Aug 26 18:24:24.987321: | 51 76 0a 89 19 b8 2f 31 56 1a fe a4 7b 9f 8f 8a Aug 26 18:24:24.987329: | be 72 c7 ab 18 df df 7a 3e 7b 90 dc 68 14 39 3f Aug 26 18:24:24.987335: | 95 09 cf 60 d4 93 1f 0f fc 0e 39 93 3d a0 5c ad Aug 26 18:24:24.987339: | ab ce 02 34 ba bf 28 3d 4e 9e c7 22 a2 f0 84 fb Aug 26 18:24:24.987344: | 3a b4 03 50 5b 20 ff c0 77 db 24 48 8b 42 67 5d Aug 26 18:24:24.987348: | e9 7e 08 73 72 74 1f 01 6a d8 5f 2b 0e 4a b6 29 Aug 26 18:24:24.987350: | 50 a5 ca 9f 2e 18 6d a0 a2 a0 12 e0 be 06 90 8f Aug 26 18:24:24.987353: | 38 ec 7c 0f 7e 72 95 30 a2 b8 7d 55 63 82 57 4f Aug 26 18:24:24.987359: | 48 67 7e 19 3e 54 36 66 82 98 da b5 65 89 f5 d3 Aug 26 18:24:24.987366: | 25 d7 69 13 78 c2 5e 98 6b aa b8 63 e1 60 47 0d Aug 26 18:24:24.987370: | 07 a4 8f bc 0e 21 49 96 e0 37 8a Aug 26 18:24:24.987394: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.987397: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987399: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.987402: | 00 03 00 05 2f 97 16 a2 05 7d c9 0a 5d f6 61 f3 Aug 26 18:24:24.987403: | 06 ad 45 80 8f c7 03 56 7b 1e 32 47 a0 94 62 3e Aug 26 18:24:24.987405: | fd 82 69 7d c0 54 9a 9d bd 0d 33 99 7c e0 51 f6 Aug 26 18:24:24.987408: | 39 e0 08 61 8f 05 11 49 48 1f ec ef 31 62 2e 64 Aug 26 18:24:24.987410: | cf 41 76 d4 41 29 d9 2f 4d 2d 64 76 f3 a2 d1 67 Aug 26 18:24:24.987412: | f7 eb f4 10 a9 db a4 07 a6 b5 0d 33 b0 e0 10 68 Aug 26 18:24:24.987415: | 9d ca 22 2f 9f c6 63 88 96 af 1f 4f fa c4 03 3c Aug 26 18:24:24.987416: | 67 b5 56 24 73 ff 76 2f 2e 59 be ae a5 80 59 51 Aug 26 18:24:24.987419: | 32 62 88 90 03 53 17 fd 69 1e 6e 9a de 19 04 79 Aug 26 18:24:24.987421: | 74 f9 82 47 37 41 2c 58 6c 58 69 a5 9d 3d 36 8e Aug 26 18:24:24.987423: | af de cc 91 be 40 1f df 0e 6a 97 03 15 76 58 4d Aug 26 18:24:24.987426: | 37 ec 06 00 e8 dd f6 52 9b 60 31 ed 87 10 1f ce Aug 26 18:24:24.987428: | c3 dd 9d f6 56 84 e5 3c e0 86 d0 d6 8e c8 dc 24 Aug 26 18:24:24.987429: | f9 71 0f 82 d9 2c f5 b4 f4 80 f5 12 5e ac 00 d7 Aug 26 18:24:24.987431: | 6d 7b 4e bd c9 d1 03 0a 89 52 4f 56 ed 33 9c 2e Aug 26 18:24:24.987433: | f5 21 5c 08 14 a7 7b 76 b6 25 90 5d ad ad 77 54 Aug 26 18:24:24.987436: | 4f 82 f1 e0 ba 66 8c c4 56 03 12 3a de 82 f4 5d Aug 26 18:24:24.987437: | 57 bd 79 81 da 02 71 0a 84 8d c8 64 be 61 5c b5 Aug 26 18:24:24.987439: | 8a cf a2 e3 71 e9 c9 f0 24 3b c4 ae e6 5b 0b e9 Aug 26 18:24:24.987440: | 16 72 85 fd de e1 e1 b8 de b2 4f 2e 32 64 57 c3 Aug 26 18:24:24.987442: | 46 d2 b7 83 63 ad d4 8b d3 a7 9f a5 5e 62 56 5d Aug 26 18:24:24.987444: | bd d7 3b 21 1c cb a0 48 2d 75 2b 0e 07 a0 c4 75 Aug 26 18:24:24.987445: | 20 dc 60 ba 23 2e 39 31 54 18 85 af 72 09 ae 24 Aug 26 18:24:24.987447: | c1 20 54 a8 9d 1c ca 87 aa d1 81 93 bf 51 6d b9 Aug 26 18:24:24.987448: | 93 d4 ee db 97 0a d1 84 c6 ef e6 e9 9d f7 af fc Aug 26 18:24:24.987450: | 6e c0 eb ed 7b 4b 72 bb 70 38 14 51 a3 c5 18 d8 Aug 26 18:24:24.987451: | 66 ac f0 e4 21 d8 2e 42 92 7e 10 a0 a8 a2 a2 18 Aug 26 18:24:24.987453: | 00 f4 60 0f 03 40 36 f5 1d 26 92 87 e6 cf ac 3c Aug 26 18:24:24.987455: | 4c b1 25 43 51 46 35 59 03 ee 19 f7 59 45 6f 97 Aug 26 18:24:24.987457: | bd cc 4b 0d 50 2b f5 9d 48 38 05 a8 7d 2c fc 37 Aug 26 18:24:24.987459: | e4 1c a1 e3 66 23 4d 70 d5 25 1d e6 9a 80 38 73 Aug 26 18:24:24.987463: | 4f 77 6b 10 1d 80 bc 90 44 bc 8c Aug 26 18:24:24.987478: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.987481: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987483: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.987486: | 00 04 00 05 00 a4 30 37 6a 67 8c 2f 67 f8 b4 74 Aug 26 18:24:24.987488: | 2e 05 e0 e1 1d 6f b7 36 40 39 60 66 38 66 c1 16 Aug 26 18:24:24.987490: | 76 2f bf 34 6d 36 f9 6c 5b e6 be d2 fa 7e a6 c2 Aug 26 18:24:24.987492: | 79 f2 ab af 25 e9 42 65 3f ea 87 4e 9e f7 7a d9 Aug 26 18:24:24.987495: | f5 46 55 c2 ed 57 4a 6d 77 b7 88 99 c2 fb 68 68 Aug 26 18:24:24.987497: | 8b f3 90 f0 66 6a 55 f8 82 5d 7a bf f2 b3 e7 57 Aug 26 18:24:24.987499: | ab 80 cf 81 37 e6 78 ec e2 1d 02 b0 80 ea e2 bf Aug 26 18:24:24.987501: | 44 91 16 c3 e5 90 a3 31 b8 86 52 f4 a8 11 f1 f7 Aug 26 18:24:24.987503: | 86 8c cd 85 fa 81 16 64 5a c7 93 c6 88 f8 63 05 Aug 26 18:24:24.987505: | be 20 82 c2 fe 44 db 7d dc cf 76 28 a9 23 70 04 Aug 26 18:24:24.987507: | ef c2 bc bc a9 e8 7f 8d f0 ef d0 67 54 9f b7 19 Aug 26 18:24:24.987510: | ad d1 91 58 dd 87 68 79 81 b8 89 c1 e6 5f fd bf Aug 26 18:24:24.987512: | da 83 af 46 91 e5 2b 66 65 34 0c 8b 2c e9 39 ef Aug 26 18:24:24.987514: | 80 ea 4f 1a d0 a7 23 e6 bf ef f5 ac 8e 46 d4 cc Aug 26 18:24:24.987516: | 57 49 59 a7 5f c9 1a fa 53 96 c5 96 2d b1 43 85 Aug 26 18:24:24.987517: | ef c3 91 57 75 57 d1 df 02 fb 13 e9 f0 84 74 5d Aug 26 18:24:24.987519: | 48 4e ac 8e 95 b7 c9 a2 1f 16 e4 16 00 ef 01 09 Aug 26 18:24:24.987520: | 8f c6 fa 24 88 79 0a 3d a0 0a 4b c5 75 3f 89 1e Aug 26 18:24:24.987522: | 10 f0 0a e4 c3 23 dd f1 9d 96 6a 29 87 29 88 ad Aug 26 18:24:24.987523: | c4 0d d7 6a 5c 5a 98 d4 94 27 71 f0 5b 9a 58 e6 Aug 26 18:24:24.987525: | a3 72 a5 87 ec 3a f8 dd c9 7a 78 12 c2 99 e8 6a Aug 26 18:24:24.987526: | 7f 2f cf cd aa 57 df 16 87 9c 4a 66 dd b5 14 a0 Aug 26 18:24:24.987528: | a6 ac 41 3b d9 5f 8b 08 47 b5 e2 6d 20 96 ff 49 Aug 26 18:24:24.987529: | c6 61 cf c0 d2 20 1b 5a 66 a2 57 49 2a 31 94 c6 Aug 26 18:24:24.987531: | f7 e6 28 96 2a a7 5e 23 e7 ad 74 28 bc 0c 26 8c Aug 26 18:24:24.987532: | 3a 14 89 d4 41 fa a6 a4 e6 9f e5 3b 03 0b 39 8e Aug 26 18:24:24.987534: | c8 4c 83 1a b7 b7 02 ef 7c 91 6f db ff 89 17 c0 Aug 26 18:24:24.987535: | 4f 29 e7 28 3f a1 9c ef a1 ea d6 f4 10 48 ee 1b Aug 26 18:24:24.987539: | 05 5e d3 42 5c ac a0 a7 0b 41 31 1d 13 38 62 74 Aug 26 18:24:24.987540: | 80 98 b3 cc f2 00 49 b1 1d 6b 53 62 39 8f 8f 13 Aug 26 18:24:24.987542: | 07 a0 57 04 63 d5 05 f3 08 4e ce 16 8d a9 73 0b Aug 26 18:24:24.987543: | fa d5 ab b9 42 e0 83 df a3 49 47 Aug 26 18:24:24.987555: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:24.987557: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987559: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 18:24:24.987560: | 00 05 00 05 1b a0 ff 79 6f b8 99 d7 be e2 bf 6f Aug 26 18:24:24.987562: | fd 9f 69 df 13 7d 9f de 52 37 18 85 1c 37 35 cf Aug 26 18:24:24.987563: | 94 e0 ea 26 8c 09 06 68 e1 41 e4 1f 4f cd 60 bc Aug 26 18:24:24.987566: | 91 Aug 26 18:24:24.987576: | sent 5 fragments Aug 26 18:24:24.987579: | releasing whack for #2 (sock=fd@-1) Aug 26 18:24:24.987583: | releasing whack and unpending for parent #1 Aug 26 18:24:24.987586: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 18:24:24.987590: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:24.987594: | event_schedule: new EVENT_SA_REKEY-pe@0x7f3c88002b78 Aug 26 18:24:24.987599: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 18:24:24.987605: | libevent_malloc: new ptr-libevent@0x555f34d6a898 size 128 Aug 26 18:24:24.987621: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:24.987633: | #1 spent 19.2 milliseconds in resume sending helper answer Aug 26 18:24:24.987639: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:24.987644: | libevent_free: release ptr-libevent@0x7f3c80000f48 Aug 26 18:24:24.987660: | processing signal PLUTO_SIGCHLD Aug 26 18:24:24.987666: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:24.987670: | spent 0.00511 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:24.987673: | processing signal PLUTO_SIGCHLD Aug 26 18:24:24.987676: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:24.987680: | spent 0.00349 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:24.987682: | processing signal PLUTO_SIGCHLD Aug 26 18:24:24.987685: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:24.987689: | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.044602: | spent 0.00319 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.044628: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:25.044633: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.044637: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:24:25.044640: | 94 7a 89 25 9f f7 04 a6 9e b7 25 22 95 ac ce 7f Aug 26 18:24:25.044643: | 6b d1 f9 02 ed 07 ca 4f 53 ac 1b 06 86 de 8a f1 Aug 26 18:24:25.044646: | 42 b2 67 ec 9d 61 66 00 4b 94 74 1d 23 e9 80 57 Aug 26 18:24:25.044649: | e3 03 1c 04 68 13 e8 50 5d ca 71 b6 81 6d fd 3c Aug 26 18:24:25.044653: | 54 89 fb a0 83 37 65 53 91 e9 d5 8b 16 c0 d9 c2 Aug 26 18:24:25.044656: | 35 4c 62 62 fa ab 14 52 1e 34 c7 40 26 34 77 39 Aug 26 18:24:25.044659: | 82 93 ca 8f e2 cb ad 1a 86 0a 26 a8 52 80 63 b5 Aug 26 18:24:25.044662: | a6 21 4c de 80 fd e3 16 75 50 6e 01 61 c4 af a1 Aug 26 18:24:25.044665: | 30 c3 2d f4 c1 07 94 45 96 04 7d 0b 81 26 8a d7 Aug 26 18:24:25.044668: | 8d e5 5f d8 03 b7 e2 ed 57 a3 22 4f 2c 66 59 b4 Aug 26 18:24:25.044672: | 23 35 3a e5 06 7f b1 63 13 65 ac 7e dd 22 03 d2 Aug 26 18:24:25.044675: | 3c c4 cc d5 52 55 47 79 f3 e2 7c f9 f3 f3 cb 62 Aug 26 18:24:25.044678: | c7 74 af f3 45 72 f5 28 80 23 68 db 29 2b f4 16 Aug 26 18:24:25.044681: | 83 57 01 de b8 69 e1 8f 44 58 f2 eb 08 5e 7c 33 Aug 26 18:24:25.044684: | 05 2d cd dd cb 4b f3 4e fc 65 a6 66 f3 30 ed 24 Aug 26 18:24:25.044688: | fd a6 66 58 0c c4 3c 83 4c be 9d 06 95 8b a0 1e Aug 26 18:24:25.044691: | dc 1e d2 7d 74 17 b6 f9 54 25 6e e1 9d 50 ee 91 Aug 26 18:24:25.044694: | 72 23 8e c2 86 9c 2f 3a eb 2c 8e b7 98 b5 3c 91 Aug 26 18:24:25.044697: | 5e a5 47 e8 3c 8f 71 33 b4 c2 ef ad 62 87 2b 27 Aug 26 18:24:25.044701: | 55 14 c4 50 67 f4 a3 76 c0 5c 74 1e 83 4e 4d 37 Aug 26 18:24:25.044704: | 12 7f 59 4b 8b 5d 42 fd 25 73 f5 97 8a 51 63 af Aug 26 18:24:25.044707: | 6f 6c b6 3f f4 9a c4 ec 21 b0 ac 50 28 7b 6d 0a Aug 26 18:24:25.044710: | ff ec d0 78 38 05 0c 13 a6 43 2e 05 36 d0 2b dc Aug 26 18:24:25.044714: | 8e 34 09 1e 13 73 d9 3e 97 4a 34 b6 70 40 3a 8d Aug 26 18:24:25.044717: | b5 0d b6 43 cf e6 2a 2f ad 65 cf b7 77 d8 2a bf Aug 26 18:24:25.044720: | f6 c2 e9 99 0c 57 cb f9 5e 0f b7 a6 1a 31 73 2b Aug 26 18:24:25.044723: | cc 48 64 69 fa a4 bd d7 93 e5 7a 44 fe 04 a3 92 Aug 26 18:24:25.044726: | 70 a3 6a 8d 9d ef 65 82 5e 18 23 84 91 5d 67 94 Aug 26 18:24:25.044729: | 9c 9b 63 2b 05 bd 17 b5 b9 4a 3a 18 77 91 4e 21 Aug 26 18:24:25.044733: | 1d dc 2f ef a3 61 19 86 01 16 44 fc 8f 43 07 aa Aug 26 18:24:25.044736: | 08 a0 08 c9 93 c7 55 ea 9f 66 c7 7e 3e dd 2c 44 Aug 26 18:24:25.044739: | db 14 1e eb 06 d8 0f b4 2d 87 35 34 ec b2 cb 81 Aug 26 18:24:25.044742: | dc a6 94 b7 7b 05 31 2d d0 b4 85 2b b2 ca 28 4d Aug 26 18:24:25.044745: | df 25 8c 73 9f 5c 13 22 d2 e3 eb 0c 8a 8b 2a 63 Aug 26 18:24:25.044748: | d7 d2 5a 12 b0 2b 9b 3d 7d 30 c8 eb a4 26 95 64 Aug 26 18:24:25.044754: | 74 e1 b5 0c 03 1f 67 98 81 Aug 26 18:24:25.044760: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:25.044765: | **parse ISAKMP Message: Aug 26 18:24:25.044769: | initiator cookie: Aug 26 18:24:25.044772: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:25.044775: | responder cookie: Aug 26 18:24:25.044778: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.044781: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.044785: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.044788: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.044792: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.044795: | Message ID: 2 (0x2) Aug 26 18:24:25.044799: | length: 601 (0x259) Aug 26 18:24:25.044803: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:24:25.044807: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 18:24:25.044812: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 18:24:25.044820: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.044825: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:25.044831: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:25.044835: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:24:25.044841: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 18:24:25.044844: | unpacking clear payload Aug 26 18:24:25.044848: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:25.044851: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:25.044855: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.044858: | flags: none (0x0) Aug 26 18:24:25.044861: | length: 573 (0x23d) Aug 26 18:24:25.044865: | processing payload: ISAKMP_NEXT_v2SK (len=569) Aug 26 18:24:25.044871: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:25.044875: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 18:24:25.044896: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:24:25.044900: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.044904: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.044907: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.044910: | flags: none (0x0) Aug 26 18:24:25.044913: | length: 196 (0xc4) Aug 26 18:24:25.044916: | processing payload: ISAKMP_NEXT_v2SA (len=192) Aug 26 18:24:25.044920: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.044923: | **parse IKEv2 Nonce Payload: Aug 26 18:24:25.044926: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.044930: | flags: none (0x0) Aug 26 18:24:25.044933: | length: 36 (0x24) Aug 26 18:24:25.044936: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.044940: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.044944: | **parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.044947: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.044950: | flags: none (0x0) Aug 26 18:24:25.044953: | length: 264 (0x108) Aug 26 18:24:25.044956: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.044959: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.044963: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.044966: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.044969: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.044972: | flags: none (0x0) Aug 26 18:24:25.044975: | length: 24 (0x18) Aug 26 18:24:25.044979: | number of TS: 1 (0x1) Aug 26 18:24:25.044984: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.044987: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.044991: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.044994: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.044997: | flags: none (0x0) Aug 26 18:24:25.045000: | length: 24 (0x18) Aug 26 18:24:25.045003: | number of TS: 1 (0x1) Aug 26 18:24:25.045007: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.045011: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 18:24:25.045015: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 18:24:25.045022: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.045028: | creating state object #3 at 0x555f34d64828 Aug 26 18:24:25.045032: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:25.045042: | pstats #3 ikev2.child started Aug 26 18:24:25.045046: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 18:24:25.045054: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.045065: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.045070: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 18:24:25.045077: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Aug 26 18:24:25.045083: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 18:24:25.045090: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:25.045093: | forcing ST #1 to CHILD #1.#3 in FSM processor Aug 26 18:24:25.045097: | Now let's proceed with state specific processing Aug 26 18:24:25.045100: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 18:24:25.045106: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:25.045112: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 18:24:25.045119: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.045126: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045130: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.045136: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045141: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.045147: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045152: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.045158: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045169: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045174: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:24:25.045182: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.045186: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.045190: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.045193: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.045196: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.045201: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.045204: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.045208: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.045211: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.045215: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.045218: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.045223: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.045226: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.045230: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.045233: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.045237: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.045240: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.045244: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.045248: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.045252: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.045255: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.045258: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.045262: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.045266: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.045270: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.045274: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.045277: | length: 40 (0x28) Aug 26 18:24:25.045280: | prop #: 1 (0x1) Aug 26 18:24:25.045283: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.045286: | spi size: 4 (0x4) Aug 26 18:24:25.045296: | # transforms: 3 (0x3) Aug 26 18:24:25.045301: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.045304: | remote SPI 38 33 8d a6 Aug 26 18:24:25.045309: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:25.045313: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045320: | length: 12 (0xc) Aug 26 18:24:25.045324: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.045327: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.045331: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.045334: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.045338: | length/value: 256 (0x100) Aug 26 18:24:25.045343: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.045347: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045355: | length: 8 (0x8) Aug 26 18:24:25.045358: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.045362: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.045368: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.045373: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:25.045377: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:25.045381: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:25.045385: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045389: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.045395: | length: 8 (0x8) Aug 26 18:24:25.045398: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.045402: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.045407: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.045412: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:24:25.045417: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:24:25.045421: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:24:25.045427: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:24:25.045434: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:24:25.045437: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.045442: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.045445: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.045449: | length: 40 (0x28) Aug 26 18:24:25.045452: | prop #: 2 (0x2) Aug 26 18:24:25.045455: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.045459: | spi size: 4 (0x4) Aug 26 18:24:25.045462: | # transforms: 3 (0x3) Aug 26 18:24:25.045467: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.045470: | remote SPI 38 33 8d a6 Aug 26 18:24:25.045475: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.045478: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045485: | length: 12 (0xc) Aug 26 18:24:25.045488: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.045492: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.045495: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.045499: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.045502: | length/value: 128 (0x80) Aug 26 18:24:25.045506: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045512: | length: 8 (0x8) Aug 26 18:24:25.045516: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.045519: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.045523: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045526: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.045529: | length: 8 (0x8) Aug 26 18:24:25.045533: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.045536: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.045541: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Aug 26 18:24:25.045545: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Aug 26 18:24:25.045549: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.045552: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.045555: | length: 56 (0x38) Aug 26 18:24:25.045559: | prop #: 3 (0x3) Aug 26 18:24:25.045562: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.045566: | spi size: 4 (0x4) Aug 26 18:24:25.045569: | # transforms: 5 (0x5) Aug 26 18:24:25.045573: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.045576: | remote SPI 38 33 8d a6 Aug 26 18:24:25.045581: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.045585: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045591: | length: 12 (0xc) Aug 26 18:24:25.045594: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.045598: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.045603: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.045606: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.045610: | length/value: 256 (0x100) Aug 26 18:24:25.045614: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045620: | length: 8 (0x8) Aug 26 18:24:25.045623: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.045626: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.045630: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045637: | length: 8 (0x8) Aug 26 18:24:25.045640: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.045643: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.045647: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045653: | length: 8 (0x8) Aug 26 18:24:25.045657: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.045660: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.045664: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045667: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.045670: | length: 8 (0x8) Aug 26 18:24:25.045673: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.045677: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.045682: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 18:24:25.045687: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 18:24:25.045690: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.045694: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.045697: | length: 56 (0x38) Aug 26 18:24:25.045700: | prop #: 4 (0x4) Aug 26 18:24:25.045703: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.045706: | spi size: 4 (0x4) Aug 26 18:24:25.045709: | # transforms: 5 (0x5) Aug 26 18:24:25.045713: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.045716: | remote SPI 38 33 8d a6 Aug 26 18:24:25.045720: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:25.045724: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045730: | length: 12 (0xc) Aug 26 18:24:25.045734: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.045737: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.045740: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.045744: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.045747: | length/value: 128 (0x80) Aug 26 18:24:25.045751: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045758: | length: 8 (0x8) Aug 26 18:24:25.045761: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.045764: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.045768: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045774: | length: 8 (0x8) Aug 26 18:24:25.045778: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.045781: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.045785: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.045791: | length: 8 (0x8) Aug 26 18:24:25.045794: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.045798: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.045802: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.045807: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.045810: | length: 8 (0x8) Aug 26 18:24:25.045813: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.045816: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.045822: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 18:24:25.045826: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 18:24:25.045833: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=38338da6;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045840: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=38338da6;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.045843: | converting proposal to internal trans attrs Aug 26 18:24:25.045849: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:24:25.045853: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 18:24:25.045857: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.045860: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.045864: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.045867: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.045870: | length: 16 (0x10) Aug 26 18:24:25.045873: | start port: 0 (0x0) Aug 26 18:24:25.045876: | end port: 65535 (0xffff) Aug 26 18:24:25.045880: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.045883: | TS low c0 00 03 00 Aug 26 18:24:25.045887: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.045890: | TS high c0 00 03 ff Aug 26 18:24:25.045893: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.045896: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.045899: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.045903: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.045906: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.045909: | length: 16 (0x10) Aug 26 18:24:25.045912: | start port: 0 (0x0) Aug 26 18:24:25.045915: | end port: 65535 (0xffff) Aug 26 18:24:25.045918: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.045921: | TS low c0 00 16 00 Aug 26 18:24:25.045925: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.045928: | TS high c0 00 16 ff Aug 26 18:24:25.045931: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.045934: | looking for best SPD in current connection Aug 26 18:24:25.045942: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.045948: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.045957: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.045961: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.045964: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.045968: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.045972: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.045978: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.045985: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.045989: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.045993: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.045996: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.046000: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.046005: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.046008: | found better spd route for TSi[0],TSr[0] Aug 26 18:24:25.046011: | looking for better host pair Aug 26 18:24:25.046018: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:25.046024: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 18:24:25.046028: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 18:24:25.046044: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.046049: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.046052: | results matched Aug 26 18:24:25.046060: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.046068: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.046075: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.046081: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.046089: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.046093: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.046096: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.046100: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.046104: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.046109: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.046116: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.046120: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.046124: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.046127: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.046131: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.046134: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.046138: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 18:24:25.046151: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.046155: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:24:25.046158: | results matched Aug 26 18:24:25.046166: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.046174: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.046181: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:25.046186: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.046194: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.046198: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.046201: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.046204: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.046208: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.046214: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.046223: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Aug 26 18:24:25.046226: | did not find a better connection using host pair Aug 26 18:24:25.046230: | printing contents struct traffic_selector Aug 26 18:24:25.046233: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.046236: | ipprotoid: 0 Aug 26 18:24:25.046239: | port range: 0-65535 Aug 26 18:24:25.046244: | ip range: 192.0.22.0-192.0.22.255 Aug 26 18:24:25.046247: | printing contents struct traffic_selector Aug 26 18:24:25.046250: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:24:25.046253: | ipprotoid: 0 Aug 26 18:24:25.046256: | port range: 0-65535 Aug 26 18:24:25.046260: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.046268: | adding Child Responder KE and nonce nr work-order 3 for state #3 Aug 26 18:24:25.046273: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5bc78 Aug 26 18:24:25.046278: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.046282: | libevent_malloc: new ptr-libevent@0x7f3c80000f48 size 128 Aug 26 18:24:25.046287: | libevent_realloc: release ptr-libevent@0x555f34ce65b8 Aug 26 18:24:25.046298: | libevent_realloc: new ptr-libevent@0x555f34d4fb58 size 128 Aug 26 18:24:25.046323: | #3 spent 1.21 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 18:24:25.046331: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.046336: | crypto helper 2 resuming Aug 26 18:24:25.046338: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.046364: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 18:24:25.046368: | suspending state #3 and saving MD Aug 26 18:24:25.046372: | #3 is busy; has a suspended MD Aug 26 18:24:25.046378: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.046384: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.046391: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.046396: | #1 spent 1.77 milliseconds in ikev2_process_packet() Aug 26 18:24:25.046402: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:25.046406: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.046411: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.046416: | spent 1.79 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.046355: | crypto helper 2 starting work-order 3 for state #3 Aug 26 18:24:25.046430: | crypto helper 2 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Aug 26 18:24:25.047408: | crypto helper 2 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000977 seconds Aug 26 18:24:25.047423: | (#3) spent 0.988 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Aug 26 18:24:25.047428: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:25.047432: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.047437: | libevent_malloc: new ptr-libevent@0x7f3c84002888 size 128 Aug 26 18:24:25.047450: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:25.047461: | processing resume sending helper answer for #3 Aug 26 18:24:25.047475: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.047481: | crypto helper 2 replies to request ID 3 Aug 26 18:24:25.047484: | calling continuation function 0x555f348c1b50 Aug 26 18:24:25.047491: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Aug 26 18:24:25.047499: | adding DHv2 for child sa work-order 4 for state #3 Aug 26 18:24:25.047502: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.047506: | libevent_free: release ptr-libevent@0x7f3c80000f48 Aug 26 18:24:25.047509: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5bc78 Aug 26 18:24:25.047512: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5bc78 Aug 26 18:24:25.047516: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.047519: | libevent_malloc: new ptr-libevent@0x7f3c80000f48 size 128 Aug 26 18:24:25.047529: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.047533: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 18:24:25.047536: | suspending state #3 and saving MD Aug 26 18:24:25.047539: | #3 is busy; has a suspended MD Aug 26 18:24:25.047543: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.047547: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.047550: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:25.047556: | #3 spent 0.0742 milliseconds in resume sending helper answer Aug 26 18:24:25.047561: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.047564: | libevent_free: release ptr-libevent@0x7f3c84002888 Aug 26 18:24:25.047576: | crypto helper 3 resuming Aug 26 18:24:25.047581: | crypto helper 3 starting work-order 4 for state #3 Aug 26 18:24:25.047585: | crypto helper 3 doing crypto (DHv2 for child sa); request ID 4 Aug 26 18:24:25.048447: | crypto helper 3 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.00086 seconds Aug 26 18:24:25.048464: | (#3) spent 0.872 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Aug 26 18:24:25.048468: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 18:24:25.048472: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.048476: | libevent_malloc: new ptr-libevent@0x7f3c78001f78 size 128 Aug 26 18:24:25.048485: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:25.048497: | processing resume sending helper answer for #3 Aug 26 18:24:25.048505: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:25.048510: | crypto helper 3 replies to request ID 4 Aug 26 18:24:25.048513: | calling continuation function 0x555f348c29d0 Aug 26 18:24:25.048517: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Aug 26 18:24:25.048541: | **emit ISAKMP Message: Aug 26 18:24:25.048545: | initiator cookie: Aug 26 18:24:25.048548: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:25.048551: | responder cookie: Aug 26 18:24:25.048554: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.048557: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.048560: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.048563: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.048567: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.048569: | Message ID: 2 (0x2) Aug 26 18:24:25.048573: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.048577: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.048579: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048582: | flags: none (0x0) Aug 26 18:24:25.048585: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.048591: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048596: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.048630: | netlink_get_spi: allocated 0xc3e99c87 for esp.0@192.1.2.23 Aug 26 18:24:25.048634: | Emitting ikev2_proposal ... Aug 26 18:24:25.048637: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.048639: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048642: | flags: none (0x0) Aug 26 18:24:25.048645: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.048648: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048652: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.048655: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.048657: | prop #: 1 (0x1) Aug 26 18:24:25.048660: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.048663: | spi size: 4 (0x4) Aug 26 18:24:25.048665: | # transforms: 3 (0x3) Aug 26 18:24:25.048668: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.048672: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.048674: | our spi c3 e9 9c 87 Aug 26 18:24:25.048677: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.048680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.048684: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.048687: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.048690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.048694: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.048697: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.048699: | length/value: 256 (0x100) Aug 26 18:24:25.048703: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.048706: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.048709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.048712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.048714: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.048718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.048721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.048725: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.048727: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.048730: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.048733: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.048736: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.048739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.048742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.048745: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.048748: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.048751: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.048754: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:24:25.048757: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.048766: | ****emit IKEv2 Nonce Payload: Aug 26 18:24:25.048770: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048773: | flags: none (0x0) Aug 26 18:24:25.048776: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.048779: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048783: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.048787: | IKEv2 nonce d5 ef 9b 9e 6e e5 cd d0 18 c8 70 84 78 ad ae e2 Aug 26 18:24:25.048790: | IKEv2 nonce 94 90 a0 7b ff 53 24 f2 33 2f 7b 24 52 43 ac 62 Aug 26 18:24:25.048792: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.048795: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.048798: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048801: | flags: none (0x0) Aug 26 18:24:25.048804: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.048808: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.048811: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048814: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.048817: | ikev2 g^x 4f 94 6a 22 3e 7f 16 3f 9e 47 78 8b 08 be a2 b6 Aug 26 18:24:25.048820: | ikev2 g^x 98 91 67 52 04 ef ef cf 86 da e5 b6 c8 bf 2e 2c Aug 26 18:24:25.048823: | ikev2 g^x 22 6f c0 4e 6c 2b df ad 21 fe ab 0e a8 e0 94 f1 Aug 26 18:24:25.048825: | ikev2 g^x 79 3d 43 16 8d 86 e0 3a 4d 0c 0a f0 c5 c1 15 95 Aug 26 18:24:25.048828: | ikev2 g^x 55 33 8e 16 a2 4e 2a f7 11 9b 34 aa da 62 13 cc Aug 26 18:24:25.048831: | ikev2 g^x 63 e6 c5 69 84 e0 5d 30 3c ef 01 fd 04 5b 39 d8 Aug 26 18:24:25.048833: | ikev2 g^x 8b 8f 2c c7 0a a0 1f f5 4f 9e 0e 65 e5 dd c4 90 Aug 26 18:24:25.048836: | ikev2 g^x af aa a1 4f 5d bd 10 ea c2 85 34 b9 1a 25 f6 d7 Aug 26 18:24:25.048838: | ikev2 g^x c8 ad 05 8f 22 5a 5c 8d 04 64 bc 12 38 9d 04 67 Aug 26 18:24:25.048841: | ikev2 g^x 81 d0 25 7e 9c 36 97 0d b1 45 b9 b6 51 4d 52 2c Aug 26 18:24:25.048843: | ikev2 g^x 29 9f 39 0d da a7 6f c0 30 5d be e1 1e e1 5a 6f Aug 26 18:24:25.048846: | ikev2 g^x ee 26 6f 7f 4f 62 a8 c9 ca 49 7b 41 de 0d 3b 35 Aug 26 18:24:25.048849: | ikev2 g^x b6 fb 9c de 2c 9c e3 4d 68 91 44 b0 4e 3a 59 33 Aug 26 18:24:25.048851: | ikev2 g^x 9d 08 ca c8 24 d1 45 de ed 5c 58 3f 51 be b4 59 Aug 26 18:24:25.048854: | ikev2 g^x 80 5a f0 5a b6 59 41 c0 eb 89 9b f2 77 85 3b 98 Aug 26 18:24:25.048856: | ikev2 g^x 78 ba 91 8a 4f 51 16 34 5b dc 2e b0 b3 eb 70 54 Aug 26 18:24:25.048859: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.048862: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.048865: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048868: | flags: none (0x0) Aug 26 18:24:25.048871: | number of TS: 1 (0x1) Aug 26 18:24:25.048875: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.048878: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048881: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.048884: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.048887: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.048890: | start port: 0 (0x0) Aug 26 18:24:25.048893: | end port: 65535 (0xffff) Aug 26 18:24:25.048896: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.048899: | ipv4 start c0 00 03 00 Aug 26 18:24:25.048902: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.048905: | ipv4 end c0 00 03 ff Aug 26 18:24:25.048910: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.048913: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.048916: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.048919: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.048922: | flags: none (0x0) Aug 26 18:24:25.048925: | number of TS: 1 (0x1) Aug 26 18:24:25.048928: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.048931: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.048934: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.048938: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.048940: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.048943: | start port: 0 (0x0) Aug 26 18:24:25.048946: | end port: 65535 (0xffff) Aug 26 18:24:25.048949: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.048952: | ipv4 start c0 00 16 00 Aug 26 18:24:25.048955: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.048957: | ipv4 end c0 00 16 ff Aug 26 18:24:25.048960: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.048963: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.048966: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:25.048970: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.049180: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:24:25.049187: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:24:25.049191: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.049194: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.049197: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.049200: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.049202: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.049208: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:24:25.049212: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.049216: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.049219: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.049222: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.049226: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.049229: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.049233: | netlink: enabling tunnel mode Aug 26 18:24:25.049236: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.049239: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.049318: | netlink response for Add SA esp.38338da6@192.1.3.33 included non-error error Aug 26 18:24:25.049327: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.049330: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.049333: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.049336: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.049339: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.049343: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.049346: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.049349: | netlink: enabling tunnel mode Aug 26 18:24:25.049352: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.049355: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.049392: | netlink response for Add SA esp.c3e99c87@192.1.2.23 included non-error error Aug 26 18:24:25.049403: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.049411: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:25.049415: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.049440: | raw_eroute result=success Aug 26 18:24:25.049444: | set up incoming SA, ref=0/0 Aug 26 18:24:25.049447: | sr for #3: unrouted Aug 26 18:24:25.049451: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.049453: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.049457: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.049460: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.049463: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.049466: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.049470: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:24:25.049474: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x555f34d4d358} and state: #3 Aug 26 18:24:25.049478: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.049486: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:24:25.049489: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.049502: | raw_eroute result=success Aug 26 18:24:25.049506: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.049509: | command executing up-client Aug 26 18:24:25.049540: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.049547: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.049566: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:24:25.049570: | popen cmd is 1405 chars long Aug 26 18:24:25.049573: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.049576: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:24:25.049579: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:24:25.049582: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:24:25.049585: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:25.049587: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 18:24:25.049590: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:25.049593: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:24:25.049598: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:24:25.049601: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:25.049604: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:25.049606: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:25.049609: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Aug 26 18:24:25.049612: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 18:24:25.049614: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 18:24:25.049617: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 18:24:25.049620: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3: Aug 26 18:24:25.049623: | cmd(1360):8338da6 SPI_OUT=0xc3e99c87 ipsec _updown 2>&1: Aug 26 18:24:25.063312: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.063335: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x555f34d5b108,sr=0x555f34d5b108} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.063481: | #1 spent 1 milliseconds in install_ipsec_sa() Aug 26 18:24:25.063490: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:24:25.063495: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.063498: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.063503: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.063506: | emitting length of IKEv2 Encryption Payload: 421 Aug 26 18:24:25.063509: | emitting length of ISAKMP Message: 449 Aug 26 18:24:25.063558: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:25.063574: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.063580: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Aug 26 18:24:25.063584: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Aug 26 18:24:25.063590: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Aug 26 18:24:25.063593: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:24:25.063600: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Aug 26 18:24:25.063605: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.063608: | pstats #3 ikev2.child established Aug 26 18:24:25.063617: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 18:24:25.063622: | NAT-T: encaps is 'auto' Aug 26 18:24:25.063627: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x38338da6 <0xc3e99c87 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.063634: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:25.063643: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:25.063646: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.063649: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:24:25.063652: | ba 6b 2c 65 9e ef 7b 30 5d a4 20 af 9e 16 1e 3f Aug 26 18:24:25.063658: | 03 3c b9 d8 76 c4 97 53 32 a0 c0 05 b5 d3 82 50 Aug 26 18:24:25.063661: | 70 ac 5b be b5 d9 77 e9 72 33 1d fd b8 19 37 bb Aug 26 18:24:25.063663: | 79 3c 9c 06 40 3f ba 18 1b 31 9a f1 cc d8 6c 2a Aug 26 18:24:25.063666: | ef 52 3d 70 03 6b 1e 26 60 77 dd ba 50 1d 80 05 Aug 26 18:24:25.063669: | 1b 0c a6 e1 38 b3 4d 2b 5b 99 5b d6 b6 8a 7b d6 Aug 26 18:24:25.063671: | 37 cd 3b a3 e4 6b 1d 02 3c 67 c0 8b 41 4c f9 de Aug 26 18:24:25.063674: | 12 38 1f 6d 76 de 6b 00 ac 6d e4 51 fe 10 a0 4a Aug 26 18:24:25.063676: | d4 bc ef dc b1 44 7b d4 63 75 97 c4 d5 d4 23 e7 Aug 26 18:24:25.063678: | e2 8f b8 e5 9e 04 50 f7 06 35 b3 85 be bd 80 5d Aug 26 18:24:25.063681: | ab 99 65 87 e8 00 8a bf b4 cf 3f 70 d9 9b 00 bc Aug 26 18:24:25.063684: | df 84 19 d9 7e c8 fe 69 cc 63 a6 44 57 a7 a9 35 Aug 26 18:24:25.063686: | ab 48 64 0a d3 a3 a8 ab 1a ff d4 8f 41 c0 db b8 Aug 26 18:24:25.063688: | 07 b0 11 95 f4 9e 1d 52 27 31 10 c8 38 83 27 da Aug 26 18:24:25.063691: | 99 ed 7a 51 8d ae df 99 90 73 86 92 86 62 37 90 Aug 26 18:24:25.063693: | d9 b4 4a d4 81 ef b5 02 ca 71 c7 40 1d b5 53 1b Aug 26 18:24:25.063696: | 18 f1 73 5a 11 f4 cc 5f 0e 9a 1a e9 81 43 ee c4 Aug 26 18:24:25.063698: | 2f 5c 7e 51 f6 10 80 7a df 6b fa fd 2b 17 14 53 Aug 26 18:24:25.063701: | c0 51 e6 cc b3 6b 51 09 15 be ec 33 29 ec 65 ea Aug 26 18:24:25.063704: | 98 b4 75 80 04 5b b9 e5 8c d7 4d f1 ba 62 99 72 Aug 26 18:24:25.063706: | 20 02 5c 7b 75 f2 8e 96 15 be e2 5e b7 63 76 6b Aug 26 18:24:25.063709: | 84 64 1c cd e1 46 44 36 5f 9c c4 1a c3 04 cf 6e Aug 26 18:24:25.063712: | a0 1e 71 00 ff af 45 d6 ce 83 49 e1 b8 32 59 fe Aug 26 18:24:25.063714: | ce 89 c9 f0 d4 a5 df a6 a5 65 74 38 25 71 b5 d3 Aug 26 18:24:25.063717: | d9 99 a6 15 0e 4a c1 05 b8 6d 3a 2b c7 fd 64 67 Aug 26 18:24:25.063719: | 78 4c e5 17 94 00 b4 2a f2 bd f9 02 d1 94 4a bc Aug 26 18:24:25.063722: | 29 Aug 26 18:24:25.063779: | releasing whack for #3 (sock=fd@-1) Aug 26 18:24:25.063784: | releasing whack and unpending for parent #1 Aug 26 18:24:25.063787: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 18:24:25.063792: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:24:25.063795: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.063806: | libevent_free: release ptr-libevent@0x7f3c80000f48 Aug 26 18:24:25.063813: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555f34d5bc78 Aug 26 18:24:25.063817: | event_schedule: new EVENT_SA_REKEY-pe@0x555f34d5bc78 Aug 26 18:24:25.063821: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Aug 26 18:24:25.063826: | libevent_malloc: new ptr-libevent@0x555f34d66f18 size 128 Aug 26 18:24:25.063837: | #3 spent 2 milliseconds in resume sending helper answer Aug 26 18:24:25.063843: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:25.063847: | libevent_free: release ptr-libevent@0x7f3c78001f78 Aug 26 18:24:25.063863: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.063869: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.063874: | spent 0.00588 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:27.633527: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:27.633813: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:27.633820: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:27.633976: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:27.633980: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:27.633990: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:27.634494: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:27.634525: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:27.634535: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:27.634556: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:27.634568: | spent 1.02 milliseconds in whack Aug 26 18:24:28.685608: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:28.685632: shutting down Aug 26 18:24:28.685642: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:28.685645: destroying root certificate cache Aug 26 18:24:28.685675: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:28.685678: forgetting secrets Aug 26 18:24:28.685691: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:28.685701: | unreference key: 0x555f34d5a848 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.685706: | unreference key: 0x555f34d5a128 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.685710: | unreference key: 0x555f34d59ec8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:28.685714: | unreference key: 0x555f34d599b8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.685719: | unreference key: 0x555f34d58538 192.1.2.23 cnt 1-- Aug 26 18:24:28.685727: | unreference key: 0x555f34d54798 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:28.685732: | unreference key: 0x555f34d54028 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:28.685735: | unreference key: 0x555f34c3ac48 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:28.685742: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 18:24:28.685745: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:28.685748: | pass 0 Aug 26 18:24:28.685751: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:28.685753: | state #3 Aug 26 18:24:28.685757: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:28.685762: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:28.685766: | pstats #3 ikev2.child deleted completed Aug 26 18:24:28.685771: | #3 spent 5.15 milliseconds in total Aug 26 18:24:28.685776: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:28.685781: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 3.640s and sending notification Aug 26 18:24:28.685785: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:24:28.685790: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:28.686159: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:28.686169: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=0B Aug 26 18:24:28.686173: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:24:28.686176: | Opening output PBS informational exchange delete request Aug 26 18:24:28.686180: | **emit ISAKMP Message: Aug 26 18:24:28.686183: | initiator cookie: Aug 26 18:24:28.686185: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.686188: | responder cookie: Aug 26 18:24:28.686190: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686193: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.686196: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.686199: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.686202: | flags: none (0x0) Aug 26 18:24:28.686205: | Message ID: 0 (0x0) Aug 26 18:24:28.686208: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.686211: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.686214: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.686217: | flags: none (0x0) Aug 26 18:24:28.686220: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.686226: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.686230: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.686244: | ****emit IKEv2 Delete Payload: Aug 26 18:24:28.686247: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.686250: | flags: none (0x0) Aug 26 18:24:28.686253: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.686255: | SPI size: 4 (0x4) Aug 26 18:24:28.686258: | number of SPIs: 1 (0x1) Aug 26 18:24:28.686261: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:28.686264: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.686268: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:24:28.686271: | local spis c3 e9 9c 87 Aug 26 18:24:28.686273: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:28.686276: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.686280: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.686283: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.686286: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:28.686292: | emitting length of ISAKMP Message: 69 Aug 26 18:24:28.686323: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 18:24:28.686326: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686330: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.686333: | 7e 16 36 9c 4f 81 1c fc 70 79 dd ed ae 84 64 17 Aug 26 18:24:28.686335: | 9b c7 9e 18 05 b7 a6 42 6f 76 b4 db 52 16 f1 21 Aug 26 18:24:28.686337: | cc 81 c4 c8 f2 Aug 26 18:24:28.686389: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 18:24:28.686393: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 18:24:28.686399: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:28.686402: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.686407: | libevent_free: release ptr-libevent@0x555f34d66f18 Aug 26 18:24:28.686411: | free_event_entry: release EVENT_SA_REKEY-pe@0x555f34d5bc78 Aug 26 18:24:28.686478: | running updown command "ipsec _updown" for verb down Aug 26 18:24:28.686482: | command executing down-client Aug 26 18:24:28.686520: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 18:24:28.686524: | popen cmd is 1298 chars long Aug 26 18:24:28.686527: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:28.686532: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:24:28.686535: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:24:28.686538: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:28.686540: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:28.686543: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 18:24:28.686546: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:28.686549: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 18:24:28.686551: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 18:24:28.686554: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:28.686557: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_CONN: Aug 26 18:24:28.686560: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 18:24:28.686562: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 18:24:28.686565: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 18:24:28.686568: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 18:24:28.686571: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x38338da6 SPI_OUT=0xc3e99c87 : Aug 26 18:24:28.686573: | cmd(1280):ipsec _updown 2>&1: Aug 26 18:24:28.699258: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:28.699275: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.699279: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.699283: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:28.699345: | delete esp.38338da6@192.1.3.33 Aug 26 18:24:28.699363: | netlink response for Del SA esp.38338da6@192.1.3.33 included non-error error Aug 26 18:24:28.699369: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.699376: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:28.699395: | raw_eroute result=success Aug 26 18:24:28.699399: | delete esp.c3e99c87@192.1.2.23 Aug 26 18:24:28.699408: | netlink response for Del SA esp.c3e99c87@192.1.2.23 included non-error error Aug 26 18:24:28.699419: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:28.699424: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:28.699426: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.699429: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Aug 26 18:24:28.699438: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:24:28.699479: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.699497: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:28.699500: | state #2 Aug 26 18:24:28.699505: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:28.699508: | pstats #2 ikev2.child deleted completed Aug 26 18:24:28.699514: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:28.699518: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 3.752s and sending notification Aug 26 18:24:28.699524: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:24:28.699528: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:28.699536: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:28.699544: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:28.699548: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:24:28.699551: | Opening output PBS informational exchange delete request Aug 26 18:24:28.699555: | **emit ISAKMP Message: Aug 26 18:24:28.699559: | initiator cookie: Aug 26 18:24:28.699561: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.699564: | responder cookie: Aug 26 18:24:28.699566: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.699569: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.699572: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.699575: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.699578: | flags: none (0x0) Aug 26 18:24:28.699581: | Message ID: 1 (0x1) Aug 26 18:24:28.699584: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.699587: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.699590: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.699593: | flags: none (0x0) Aug 26 18:24:28.699596: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.699599: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.699602: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.699613: | ****emit IKEv2 Delete Payload: Aug 26 18:24:28.699616: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.699619: | flags: none (0x0) Aug 26 18:24:28.699621: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.699624: | SPI size: 4 (0x4) Aug 26 18:24:28.699626: | number of SPIs: 1 (0x1) Aug 26 18:24:28.699630: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:28.699633: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.699636: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:24:28.699638: | local spis c6 48 b9 13 Aug 26 18:24:28.699641: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:28.699644: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.699648: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.699651: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.699654: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:28.699656: | emitting length of ISAKMP Message: 69 Aug 26 18:24:28.699680: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 18:24:28.699683: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.699687: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.699689: | f8 31 66 9f 50 9e b7 4c 05 09 75 9a 19 52 50 9d Aug 26 18:24:28.699691: | 32 d0 9b b8 b9 34 bc 37 4c a3 af 9b f0 d5 45 20 Aug 26 18:24:28.699694: | a4 df de 1b d3 Aug 26 18:24:28.699743: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 18:24:28.699747: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 18:24:28.699752: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Aug 26 18:24:28.699757: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Aug 26 18:24:28.699762: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.699771: | libevent_free: release ptr-libevent@0x555f34d6a898 Aug 26 18:24:28.699788: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f3c88002b78 Aug 26 18:24:28.699863: | running updown command "ipsec _updown" for verb down Aug 26 18:24:28.699869: | command executing down-client Aug 26 18:24:28.699905: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843864' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 18:24:28.699909: | popen cmd is 1296 chars long Aug 26 18:24:28.699912: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:28.699914: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:24:28.699917: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:24:28.699920: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:28.699923: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:28.699925: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 18:24:28.699928: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:28.699931: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:24:28.699933: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:24:28.699936: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:28.699939: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843864' PLUTO_CONN_P: Aug 26 18:24:28.699941: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:24:28.699944: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:24:28.699947: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:24:28.699949: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:24:28.699952: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5c2f00b5 SPI_OUT=0xc648b913 ip: Aug 26 18:24:28.699954: | cmd(1280):sec _updown 2>&1: Aug 26 18:24:28.723270: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:28.723285: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.723294: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.723300: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:28.723331: | delete esp.5c2f00b5@192.1.3.33 Aug 26 18:24:28.723345: | netlink response for Del SA esp.5c2f00b5@192.1.3.33 included non-error error Aug 26 18:24:28.723350: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.723359: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:24:28.723377: | raw_eroute result=success Aug 26 18:24:28.723381: | delete esp.c648b913@192.1.2.23 Aug 26 18:24:28.723390: | netlink response for Del SA esp.c648b913@192.1.2.23 included non-error error Aug 26 18:24:28.723401: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:28.723405: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 18:24:28.723412: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:24:28.723419: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.723435: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:28.723437: | state #1 Aug 26 18:24:28.723440: | pass 1 Aug 26 18:24:28.723443: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:28.723445: | state #1 Aug 26 18:24:28.723450: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:28.723453: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:28.723460: | #1 spent 28.8 milliseconds in total Aug 26 18:24:28.723465: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:24:28.723469: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 3.815s and sending notification Aug 26 18:24:28.723472: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 18:24:28.723518: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 18:24:28.723522: | Opening output PBS informational exchange delete request Aug 26 18:24:28.723525: | **emit ISAKMP Message: Aug 26 18:24:28.723528: | initiator cookie: Aug 26 18:24:28.723530: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.723533: | responder cookie: Aug 26 18:24:28.723535: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.723538: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.723541: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.723544: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.723547: | flags: none (0x0) Aug 26 18:24:28.723550: | Message ID: 2 (0x2) Aug 26 18:24:28.723553: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.723556: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.723559: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.723562: | flags: none (0x0) Aug 26 18:24:28.723565: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.723568: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.723571: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.723584: | ****emit IKEv2 Delete Payload: Aug 26 18:24:28.723587: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.723590: | flags: none (0x0) Aug 26 18:24:28.723593: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:28.723596: | SPI size: 0 (0x0) Aug 26 18:24:28.723598: | number of SPIs: 0 (0x0) Aug 26 18:24:28.723601: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:28.723604: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:24:28.723607: | emitting length of IKEv2 Delete Payload: 8 Aug 26 18:24:28.723610: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.723613: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.723616: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.723621: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 18:24:28.723624: | emitting length of ISAKMP Message: 65 Aug 26 18:24:28.723652: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:28.723655: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.723659: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:24:28.723661: | 86 00 85 c2 91 c2 6a 76 ba 6f 0d f9 52 dc db 7b Aug 26 18:24:28.723664: | 06 e6 64 39 c8 b0 bc 02 17 f5 3d 60 75 a7 fc d6 Aug 26 18:24:28.723666: | 11 Aug 26 18:24:28.723714: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 18:24:28.723718: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 18:24:28.723723: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Aug 26 18:24:28.723727: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Aug 26 18:24:28.723730: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.723738: | libevent_free: release ptr-libevent@0x555f34d78bc8 Aug 26 18:24:28.723743: | free_event_entry: release EVENT_SA_REKEY-pe@0x555f34d5cf58 Aug 26 18:24:28.723746: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:28.723750: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.723753: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 18:24:28.723757: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:28.723766: | unreference key: 0x555f34d6a7a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 18:24:28.723794: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.723805: | unreference key: 0x555f34d6a7a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:28.723811: | unreference key: 0x555f34d6a948 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:28.723817: | unreference key: 0x555f34d75488 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:28.723845: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:28.723850: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:28.723853: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.723856: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.723871: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.723879: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:28.723883: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:28.723886: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:28.723888: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:28.723891: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:28.723895: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 18:24:28.723900: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 18:24:28.723903: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:28.723918: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 18:24:28.723921: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:28.723926: | pass 0 Aug 26 18:24:28.723928: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:28.723931: | pass 1 Aug 26 18:24:28.723933: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:28.723936: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:28.723939: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.723942: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.723952: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.723960: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:28.723963: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:28.723966: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:28.723969: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:24:28.723972: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:28.723975: | command executing unroute-client Aug 26 18:24:28.724008: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 18:24:28.724012: | popen cmd is 1277 chars long Aug 26 18:24:28.724015: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:28.724018: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:24:28.724020: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:28.724023: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:28.724025: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:28.724028: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:28.724031: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 18:24:28.724033: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 18:24:28.724036: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 18:24:28.724038: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:28.724041: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 18:24:28.724044: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 18:24:28.724046: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 18:24:28.724049: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 18:24:28.724051: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 18:24:28.724054: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:28.752642: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752695: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752725: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752752: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752781: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752809: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752839: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752866: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752893: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752921: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752947: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.752978: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753005: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753032: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753059: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753086: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753115: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753141: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753168: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753195: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753223: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753252: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753279: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753312: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753342: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753369: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753399: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753426: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753453: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753480: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753506: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753535: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753562: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753588: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753615: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753642: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753670: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753701: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753728: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753755: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753783: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753811: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753839: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753866: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753893: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753919: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.753947: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.754117: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.754146: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:28.771337: | free hp@0x555f34d5aed8 Aug 26 18:24:28.771355: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 18:24:28.771360: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 18:24:28.771396: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:28.771400: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:28.771412: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:28.771416: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:28.771420: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:28.771423: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:24:28.771427: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:28.771430: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:24:28.771434: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:28.771448: | libevent_free: release ptr-libevent@0x555f34d40a88 Aug 26 18:24:28.771452: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c758 Aug 26 18:24:28.771464: | libevent_free: release ptr-libevent@0x555f34ce7318 Aug 26 18:24:28.771467: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c808 Aug 26 18:24:28.771475: | libevent_free: release ptr-libevent@0x555f34ce6c38 Aug 26 18:24:28.771478: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c8b8 Aug 26 18:24:28.771484: | libevent_free: release ptr-libevent@0x555f34cee4f8 Aug 26 18:24:28.771487: | free_event_entry: release EVENT_NULL-pe@0x555f34d4c968 Aug 26 18:24:28.771493: | libevent_free: release ptr-libevent@0x555f34cee5f8 Aug 26 18:24:28.771496: | free_event_entry: release EVENT_NULL-pe@0x555f34d4ca18 Aug 26 18:24:28.771502: | libevent_free: release ptr-libevent@0x555f34cee6f8 Aug 26 18:24:28.771506: | free_event_entry: release EVENT_NULL-pe@0x555f34d4cac8 Aug 26 18:24:28.771512: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:28.778854: | libevent_free: release ptr-libevent@0x555f34d40b38 Aug 26 18:24:28.778866: | free_event_entry: release EVENT_NULL-pe@0x555f34d34cd8 Aug 26 18:24:28.778872: | libevent_free: release ptr-libevent@0x555f34ce7268 Aug 26 18:24:28.778875: | free_event_entry: release EVENT_NULL-pe@0x555f34d34838 Aug 26 18:24:28.778879: | libevent_free: release ptr-libevent@0x555f34d2d818 Aug 26 18:24:28.778881: | free_event_entry: release EVENT_NULL-pe@0x555f34cee7a8 Aug 26 18:24:28.778886: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:28.778889: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:28.778892: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:28.778894: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:28.778899: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:28.778901: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:28.778904: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:28.778906: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:28.778909: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:28.778914: | libevent_free: release ptr-libevent@0x555f34cf2d78 Aug 26 18:24:28.778918: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:28.778922: | libevent_free: release ptr-libevent@0x555f34c6ad38 Aug 26 18:24:28.778925: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:28.778928: | libevent_free: release ptr-libevent@0x555f34c73748 Aug 26 18:24:28.778931: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:28.778934: | libevent_free: release ptr-libevent@0x555f34c6b578 Aug 26 18:24:28.778937: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:28.778939: | releasing event base Aug 26 18:24:28.778952: | libevent_free: release ptr-libevent@0x555f34d4c198 Aug 26 18:24:28.778955: | libevent_free: release ptr-libevent@0x555f34d2f0f8 Aug 26 18:24:28.778960: | libevent_free: release ptr-libevent@0x555f34d2f0a8 Aug 26 18:24:28.778962: | libevent_free: release ptr-libevent@0x555f34d4fb58 Aug 26 18:24:28.778965: | libevent_free: release ptr-libevent@0x555f34d2f068 Aug 26 18:24:28.778969: | libevent_free: release ptr-libevent@0x555f34d4be28 Aug 26 18:24:28.778971: | libevent_free: release ptr-libevent@0x555f34d4c098 Aug 26 18:24:28.778974: | libevent_free: release ptr-libevent@0x555f34d2f2a8 Aug 26 18:24:28.778976: | libevent_free: release ptr-libevent@0x555f34d348a8 Aug 26 18:24:28.778979: | libevent_free: release ptr-libevent@0x555f34d34508 Aug 26 18:24:28.778981: | libevent_free: release ptr-libevent@0x555f34d4cb38 Aug 26 18:24:28.778984: | libevent_free: release ptr-libevent@0x555f34d4ca88 Aug 26 18:24:28.778987: | libevent_free: release ptr-libevent@0x555f34d4c9d8 Aug 26 18:24:28.778989: | libevent_free: release ptr-libevent@0x555f34d4c928 Aug 26 18:24:28.778992: | libevent_free: release ptr-libevent@0x555f34d4c878 Aug 26 18:24:28.778994: | libevent_free: release ptr-libevent@0x555f34d4c7c8 Aug 26 18:24:28.778997: | libevent_free: release ptr-libevent@0x555f34c67978 Aug 26 18:24:28.779000: | libevent_free: release ptr-libevent@0x555f34d4c118 Aug 26 18:24:28.779002: | libevent_free: release ptr-libevent@0x555f34d4c0d8 Aug 26 18:24:28.779005: | libevent_free: release ptr-libevent@0x555f34d4bf98 Aug 26 18:24:28.779008: | libevent_free: release ptr-libevent@0x555f34d4c158 Aug 26 18:24:28.779010: | libevent_free: release ptr-libevent@0x555f34d4be68 Aug 26 18:24:28.779013: | libevent_free: release ptr-libevent@0x555f34cf4908 Aug 26 18:24:28.779016: | libevent_free: release ptr-libevent@0x555f34cf4888 Aug 26 18:24:28.779019: | libevent_free: release ptr-libevent@0x555f34c67ce8 Aug 26 18:24:28.779021: | releasing global libevent data Aug 26 18:24:28.779024: | libevent_free: release ptr-libevent@0x555f34cf4a88 Aug 26 18:24:28.779027: | libevent_free: release ptr-libevent@0x555f34cf4a08 Aug 26 18:24:28.779030: | libevent_free: release ptr-libevent@0x555f34cf4988 Aug 26 18:24:28.779077: leak detective found no leaks