Aug 26 18:24:24.512773: FIPS Product: YES Aug 26 18:24:24.512880: FIPS Kernel: NO Aug 26 18:24:24.512884: FIPS Mode: NO Aug 26 18:24:24.512886: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:24.513042: Initializing NSS Aug 26 18:24:24.513050: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:24.555927: NSS initialized Aug 26 18:24:24.555940: NSS crypto library initialized Aug 26 18:24:24.555943: FIPS HMAC integrity support [enabled] Aug 26 18:24:24.555945: FIPS mode disabled for pluto daemon Aug 26 18:24:24.598389: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:24.598542: libcap-ng support [enabled] Aug 26 18:24:24.598551: Linux audit support [enabled] Aug 26 18:24:24.598589: Linux audit activated Aug 26 18:24:24.598597: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17376 Aug 26 18:24:24.598600: core dump dir: /tmp Aug 26 18:24:24.598603: secrets file: /etc/ipsec.secrets Aug 26 18:24:24.598605: leak-detective enabled Aug 26 18:24:24.598608: NSS crypto [enabled] Aug 26 18:24:24.598610: XAUTH PAM support [enabled] Aug 26 18:24:24.598686: | libevent is using pluto's memory allocator Aug 26 18:24:24.598694: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:24.598711: | libevent_malloc: new ptr-libevent@0x56371f098a78 size 40 Aug 26 18:24:24.598719: | libevent_malloc: new ptr-libevent@0x56371f0989f8 size 40 Aug 26 18:24:24.598723: | libevent_malloc: new ptr-libevent@0x56371f098978 size 40 Aug 26 18:24:24.598726: | creating event base Aug 26 18:24:24.598731: | libevent_malloc: new ptr-libevent@0x56371f08a5a8 size 56 Aug 26 18:24:24.598737: | libevent_malloc: new ptr-libevent@0x56371f00bcb8 size 664 Aug 26 18:24:24.598749: | libevent_malloc: new ptr-libevent@0x56371f0d3098 size 24 Aug 26 18:24:24.598752: | libevent_malloc: new ptr-libevent@0x56371f0d30e8 size 384 Aug 26 18:24:24.598762: | libevent_malloc: new ptr-libevent@0x56371f0d3058 size 16 Aug 26 18:24:24.598766: | libevent_malloc: new ptr-libevent@0x56371f0988f8 size 40 Aug 26 18:24:24.598768: | libevent_malloc: new ptr-libevent@0x56371f098878 size 48 Aug 26 18:24:24.598774: | libevent_realloc: new ptr-libevent@0x56371f00b948 size 256 Aug 26 18:24:24.598777: | libevent_malloc: new ptr-libevent@0x56371f0d3298 size 16 Aug 26 18:24:24.598782: | libevent_free: release ptr-libevent@0x56371f08a5a8 Aug 26 18:24:24.598785: | libevent initialized Aug 26 18:24:24.598789: | libevent_realloc: new ptr-libevent@0x56371f08a5a8 size 64 Aug 26 18:24:24.598794: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:24.598807: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:24.598810: NAT-Traversal support [enabled] Aug 26 18:24:24.598812: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:24.598818: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:24.598821: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:24.598852: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:24.598855: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:24.598858: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:24.598901: Encryption algorithms: Aug 26 18:24:24.598908: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:24.598911: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:24.598914: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:24.598917: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:24.598920: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:24.598929: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:24.598933: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:24.598936: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:24.598939: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:24.598942: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:24.598945: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:24.598948: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:24.598951: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:24.598955: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:24.598958: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:24.598960: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:24.598963: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:24.598970: Hash algorithms: Aug 26 18:24:24.598972: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:24.598975: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:24.598978: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:24.598980: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:24.598983: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:24.598996: PRF algorithms: Aug 26 18:24:24.598999: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:24.599002: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:24.599005: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:24.599008: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:24.599011: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:24.599013: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:24.599035: Integrity algorithms: Aug 26 18:24:24.599038: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:24.599041: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:24.599044: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:24.599048: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:24.599051: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:24.599054: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:24.599057: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:24.599059: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:24.599062: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:24.599072: DH algorithms: Aug 26 18:24:24.599075: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:24.599078: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:24.599080: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:24.599085: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:24.599088: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:24.599091: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:24.599093: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:24.599096: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:24.599098: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:24.599101: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:24.599103: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:24.599106: testing CAMELLIA_CBC: Aug 26 18:24:24.599108: Camellia: 16 bytes with 128-bit key Aug 26 18:24:24.599232: Camellia: 16 bytes with 128-bit key Aug 26 18:24:24.599261: Camellia: 16 bytes with 256-bit key Aug 26 18:24:24.599295: Camellia: 16 bytes with 256-bit key Aug 26 18:24:24.599325: testing AES_GCM_16: Aug 26 18:24:24.599329: empty string Aug 26 18:24:24.599355: one block Aug 26 18:24:24.599379: two blocks Aug 26 18:24:24.599402: two blocks with associated data Aug 26 18:24:24.599428: testing AES_CTR: Aug 26 18:24:24.599431: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:24.599457: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:24.599485: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:24.599516: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:24.599543: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:24.599574: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:24.599601: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:24.599628: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:24.599656: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:24.599683: testing AES_CBC: Aug 26 18:24:24.599687: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:24.599717: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.599749: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.599775: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:24.599807: testing AES_XCBC: Aug 26 18:24:24.599811: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:24.599925: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:24.600029: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:24.600114: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:24.600223: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:24.600347: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:24.600467: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:24.600744: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:24.600884: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:24.601031: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:24.601281: testing HMAC_MD5: Aug 26 18:24:24.601287: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:24.601473: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:24.601609: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:24.601859: 8 CPU cores online Aug 26 18:24:24.601866: starting up 7 crypto helpers Aug 26 18:24:24.601899: started thread for crypto helper 0 Aug 26 18:24:24.601904: | starting up helper thread 0 Aug 26 18:24:24.601926: started thread for crypto helper 1 Aug 26 18:24:24.601926: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:24.601940: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:24.601949: started thread for crypto helper 2 Aug 26 18:24:24.601966: started thread for crypto helper 3 Aug 26 18:24:24.601969: | starting up helper thread 3 Aug 26 18:24:24.601988: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:24.601991: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:24.602003: started thread for crypto helper 4 Aug 26 18:24:24.602004: | starting up helper thread 4 Aug 26 18:24:24.602020: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:24.602023: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:24.602033: started thread for crypto helper 5 Aug 26 18:24:24.602035: | starting up helper thread 5 Aug 26 18:24:24.602041: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:24.602044: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:24.602052: started thread for crypto helper 6 Aug 26 18:24:24.602054: | starting up helper thread 6 Aug 26 18:24:24.601970: | starting up helper thread 2 Aug 26 18:24:24.602063: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:24.602069: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:24.602071: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:24.602057: | checking IKEv1 state table Aug 26 18:24:24.602089: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602092: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:24.602095: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602098: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:24.602102: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:24.602104: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:24.602107: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.602110: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.602113: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:24.602116: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:24.602119: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.602122: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:24.602125: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:24.602128: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.602130: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.602133: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:24.602136: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:24.602139: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.602142: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.602145: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:24.602148: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:24.602151: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602154: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:24.602157: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602160: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602162: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:24.602166: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602168: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:24.602171: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:24.602174: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:24.602177: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:24.602180: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:24.602183: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:24.602186: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602189: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.602192: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602195: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:24.602198: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:24.602201: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:24.602204: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:24.602208: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:24.602210: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:24.602217: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:24.602220: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602223: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:24.602226: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602229: | INFO: category: informational flags: 0: Aug 26 18:24:24.602232: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602235: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:24.602238: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602241: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:24.602244: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:24.602247: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:24.602250: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:24.602253: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:24.602256: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:24.602259: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:24.602262: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:24.602265: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.602268: | -> UNDEFINED EVENT_NULL Aug 26 18:24:24.602271: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:24.602274: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:24.602277: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.602280: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:24.602283: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:24.602286: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:24.602296: | checking IKEv2 state table Aug 26 18:24:24.602307: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:24.602311: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:24.602314: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602318: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:24.602321: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:24.602324: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:24.602328: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:24.602331: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:24.602334: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:24.602337: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:24.602340: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:24.602344: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:24.602347: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:24.602350: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:24.602353: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:24.602356: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:24.602359: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602362: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:24.602366: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:24.602369: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:24.602372: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:24.602375: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:24.602378: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:24.602381: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:24.602384: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:24.602387: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:24.602393: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.602397: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:24.602400: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:24.602403: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:24.602407: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.602410: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:24.602413: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:24.602417: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:24.602420: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:24.602423: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:24.602427: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:24.602430: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:24.602433: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:24.602437: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:24.602440: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:24.602443: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:24.602447: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:24.602450: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:24.602453: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:24.602456: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:24.602460: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:24.602474: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:24.601930: | starting up helper thread 1 Aug 26 18:24:24.602563: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:24.602567: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:24.602856: | Hard-wiring algorithms Aug 26 18:24:24.602861: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:24.602865: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:24.602868: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:24.602871: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:24.602875: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:24.602877: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:24.602880: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:24.602883: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:24.602886: | adding AES_CTR to kernel algorithm db Aug 26 18:24:24.602889: | adding AES_CBC to kernel algorithm db Aug 26 18:24:24.602892: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:24.602895: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:24.602898: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:24.602901: | adding NULL to kernel algorithm db Aug 26 18:24:24.602904: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:24.602908: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:24.602910: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:24.602913: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:24.602916: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:24.602919: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:24.602922: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:24.602925: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:24.602928: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:24.602929: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:24.602931: | adding NONE to kernel algorithm db Aug 26 18:24:24.602988: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:24.602996: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:24.602999: | setup kernel fd callback Aug 26 18:24:24.603003: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56371f092798 Aug 26 18:24:24.603006: | libevent_malloc: new ptr-libevent@0x56371f0d16f8 size 128 Aug 26 18:24:24.603010: | libevent_malloc: new ptr-libevent@0x56371f0d8898 size 16 Aug 26 18:24:24.603017: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56371f0d8828 Aug 26 18:24:24.603020: | libevent_malloc: new ptr-libevent@0x56371f0d17a8 size 128 Aug 26 18:24:24.603022: | libevent_malloc: new ptr-libevent@0x56371f0d84f8 size 16 Aug 26 18:24:24.603247: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:24.603255: selinux support is enabled. Aug 26 18:24:24.603831: | unbound context created - setting debug level to 5 Aug 26 18:24:24.603906: | /etc/hosts lookups activated Aug 26 18:24:24.603923: | /etc/resolv.conf usage activated Aug 26 18:24:24.603987: | outgoing-port-avoid set 0-65535 Aug 26 18:24:24.604018: | outgoing-port-permit set 32768-60999 Aug 26 18:24:24.604022: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:24.604025: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:24.604028: | Setting up events, loop start Aug 26 18:24:24.604032: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56371f0d8cc8 Aug 26 18:24:24.604035: | libevent_malloc: new ptr-libevent@0x56371f0e4738 size 128 Aug 26 18:24:24.604038: | libevent_malloc: new ptr-libevent@0x56371f0ef9a8 size 16 Aug 26 18:24:24.604044: | libevent_realloc: new ptr-libevent@0x56371f0ef9e8 size 256 Aug 26 18:24:24.604048: | libevent_malloc: new ptr-libevent@0x56371f0efb18 size 8 Aug 26 18:24:24.604052: | libevent_realloc: new ptr-libevent@0x56371f0efb58 size 144 Aug 26 18:24:24.604055: | libevent_malloc: new ptr-libevent@0x56371f096d68 size 152 Aug 26 18:24:24.604059: | libevent_malloc: new ptr-libevent@0x56371f0efc18 size 16 Aug 26 18:24:24.604064: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:24.604067: | libevent_malloc: new ptr-libevent@0x56371f0efc58 size 8 Aug 26 18:24:24.604070: | libevent_malloc: new ptr-libevent@0x56371f00c0a8 size 152 Aug 26 18:24:24.604073: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:24.604076: | libevent_malloc: new ptr-libevent@0x56371f0efc98 size 8 Aug 26 18:24:24.604079: | libevent_malloc: new ptr-libevent@0x56371f00f558 size 152 Aug 26 18:24:24.604083: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:24.604086: | libevent_malloc: new ptr-libevent@0x56371f0efcd8 size 8 Aug 26 18:24:24.604088: | libevent_realloc: release ptr-libevent@0x56371f0efb58 Aug 26 18:24:24.604092: | libevent_realloc: new ptr-libevent@0x56371f0efd18 size 256 Aug 26 18:24:24.604094: | libevent_malloc: new ptr-libevent@0x56371f0efe48 size 152 Aug 26 18:24:24.604097: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:24.604475: | created addconn helper (pid:17538) using fork+execve Aug 26 18:24:24.604494: | forked child 17538 Aug 26 18:24:24.604542: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.604565: listening for IKE messages Aug 26 18:24:24.605012: | Inspecting interface lo Aug 26 18:24:24.605022: | found lo with address 127.0.0.1 Aug 26 18:24:24.605032: | Inspecting interface eth0 Aug 26 18:24:24.605037: | found eth0 with address 192.0.3.254 Aug 26 18:24:24.605040: | Inspecting interface eth1 Aug 26 18:24:24.605044: | found eth1 with address 192.1.3.33 Aug 26 18:24:24.605196: Kernel supports NIC esp-hw-offload Aug 26 18:24:24.605209: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:24:24.605255: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.605259: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.605262: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:24.605293: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:24:24.605325: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.605329: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.605333: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:24.605358: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:24.605379: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:24.605383: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:24.605387: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:24.605470: | no interfaces to sort Aug 26 18:24:24.605476: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:24.605486: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0428 Aug 26 18:24:24.605490: | libevent_malloc: new ptr-libevent@0x56371f0e4688 size 128 Aug 26 18:24:24.605494: | libevent_malloc: new ptr-libevent@0x56371f0f0498 size 16 Aug 26 18:24:24.605502: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:24.605506: | add_fd_read_event_handler: new ethX-pe@0x56371f0f04d8 Aug 26 18:24:24.605511: | libevent_malloc: new ptr-libevent@0x56371f08b258 size 128 Aug 26 18:24:24.605515: | libevent_malloc: new ptr-libevent@0x56371f0f0548 size 16 Aug 26 18:24:24.605521: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:24.605524: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0588 Aug 26 18:24:24.605527: | libevent_malloc: new ptr-libevent@0x56371f08b308 size 128 Aug 26 18:24:24.605530: | libevent_malloc: new ptr-libevent@0x56371f0f05f8 size 16 Aug 26 18:24:24.605535: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:24.605539: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0638 Aug 26 18:24:24.605545: | libevent_malloc: new ptr-libevent@0x56371f08a2c8 size 128 Aug 26 18:24:24.605548: | libevent_malloc: new ptr-libevent@0x56371f0f06a8 size 16 Aug 26 18:24:24.605553: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:24.605556: | add_fd_read_event_handler: new ethX-pe@0x56371f0f06e8 Aug 26 18:24:24.605561: | libevent_malloc: new ptr-libevent@0x56371f0925d8 size 128 Aug 26 18:24:24.605564: | libevent_malloc: new ptr-libevent@0x56371f0f0758 size 16 Aug 26 18:24:24.605570: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:24.605573: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0798 Aug 26 18:24:24.605578: | libevent_malloc: new ptr-libevent@0x56371f0930f8 size 128 Aug 26 18:24:24.605581: | libevent_malloc: new ptr-libevent@0x56371f0f0808 size 16 Aug 26 18:24:24.605586: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:24.605593: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:24.605596: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:24.605616: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:24.605633: | saving Modulus Aug 26 18:24:24.605636: | saving PublicExponent Aug 26 18:24:24.605641: | ignoring PrivateExponent Aug 26 18:24:24.605644: | ignoring Prime1 Aug 26 18:24:24.605647: | ignoring Prime2 Aug 26 18:24:24.605650: | ignoring Exponent1 Aug 26 18:24:24.605653: | ignoring Exponent2 Aug 26 18:24:24.605657: | ignoring Coefficient Aug 26 18:24:24.605660: | ignoring CKAIDNSS Aug 26 18:24:24.605705: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:24.605709: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:24.605713: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:24.605721: | certs and keys locked by 'process_secret' Aug 26 18:24:24.605726: | certs and keys unlocked by 'process_secret' Aug 26 18:24:24.605737: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.605745: | spent 1.19 milliseconds in whack Aug 26 18:24:24.645185: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.645213: listening for IKE messages Aug 26 18:24:24.645253: | Inspecting interface lo Aug 26 18:24:24.645260: | found lo with address 127.0.0.1 Aug 26 18:24:24.645263: | Inspecting interface eth0 Aug 26 18:24:24.645267: | found eth0 with address 192.0.3.254 Aug 26 18:24:24.645270: | Inspecting interface eth1 Aug 26 18:24:24.645274: | found eth1 with address 192.1.3.33 Aug 26 18:24:24.645365: | no interfaces to sort Aug 26 18:24:24.645376: | libevent_free: release ptr-libevent@0x56371f0e4688 Aug 26 18:24:24.645380: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0428 Aug 26 18:24:24.645384: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0428 Aug 26 18:24:24.645387: | libevent_malloc: new ptr-libevent@0x56371f0e4688 size 128 Aug 26 18:24:24.645395: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:24.645399: | libevent_free: release ptr-libevent@0x56371f08b258 Aug 26 18:24:24.645402: | free_event_entry: release EVENT_NULL-pe@0x56371f0f04d8 Aug 26 18:24:24.645405: | add_fd_read_event_handler: new ethX-pe@0x56371f0f04d8 Aug 26 18:24:24.645408: | libevent_malloc: new ptr-libevent@0x56371f08b258 size 128 Aug 26 18:24:24.645413: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:24.645417: | libevent_free: release ptr-libevent@0x56371f08b308 Aug 26 18:24:24.645419: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0588 Aug 26 18:24:24.645422: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0588 Aug 26 18:24:24.645425: | libevent_malloc: new ptr-libevent@0x56371f08b308 size 128 Aug 26 18:24:24.645430: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:24.645434: | libevent_free: release ptr-libevent@0x56371f08a2c8 Aug 26 18:24:24.645436: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0638 Aug 26 18:24:24.645439: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0638 Aug 26 18:24:24.645442: | libevent_malloc: new ptr-libevent@0x56371f08a2c8 size 128 Aug 26 18:24:24.645447: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:24.645450: | libevent_free: release ptr-libevent@0x56371f0925d8 Aug 26 18:24:24.645453: | free_event_entry: release EVENT_NULL-pe@0x56371f0f06e8 Aug 26 18:24:24.645456: | add_fd_read_event_handler: new ethX-pe@0x56371f0f06e8 Aug 26 18:24:24.645459: | libevent_malloc: new ptr-libevent@0x56371f0925d8 size 128 Aug 26 18:24:24.645464: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:24.645467: | libevent_free: release ptr-libevent@0x56371f0930f8 Aug 26 18:24:24.645470: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0798 Aug 26 18:24:24.645473: | add_fd_read_event_handler: new ethX-pe@0x56371f0f0798 Aug 26 18:24:24.645475: | libevent_malloc: new ptr-libevent@0x56371f0930f8 size 128 Aug 26 18:24:24.645480: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:24.645483: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:24.645486: forgetting secrets Aug 26 18:24:24.645494: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:24.645508: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:24.645523: | saving Modulus Aug 26 18:24:24.645527: | saving PublicExponent Aug 26 18:24:24.645531: | ignoring PrivateExponent Aug 26 18:24:24.645534: | ignoring Prime1 Aug 26 18:24:24.645537: | ignoring Prime2 Aug 26 18:24:24.645540: | ignoring Exponent1 Aug 26 18:24:24.645542: | ignoring Exponent2 Aug 26 18:24:24.645545: | ignoring Coefficient Aug 26 18:24:24.645549: | ignoring CKAIDNSS Aug 26 18:24:24.645573: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:24.645577: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:24.645581: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:24.645586: | certs and keys locked by 'process_secret' Aug 26 18:24:24.645589: | certs and keys unlocked by 'process_secret' Aug 26 18:24:24.645597: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.645605: | spent 0.401 milliseconds in whack Aug 26 18:24:24.646309: | processing signal PLUTO_SIGCHLD Aug 26 18:24:24.646325: | waitpid returned pid 17538 (exited with status 0) Aug 26 18:24:24.646334: | reaped addconn helper child (status 0) Aug 26 18:24:24.646339: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:24.646344: | spent 0.0234 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:24.674166: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.674556: | old debugging base+cpu-usage + none Aug 26 18:24:24.674564: | base debugging = base+cpu-usage Aug 26 18:24:24.674568: | old impairing none + suppress-retransmits Aug 26 18:24:24.674570: | base impairing = suppress-retransmits Aug 26 18:24:24.674580: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.674587: | spent 0.427 milliseconds in whack Aug 26 18:24:24.736986: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.737012: | old debugging base+cpu-usage + none Aug 26 18:24:24.737016: | base debugging = base+cpu-usage Aug 26 18:24:24.737019: | old impairing suppress-retransmits + suppress-retransmits Aug 26 18:24:24.737022: | base impairing = suppress-retransmits Aug 26 18:24:24.737030: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.737038: | spent 0.0604 milliseconds in whack Aug 26 18:24:24.891165: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.891190: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.891195: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:24.891198: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.891201: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:24.891206: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.891215: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:24.891219: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:24.891304: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:24.891310: | from whack: got --esp= Aug 26 18:24:24.891368: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:24.891924: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:24.891938: | loading left certificate 'north' pubkey Aug 26 18:24:24.892040: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f3e68 Aug 26 18:24:24.892047: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f3e18 Aug 26 18:24:24.892051: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f3dc8 Aug 26 18:24:24.892182: | unreference key: 0x56371f0f3eb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:24.892371: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:24:24.892380: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:24:24.892389: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:24.892990: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:24.892999: | loading right certificate 'east' pubkey Aug 26 18:24:24.893082: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f6f88 Aug 26 18:24:24.893093: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f8198 Aug 26 18:24:24.893097: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f7558 Aug 26 18:24:24.893101: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f7088 Aug 26 18:24:24.893104: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f0f3b18 Aug 26 18:24:24.893312: | unreference key: 0x56371f0fce78 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.893424: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:24:24.893435: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:24.893448: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:24.893451: | new hp@0x56371f0fb9c8 Aug 26 18:24:24.893456: added connection description "northnet-eastnets/0x1" Aug 26 18:24:24.893470: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:24.893488: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 18:24:24.893498: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.893506: | spent 2.34 milliseconds in whack Aug 26 18:24:24.893588: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.893608: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.893613: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:24.893617: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.893620: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:24.893624: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.893630: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:24.893634: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:24.893713: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:24.893718: | from whack: got --esp= Aug 26 18:24:24.893776: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:24.893888: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:24.893895: | loading left certificate 'north' pubkey Aug 26 18:24:24.893954: | unreference key: 0x56371f0f84d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:24.893968: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100178 Aug 26 18:24:24.893972: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100128 Aug 26 18:24:24.893976: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100aa8 Aug 26 18:24:24.894024: | unreference key: 0x56371f0f7388 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:24.894072: | unreference key: 0x56371f0f75a8 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894131: | unreference key: 0x56371f1001c8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894181: | secrets entry for north already exists Aug 26 18:24:24.894192: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:24:24.894277: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:24:24.894283: | loading right certificate 'east' pubkey Aug 26 18:24:24.894342: | unreference key: 0x56371f0fe258 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894359: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100128 Aug 26 18:24:24.894364: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100aa8 Aug 26 18:24:24.894368: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f1004a8 Aug 26 18:24:24.894371: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100458 Aug 26 18:24:24.894375: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f100408 Aug 26 18:24:24.894423: | unreference key: 0x56371f0fc128 192.1.2.23 cnt 1-- Aug 26 18:24:24.894471: | unreference key: 0x56371f0fd8d8 east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894520: | unreference key: 0x56371f0fdaf8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:24.894568: | unreference key: 0x56371f0fe048 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894622: | unreference key: 0x56371f1005d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.894737: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:24:24.894748: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:24:24.894757: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:24:24.894763: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x56371f0fb9c8: northnet-eastnets/0x1 Aug 26 18:24:24.894766: added connection description "northnet-eastnets/0x2" Aug 26 18:24:24.894777: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:24.894800: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 18:24:24.894808: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.894814: | spent 1.22 milliseconds in whack Aug 26 18:24:24.903899: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:24.903927: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:24:24.903932: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:24.903936: initiating all conns with alias='northnet-eastnets' Aug 26 18:24:24.903944: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:24.903950: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:24.903953: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 18:24:24.903956: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:24.903958: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:24.903979: | creating state object #1 at 0x56371f101418 Aug 26 18:24:24.903983: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:24.903991: | pstats #1 ikev2.ike started Aug 26 18:24:24.903994: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:24.903997: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:24.904003: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:24.904011: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:24.904017: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:24.904021: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:24.904026: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Aug 26 18:24:24.904031: "northnet-eastnets/0x2" #1: initiating v2 parent SA Aug 26 18:24:24.904042: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Aug 26 18:24:24.904052: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.904061: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.904066: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.904071: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.904076: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.904082: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.904086: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:24.904092: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.904103: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.904115: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:24.904119: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f0fae08 Aug 26 18:24:24.904123: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:24.904127: | libevent_malloc: new ptr-libevent@0x56371f0fcdc8 size 128 Aug 26 18:24:24.904140: | #1 spent 0.189 milliseconds in ikev2_parent_outI1() Aug 26 18:24:24.904143: | crypto helper 0 resuming Aug 26 18:24:24.904145: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:24.904162: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:24.904168: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:24.904173: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:24.904175: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:24.904183: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:24.904189: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:24.904193: | connection 'northnet-eastnets/0x1' +POLICY_UP Aug 26 18:24:24.904197: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:24.904200: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:24.904206: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Aug 26 18:24:24.904212: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:24.904216: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 18:24:24.904220: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:24.904225: | spent 0.326 milliseconds in whack Aug 26 18:24:24.905133: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000958 seconds Aug 26 18:24:24.905147: | (#1) spent 0.959 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:24.905152: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:24.905156: | scheduling resume sending helper answer for #1 Aug 26 18:24:24.905160: | libevent_malloc: new ptr-libevent@0x7fcadc002888 size 128 Aug 26 18:24:24.905168: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:24.905249: | processing resume sending helper answer for #1 Aug 26 18:24:24.905259: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:24.905264: | crypto helper 0 replies to request ID 1 Aug 26 18:24:24.905267: | calling continuation function 0x56371eceeb50 Aug 26 18:24:24.905270: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:24.905315: | **emit ISAKMP Message: Aug 26 18:24:24.905322: | initiator cookie: Aug 26 18:24:24.905324: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.905327: | responder cookie: Aug 26 18:24:24.905329: | 00 00 00 00 00 00 00 00 Aug 26 18:24:24.905332: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.905335: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.905337: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:24.905340: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.905343: | Message ID: 0 (0x0) Aug 26 18:24:24.905346: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.905360: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.905364: | Emitting ikev2_proposals ... Aug 26 18:24:24.905367: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:24.905370: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.905373: | flags: none (0x0) Aug 26 18:24:24.905380: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:24.905384: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.905387: | discarding INTEG=NONE Aug 26 18:24:24.905390: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.905393: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.905395: | prop #: 1 (0x1) Aug 26 18:24:24.905398: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.905400: | spi size: 0 (0x0) Aug 26 18:24:24.905402: | # transforms: 11 (0xb) Aug 26 18:24:24.905406: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.905409: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905414: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.905416: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.905419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905423: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.905426: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.905429: | length/value: 256 (0x100) Aug 26 18:24:24.905433: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.905436: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905439: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905441: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.905444: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.905447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905453: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905456: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905461: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.905465: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.905473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905481: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905484: | discarding INTEG=NONE Aug 26 18:24:24.905487: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905497: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.905502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905522: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.905527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905538: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905541: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905547: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905551: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.905555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905559: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905563: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905566: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905569: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905576: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.905580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905588: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905591: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905601: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.905605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905613: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905616: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905625: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.905630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905634: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905638: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905641: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905650: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.905655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905663: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905666: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905669: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.905676: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905679: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.905684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905691: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905695: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:24.905699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.905702: | discarding INTEG=NONE Aug 26 18:24:24.905706: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.905710: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.905713: | prop #: 2 (0x2) Aug 26 18:24:24.905716: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.905719: | spi size: 0 (0x0) Aug 26 18:24:24.905722: | # transforms: 11 (0xb) Aug 26 18:24:24.905726: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.905731: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.905734: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905741: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.905744: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.905748: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905751: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.905755: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.905758: | length/value: 128 (0x80) Aug 26 18:24:24.905761: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.905765: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905768: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905771: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.905774: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.905779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905786: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905789: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905793: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905796: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.905799: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.905803: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905811: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905814: | discarding INTEG=NONE Aug 26 18:24:24.905817: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905824: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905827: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.905831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905841: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905844: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905853: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.905858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905866: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905869: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905878: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.905883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905887: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905890: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905894: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905903: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.905907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905915: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905918: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905925: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905928: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.905932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905940: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905943: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905947: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905950: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905953: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.905957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905965: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905968: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.905979: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.905983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.905988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.905991: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.905994: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.905997: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.906001: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906004: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.906008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906017: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906020: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:24.906024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.906028: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.906031: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.906034: | prop #: 3 (0x3) Aug 26 18:24:24.906037: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.906040: | spi size: 0 (0x0) Aug 26 18:24:24.906043: | # transforms: 13 (0xd) Aug 26 18:24:24.906048: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.906052: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.906055: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906062: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.906065: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.906069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906073: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.906076: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.906079: | length/value: 256 (0x100) Aug 26 18:24:24.906083: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.906086: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906092: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.906096: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.906100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906108: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906111: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906117: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.906121: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.906125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906137: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906144: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.906147: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.906152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906159: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906163: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906169: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.906172: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.906177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906184: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906188: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906197: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.906202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906206: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906209: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906212: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906219: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906222: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.906226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906244: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906247: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.906251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906262: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906272: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.906278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906285: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906328: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.906332: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906340: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906344: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906353: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.906357: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906365: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906368: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906378: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.906382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906390: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906393: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906396: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.906399: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906402: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.906407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906411: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906414: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906418: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:24.906422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.906425: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.906428: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.906431: | prop #: 4 (0x4) Aug 26 18:24:24.906434: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.906437: | spi size: 0 (0x0) Aug 26 18:24:24.906440: | # transforms: 13 (0xd) Aug 26 18:24:24.906445: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.906449: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.906454: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906460: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.906463: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.906467: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906471: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.906474: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.906477: | length/value: 128 (0x80) Aug 26 18:24:24.906480: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.906483: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906489: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.906493: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.906497: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906504: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906508: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906514: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.906517: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:24.906521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906529: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906538: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.906542: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.906546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906554: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906557: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906563: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.906566: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.906570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906578: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906581: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906587: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906591: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.906595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906604: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906607: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906610: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906616: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:24.906621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906632: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906642: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:24.906646: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906654: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906657: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906660: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906667: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:24.906671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906679: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906682: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906685: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906688: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906691: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:24.906695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906703: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906706: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906715: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:24.906720: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906739: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:24.906745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906753: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906756: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.906759: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.906762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.906766: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:24.906770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.906774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.906778: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.906781: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:24.906785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.906788: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:24.906792: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:24.906796: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:24.906799: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.906802: | flags: none (0x0) Aug 26 18:24:24.906805: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.906809: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:24.906813: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.906818: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:24.906821: | ikev2 g^x bf 4a 4b da d1 35 36 11 a2 2c 0c ff 79 0f a4 e7 Aug 26 18:24:24.906824: | ikev2 g^x 75 1a 6c e5 9f 12 02 1c 82 e7 24 56 7a f8 e4 0a Aug 26 18:24:24.906827: | ikev2 g^x 98 d8 2d f9 7c 3a a9 80 f2 08 75 c5 15 09 2d 13 Aug 26 18:24:24.906830: | ikev2 g^x dd ed 07 4c c3 7a 0b 1f e9 6f 65 46 ee 2e a5 9a Aug 26 18:24:24.906834: | ikev2 g^x bc 5f a0 be ee 1b 48 1d 57 0b 96 27 b7 7e d7 67 Aug 26 18:24:24.906837: | ikev2 g^x b7 f6 87 73 6e 8f 9f ad c0 b3 87 fc 4c 91 6b 37 Aug 26 18:24:24.906840: | ikev2 g^x 31 7a 11 70 f5 19 61 71 5a 25 ec 40 bc 16 45 b7 Aug 26 18:24:24.906843: | ikev2 g^x 82 f6 ed 8c 29 9c 74 46 f0 ce fc 60 f9 b0 de de Aug 26 18:24:24.906846: | ikev2 g^x 08 d5 d7 ed 24 25 6c 86 c6 75 de c9 e6 7e 72 bb Aug 26 18:24:24.906849: | ikev2 g^x 7a b0 f0 b7 93 e1 2b 48 db c2 32 36 03 63 93 48 Aug 26 18:24:24.906852: | ikev2 g^x 31 7b 7b 69 c9 23 1a ea 1c 97 c8 2f a4 4f 60 2d Aug 26 18:24:24.906855: | ikev2 g^x f1 6e 86 4b 9e 06 03 fe 03 cf 93 fc 80 94 60 dc Aug 26 18:24:24.906858: | ikev2 g^x fe 52 4b 38 bd f1 ae 0d 91 b0 11 ba 99 03 6f c3 Aug 26 18:24:24.906862: | ikev2 g^x 72 35 4b bc 86 12 9f 4c 3c 07 30 a9 77 b6 32 8c Aug 26 18:24:24.906865: | ikev2 g^x de fd ec ef 77 20 03 f4 92 4b 34 92 03 97 6b 54 Aug 26 18:24:24.906868: | ikev2 g^x b6 46 c4 c2 98 f9 be 87 41 ec 67 4f 49 93 6f 93 Aug 26 18:24:24.906871: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:24.906874: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:24.906877: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.906880: | flags: none (0x0) Aug 26 18:24:24.906884: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:24.906891: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:24.906895: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.906899: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:24.906903: | IKEv2 nonce c3 2b cc cf dc c2 da b5 43 d8 c9 c5 0a 82 a9 d2 Aug 26 18:24:24.906906: | IKEv2 nonce dd 25 e3 82 a4 c0 ef aa 68 63 95 3e bf eb ae 74 Aug 26 18:24:24.906910: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:24.906913: | Adding a v2N Payload Aug 26 18:24:24.906916: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.906920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.906923: | flags: none (0x0) Aug 26 18:24:24.906926: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.906929: | SPI size: 0 (0x0) Aug 26 18:24:24.906933: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:24.906937: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.906941: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.906945: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:24.906948: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:24.906952: | natd_hash: rcookie is zero Aug 26 18:24:24.906966: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:24.906971: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.906974: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:24.906977: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:24.906980: | natd_hash: port=500 Aug 26 18:24:24.906983: | natd_hash: hash= d8 fc c3 8f 04 c1 16 ff 20 f0 df 05 94 cc e6 5f Aug 26 18:24:24.906986: | natd_hash: hash= 1c 40 5b 8a Aug 26 18:24:24.906989: | Adding a v2N Payload Aug 26 18:24:24.906992: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.906995: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.906998: | flags: none (0x0) Aug 26 18:24:24.907001: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.907004: | SPI size: 0 (0x0) Aug 26 18:24:24.907008: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:24.907012: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.907016: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.907020: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:24.907024: | Notify data d8 fc c3 8f 04 c1 16 ff 20 f0 df 05 94 cc e6 5f Aug 26 18:24:24.907027: | Notify data 1c 40 5b 8a Aug 26 18:24:24.907030: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:24.907034: | natd_hash: rcookie is zero Aug 26 18:24:24.907043: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:24.907047: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.907050: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:24.907053: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:24.907056: | natd_hash: port=500 Aug 26 18:24:24.907059: | natd_hash: hash= 6b 37 20 31 e0 c9 f7 b4 b8 00 14 c1 3b be f7 b2 Aug 26 18:24:24.907063: | natd_hash: hash= 74 aa 89 be Aug 26 18:24:24.907065: | Adding a v2N Payload Aug 26 18:24:24.907068: | ***emit IKEv2 Notify Payload: Aug 26 18:24:24.907071: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.907075: | flags: none (0x0) Aug 26 18:24:24.907078: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.907080: | SPI size: 0 (0x0) Aug 26 18:24:24.907083: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:24.907088: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:24.907094: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.907098: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:24.907101: | Notify data 6b 37 20 31 e0 c9 f7 b4 b8 00 14 c1 3b be f7 b2 Aug 26 18:24:24.907104: | Notify data 74 aa 89 be Aug 26 18:24:24.907107: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:24.907111: | emitting length of ISAKMP Message: 828 Aug 26 18:24:24.907120: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:24.907133: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.907139: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:24.907143: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:24.907148: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:24.907153: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:24.907157: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:24.907164: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:24.907168: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:24.907183: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:24.907194: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.907200: | 73 77 1e 27 b8 01 d1 a1 00 00 00 00 00 00 00 00 Aug 26 18:24:24.907203: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:24.907207: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:24.907210: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:24.907213: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:24.907217: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:24.907220: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:24.907223: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:24.907226: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:24.907229: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:24.907233: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:24.907236: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:24.907239: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:24.907242: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:24.907245: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:24.907248: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:24.907251: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:24.907254: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:24.907257: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:24.907260: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:24.907263: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:24.907266: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:24.907270: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:24.907273: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:24.907276: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:24.907280: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:24.907283: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:24.907286: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:24.907292: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:24.907297: | 28 00 01 08 00 0e 00 00 bf 4a 4b da d1 35 36 11 Aug 26 18:24:24.907302: | a2 2c 0c ff 79 0f a4 e7 75 1a 6c e5 9f 12 02 1c Aug 26 18:24:24.907305: | 82 e7 24 56 7a f8 e4 0a 98 d8 2d f9 7c 3a a9 80 Aug 26 18:24:24.907308: | f2 08 75 c5 15 09 2d 13 dd ed 07 4c c3 7a 0b 1f Aug 26 18:24:24.907312: | e9 6f 65 46 ee 2e a5 9a bc 5f a0 be ee 1b 48 1d Aug 26 18:24:24.907315: | 57 0b 96 27 b7 7e d7 67 b7 f6 87 73 6e 8f 9f ad Aug 26 18:24:24.907318: | c0 b3 87 fc 4c 91 6b 37 31 7a 11 70 f5 19 61 71 Aug 26 18:24:24.907321: | 5a 25 ec 40 bc 16 45 b7 82 f6 ed 8c 29 9c 74 46 Aug 26 18:24:24.907325: | f0 ce fc 60 f9 b0 de de 08 d5 d7 ed 24 25 6c 86 Aug 26 18:24:24.907328: | c6 75 de c9 e6 7e 72 bb 7a b0 f0 b7 93 e1 2b 48 Aug 26 18:24:24.907331: | db c2 32 36 03 63 93 48 31 7b 7b 69 c9 23 1a ea Aug 26 18:24:24.907334: | 1c 97 c8 2f a4 4f 60 2d f1 6e 86 4b 9e 06 03 fe Aug 26 18:24:24.907337: | 03 cf 93 fc 80 94 60 dc fe 52 4b 38 bd f1 ae 0d Aug 26 18:24:24.907340: | 91 b0 11 ba 99 03 6f c3 72 35 4b bc 86 12 9f 4c Aug 26 18:24:24.907343: | 3c 07 30 a9 77 b6 32 8c de fd ec ef 77 20 03 f4 Aug 26 18:24:24.907346: | 92 4b 34 92 03 97 6b 54 b6 46 c4 c2 98 f9 be 87 Aug 26 18:24:24.907349: | 41 ec 67 4f 49 93 6f 93 29 00 00 24 c3 2b cc cf Aug 26 18:24:24.907352: | dc c2 da b5 43 d8 c9 c5 0a 82 a9 d2 dd 25 e3 82 Aug 26 18:24:24.907356: | a4 c0 ef aa 68 63 95 3e bf eb ae 74 29 00 00 08 Aug 26 18:24:24.907359: | 00 00 40 2e 29 00 00 1c 00 00 40 04 d8 fc c3 8f Aug 26 18:24:24.907362: | 04 c1 16 ff 20 f0 df 05 94 cc e6 5f 1c 40 5b 8a Aug 26 18:24:24.907365: | 00 00 00 1c 00 00 40 05 6b 37 20 31 e0 c9 f7 b4 Aug 26 18:24:24.907369: | b8 00 14 c1 3b be f7 b2 74 aa 89 be Aug 26 18:24:24.907398: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:24.907404: | libevent_free: release ptr-libevent@0x56371f0fcdc8 Aug 26 18:24:24.907408: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f0fae08 Aug 26 18:24:24.907412: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:24.907416: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:24.907424: | event_schedule: new EVENT_RETRANSMIT-pe@0x56371f0fae08 Aug 26 18:24:24.907429: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:24:24.907433: | libevent_malloc: new ptr-libevent@0x56371f100408 size 128 Aug 26 18:24:24.907440: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29150.64989 Aug 26 18:24:24.907445: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:24.907452: | #1 spent 2.15 milliseconds in resume sending helper answer Aug 26 18:24:24.907459: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:24.907463: | libevent_free: release ptr-libevent@0x7fcadc002888 Aug 26 18:24:24.912767: | spent 0.00337 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.912797: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.912802: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.912805: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 18:24:24.912808: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:24.912811: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:24.912814: | 04 00 00 0e 28 00 01 08 00 0e 00 00 27 7f df 01 Aug 26 18:24:24.912817: | e1 c7 d7 b9 53 90 4c 9e 1c 8d be 25 fa ec d4 07 Aug 26 18:24:24.912820: | 19 02 39 ab c6 48 9f d8 74 cf 79 91 b3 a3 87 5a Aug 26 18:24:24.912823: | f8 03 07 75 94 8e c1 52 2b 81 98 dc ed 4e 37 96 Aug 26 18:24:24.912826: | a6 5c a4 df 27 1d 6b e1 7e d8 a5 1f e1 e3 aa d8 Aug 26 18:24:24.912829: | 77 0f 78 13 67 fc 26 65 0b 56 9d b6 80 e9 0b 82 Aug 26 18:24:24.912832: | eb 38 42 ca 09 04 d3 f2 42 b3 49 73 77 3d e6 01 Aug 26 18:24:24.912837: | 2c d4 4a 5a 37 bc 0b 93 e7 05 bd 51 7d 96 0a 7f Aug 26 18:24:24.912841: | 10 5c c7 94 c6 95 fa 64 4e d4 51 77 50 1e 1b 20 Aug 26 18:24:24.912843: | e0 c0 c0 60 b2 bf e8 f8 30 19 71 26 3d e8 07 42 Aug 26 18:24:24.912846: | 14 e6 f4 74 e2 fd ed dd 02 48 73 dd 20 bb 28 83 Aug 26 18:24:24.912849: | 60 7c 02 e4 f8 ee 03 a4 a9 60 a2 20 3f 08 aa 8e Aug 26 18:24:24.912852: | de 4c 10 ec ea ef 82 f2 46 fa 10 cc 3c a3 fc bc Aug 26 18:24:24.912855: | e7 42 32 eb 2c 43 0c 56 9d 96 01 c1 d1 73 45 43 Aug 26 18:24:24.912858: | 59 74 f5 f0 de e8 92 36 db 83 87 9b a9 47 e5 13 Aug 26 18:24:24.912861: | 93 ad 15 79 29 eb dc 41 44 56 25 21 4e bd 97 5c Aug 26 18:24:24.912864: | 85 c1 72 28 1e b2 4b 36 35 cf d6 8e 29 00 00 24 Aug 26 18:24:24.912867: | 26 de e1 c0 8b 63 e0 a4 67 12 5c 72 2f d1 52 ec Aug 26 18:24:24.912870: | 88 66 b3 b4 ca 99 6f be 7d 68 81 7b 6a c1 e5 32 Aug 26 18:24:24.912873: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:24.912876: | 69 69 1d 4a ff 68 24 13 3c 31 4f b1 d4 7e 71 b6 Aug 26 18:24:24.912879: | bf 59 37 2f 26 00 00 1c 00 00 40 05 05 e6 84 f6 Aug 26 18:24:24.912881: | 84 dc 97 6c 75 cf 68 81 65 86 9d aa df 8e ce eb Aug 26 18:24:24.912884: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 18:24:24.912887: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:24.912893: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.912898: | **parse ISAKMP Message: Aug 26 18:24:24.912901: | initiator cookie: Aug 26 18:24:24.912904: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.912908: | responder cookie: Aug 26 18:24:24.912910: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.912914: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:24.912917: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.912921: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:24.912924: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.912927: | Message ID: 0 (0x0) Aug 26 18:24:24.912930: | length: 457 (0x1c9) Aug 26 18:24:24.912934: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:24.912938: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:24.912943: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:24.912952: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.912957: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.912961: | #1 is idle Aug 26 18:24:24.912964: | #1 idle Aug 26 18:24:24.912967: | unpacking clear payload Aug 26 18:24:24.912970: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:24.912974: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:24.912977: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:24.912981: | flags: none (0x0) Aug 26 18:24:24.912984: | length: 40 (0x28) Aug 26 18:24:24.912987: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:24.912990: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:24.912993: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:24.912997: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:24.913000: | flags: none (0x0) Aug 26 18:24:24.913003: | length: 264 (0x108) Aug 26 18:24:24.913006: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.913009: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:24.913012: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:24.913015: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:24.913018: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.913021: | flags: none (0x0) Aug 26 18:24:24.913024: | length: 36 (0x24) Aug 26 18:24:24.913027: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:24.913032: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.913036: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.913039: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.913041: | flags: none (0x0) Aug 26 18:24:24.913045: | length: 8 (0x8) Aug 26 18:24:24.913048: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.913051: | SPI size: 0 (0x0) Aug 26 18:24:24.913054: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:24.913057: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:24.913061: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.913063: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.913066: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:24.913070: | flags: none (0x0) Aug 26 18:24:24.913073: | length: 28 (0x1c) Aug 26 18:24:24.913076: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.913079: | SPI size: 0 (0x0) Aug 26 18:24:24.913082: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:24.913085: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:24.913088: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:24.913091: | ***parse IKEv2 Notify Payload: Aug 26 18:24:24.913094: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 18:24:24.913097: | flags: none (0x0) Aug 26 18:24:24.913100: | length: 28 (0x1c) Aug 26 18:24:24.913103: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:24.913106: | SPI size: 0 (0x0) Aug 26 18:24:24.913109: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:24.913112: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:24.913115: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:24.913119: | ***parse IKEv2 Certificate Request Payload: Aug 26 18:24:24.913122: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.913125: | flags: none (0x0) Aug 26 18:24:24.913128: | length: 25 (0x19) Aug 26 18:24:24.913132: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.913135: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 18:24:24.913138: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:24.913143: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:24.913148: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:24.913151: | Now let's proceed with state specific processing Aug 26 18:24:24.913154: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:24.913159: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:24.913179: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:24.913184: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:24.913188: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:24.913191: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:24.913195: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:24.913198: | local proposal 1 type DH has 8 transforms Aug 26 18:24:24.913201: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:24.913205: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:24.913208: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:24.913213: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:24.913216: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:24.913219: | local proposal 2 type DH has 8 transforms Aug 26 18:24:24.913222: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:24.913226: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:24.913229: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:24.913232: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:24.913235: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:24.913238: | local proposal 3 type DH has 8 transforms Aug 26 18:24:24.913241: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:24.913244: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:24.913247: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:24.913250: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:24.913253: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:24.913257: | local proposal 4 type DH has 8 transforms Aug 26 18:24:24.913260: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:24.913263: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:24.913267: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.913270: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.913273: | length: 36 (0x24) Aug 26 18:24:24.913276: | prop #: 1 (0x1) Aug 26 18:24:24.913279: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:24.913282: | spi size: 0 (0x0) Aug 26 18:24:24.913285: | # transforms: 3 (0x3) Aug 26 18:24:24.913293: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:24.913299: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.913302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.913306: | length: 12 (0xc) Aug 26 18:24:24.913309: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.913312: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.913315: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.913318: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.913321: | length/value: 256 (0x100) Aug 26 18:24:24.913327: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:24.913330: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.913333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.913336: | length: 8 (0x8) Aug 26 18:24:24.913339: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:24.913343: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:24.913347: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:24.913350: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.913353: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.913356: | length: 8 (0x8) Aug 26 18:24:24.913359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:24.913362: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:24.913367: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:24.913371: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:24.913376: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:24.913380: | remote proposal 1 matches local proposal 1 Aug 26 18:24:24.913384: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:24.913387: | converting proposal to internal trans attrs Aug 26 18:24:24.913406: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:24.913410: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.913413: | natd_hash: rcookie= ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.913418: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:24.913421: | natd_hash: port=500 Aug 26 18:24:24.913424: | natd_hash: hash= 05 e6 84 f6 84 dc 97 6c 75 cf 68 81 65 86 9d aa Aug 26 18:24:24.913427: | natd_hash: hash= df 8e ce eb Aug 26 18:24:24.913435: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:24.913438: | natd_hash: icookie= 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.913441: | natd_hash: rcookie= ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.913444: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:24.913447: | natd_hash: port=500 Aug 26 18:24:24.913450: | natd_hash: hash= 69 69 1d 4a ff 68 24 13 3c 31 4f b1 d4 7e 71 b6 Aug 26 18:24:24.913453: | natd_hash: hash= bf 59 37 2f Aug 26 18:24:24.913456: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:24.913459: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:24.913462: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:24.913466: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:24.913474: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:24.913479: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:24.913482: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:24.913486: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:24.913491: | libevent_free: release ptr-libevent@0x56371f100408 Aug 26 18:24:24.913494: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56371f0fae08 Aug 26 18:24:24.913497: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f0fae08 Aug 26 18:24:24.913501: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:24.913504: | libevent_malloc: new ptr-libevent@0x7fcadc002888 size 128 Aug 26 18:24:24.913525: | crypto helper 3 resuming Aug 26 18:24:24.913535: | crypto helper 3 starting work-order 2 for state #1 Aug 26 18:24:24.913543: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:24.914419: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:24.914867: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001324 seconds Aug 26 18:24:24.914878: | (#1) spent 1.33 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:24.914883: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:24.914886: | scheduling resume sending helper answer for #1 Aug 26 18:24:24.914889: | libevent_malloc: new ptr-libevent@0x7fcad4000f48 size 128 Aug 26 18:24:24.914895: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:24.914905: | #1 spent 0.356 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:24.914913: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.914917: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:24.914920: | suspending state #1 and saving MD Aug 26 18:24:24.914923: | #1 is busy; has a suspended MD Aug 26 18:24:24.914927: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:24.914930: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:24.914935: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.914940: | #1 spent 0.768 milliseconds in ikev2_process_packet() Aug 26 18:24:24.914945: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:24.914948: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.914951: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.914955: | spent 0.784 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.914967: | processing resume sending helper answer for #1 Aug 26 18:24:24.914973: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:24.914977: | crypto helper 3 replies to request ID 2 Aug 26 18:24:24.914980: | calling continuation function 0x56371eceeb50 Aug 26 18:24:24.914983: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:24.914992: | creating state object #2 at 0x56371f105ad8 Aug 26 18:24:24.914996: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:24.915000: | pstats #2 ikev2.child started Aug 26 18:24:24.915004: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 18:24:24.915009: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:24.915017: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:24.915023: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:24.915028: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:24.915031: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:24.915035: | libevent_free: release ptr-libevent@0x7fcadc002888 Aug 26 18:24:24.915039: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f0fae08 Aug 26 18:24:24.915043: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f0fae08 Aug 26 18:24:24.915047: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:24.915050: | libevent_malloc: new ptr-libevent@0x7fcadc002888 size 128 Aug 26 18:24:24.915054: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:24.915062: | **emit ISAKMP Message: Aug 26 18:24:24.915065: | initiator cookie: Aug 26 18:24:24.915068: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.915071: | responder cookie: Aug 26 18:24:24.915073: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.915076: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.915079: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.915082: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.915085: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.915087: | Message ID: 1 (0x1) Aug 26 18:24:24.915091: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.915094: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:24.915097: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.915100: | flags: none (0x0) Aug 26 18:24:24.915103: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:24.915106: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.915110: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:24.915118: | IKEv2 CERT: send a certificate? Aug 26 18:24:24.915121: | IKEv2 CERT: OK to send a certificate (always) Aug 26 18:24:24.915124: | IDr payload will be sent Aug 26 18:24:24.915139: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:24.915143: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.915145: | flags: none (0x0) Aug 26 18:24:24.915148: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.915151: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:24.915154: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.915160: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:24.915163: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.915166: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.915168: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.915171: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.915173: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.915175: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.915178: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:24:24.915180: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:24:24.915182: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:24:24.915185: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:24:24.915187: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:24:24.915189: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.915192: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Aug 26 18:24:24.915202: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.915205: | ****emit IKEv2 Certificate Payload: Aug 26 18:24:24.915208: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.915211: | flags: none (0x0) Aug 26 18:24:24.915213: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.915217: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 18:24:24.915219: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.915223: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 18:24:24.915225: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 18:24:24.915228: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:24:24.915230: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:24:24.915232: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:24:24.915235: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:24:24.915237: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:24:24.915239: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:24:24.915242: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:24:24.915244: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:24:24.915247: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:24:24.915249: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:24:24.915252: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:24:24.915254: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:24:24.915256: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:24:24.915258: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:24:24.915260: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:24:24.915263: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:24:24.915265: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:24:24.915268: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:24:24.915271: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:24:24.915273: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:24:24.915276: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 18:24:24.915278: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:24:24.915280: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 18:24:24.915284: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 18:24:24.915287: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 18:24:24.915296: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 18:24:24.915299: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 18:24:24.915301: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 18:24:24.915304: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 18:24:24.915307: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 18:24:24.915309: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 18:24:24.915312: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 18:24:24.915314: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 18:24:24.915317: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 18:24:24.915319: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 18:24:24.915322: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 18:24:24.915324: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 18:24:24.915326: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 18:24:24.915329: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 18:24:24.915331: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 18:24:24.915334: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 18:24:24.915336: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 18:24:24.915339: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 18:24:24.915342: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 18:24:24.915344: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 18:24:24.915347: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 18:24:24.915350: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 18:24:24.915352: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 18:24:24.915355: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 18:24:24.915357: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 18:24:24.915360: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 18:24:24.915362: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 18:24:24.915365: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 18:24:24.915367: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 18:24:24.915370: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:24:24.915373: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 18:24:24.915375: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 18:24:24.915378: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 18:24:24.915380: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 18:24:24.915383: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 18:24:24.915385: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 18:24:24.915388: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.915391: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 18:24:24.915394: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 18:24:24.915396: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 18:24:24.915399: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 18:24:24.915401: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 18:24:24.915404: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 18:24:24.915407: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 18:24:24.915409: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 18:24:24.915412: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 18:24:24.915415: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 18:24:24.915417: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 18:24:24.915422: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 18:24:24.915425: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 18:24:24.915427: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 18:24:24.915430: | emitting length of IKEv2 Certificate Payload: 1232 Aug 26 18:24:24.915434: | IKEv2 CERTREQ: send a cert request? Aug 26 18:24:24.915438: | IKEv2 CERTREQ: OK to send a certificate request Aug 26 18:24:24.915447: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Aug 26 18:24:24.915450: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 18:24:24.915454: | ****emit IKEv2 Certificate Request Payload: Aug 26 18:24:24.915457: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.915460: | flags: none (0x0) Aug 26 18:24:24.915463: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.915467: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:24.915470: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.916071: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 18:24:24.916081: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 18:24:24.916084: | CA cert public key hash Aug 26 18:24:24.916086: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 18:24:24.916087: | 2b 92 25 e9 Aug 26 18:24:24.916089: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 18:24:24.916091: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:24.916093: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:24.916095: | flags: none (0x0) Aug 26 18:24:24.916097: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.916099: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:24.916102: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:24.916104: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.916106: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:24.916108: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.916109: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.916111: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.916112: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.916114: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.916115: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.916117: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:24.916118: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.916120: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:24.916121: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:24.916123: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.916124: | IDr 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.916126: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 18:24:24.916128: | not sending INITIAL_CONTACT Aug 26 18:24:24.916130: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:24.916132: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.916134: | flags: none (0x0) Aug 26 18:24:24.916136: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:24.916138: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:24.916142: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.916146: | #1 spent 1.17 milliseconds Aug 26 18:24:24.916154: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 18:24:24.916192: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 18:24:24.925166: | #1 spent 7.79 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:24.925186: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:24.925191: | rsa signature a4 24 92 9f 46 06 92 3b 9a 38 2a 3f 46 f3 a3 d7 Aug 26 18:24:24.925194: | rsa signature 26 d3 33 5f 78 68 11 2a 4e d2 f0 37 a4 bc 3e 3a Aug 26 18:24:24.925197: | rsa signature 78 1e 0d 0d cf fc 25 4a 03 ad d3 82 34 78 ac 7a Aug 26 18:24:24.925199: | rsa signature 38 1f d0 25 01 bb a7 e5 7c e8 72 41 21 68 c9 27 Aug 26 18:24:24.925202: | rsa signature ff 37 3d 29 0c d4 e3 9e 4c b5 49 b0 e8 55 a0 ca Aug 26 18:24:24.925205: | rsa signature ff 62 23 d3 19 2a dc 70 fc e5 fd 71 e4 53 1b 82 Aug 26 18:24:24.925207: | rsa signature 8e cc b3 e2 57 0d 65 b0 a8 6a f8 66 5f 46 d4 30 Aug 26 18:24:24.925210: | rsa signature b4 ca b5 83 02 34 e4 c6 70 9f 54 c0 ac ea 17 a1 Aug 26 18:24:24.925212: | rsa signature f2 8d 4f 02 2a 63 74 b0 a1 ac 98 c2 92 34 e5 80 Aug 26 18:24:24.925215: | rsa signature 3c 25 ed 45 9c 01 c1 ed 03 f5 fb f2 1c c6 f8 0d Aug 26 18:24:24.925218: | rsa signature c4 30 c4 77 ef 14 81 cc df 70 b7 58 dc fb d1 88 Aug 26 18:24:24.925220: | rsa signature 86 b3 d9 17 76 7a 97 58 e9 7a a9 99 fc 7f 1e 97 Aug 26 18:24:24.925222: | rsa signature ac de 95 44 c2 79 fd 63 7c 42 8c e4 8e 6f 1e 2b Aug 26 18:24:24.925225: | rsa signature 84 34 96 f9 44 96 f7 c3 63 f6 b0 7d f8 a1 28 fe Aug 26 18:24:24.925227: | rsa signature 23 eb bb a0 12 ab 12 35 e3 4c 28 1d f0 38 34 59 Aug 26 18:24:24.925229: | rsa signature 7c 68 18 89 45 53 47 cb 2a e8 b9 1d d8 5f d9 52 Aug 26 18:24:24.925231: | rsa signature 4a d1 53 4f 2e 95 7a d4 5c 86 b5 b6 06 bd f6 fe Aug 26 18:24:24.925233: | rsa signature fa b7 b9 78 17 d2 2b 2d 12 ac 78 b2 ff 1c e3 c1 Aug 26 18:24:24.925236: | rsa signature 6d fe 4e 07 9b dd 9a d1 9f f1 80 c1 be 46 0c 58 Aug 26 18:24:24.925238: | rsa signature c5 4b 7b 48 60 12 e5 a0 e6 9f b4 30 1a 79 4f 10 Aug 26 18:24:24.925240: | rsa signature 89 7f 84 1b 5b a9 a7 69 0c 67 20 0b 95 2c df be Aug 26 18:24:24.925242: | rsa signature 7d eb 70 bf ce d0 f9 68 70 a6 35 c3 11 59 d2 d2 Aug 26 18:24:24.925245: | rsa signature cd b1 4c 0e cb 98 56 3d d9 b5 b4 1c 16 03 c4 ad Aug 26 18:24:24.925247: | rsa signature 08 77 21 8e b0 dd 93 c1 ea 76 02 3f 4e 1d 44 64 Aug 26 18:24:24.925252: | #1 spent 7.94 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:24.925255: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 18:24:24.925258: | getting first pending from state #1 Aug 26 18:24:24.925261: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Aug 26 18:24:24.925269: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:24.925295: | netlink_get_spi: allocated 0x5c2f00b5 for esp.0@192.1.3.33 Aug 26 18:24:24.925303: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:24.925310: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:24.925316: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:24.925319: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:24.925328: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:24.925333: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:24.925337: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.925340: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:24.925344: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.925353: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.925365: | Emitting ikev2_proposals ... Aug 26 18:24:24.925369: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:24.925373: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.925376: | flags: none (0x0) Aug 26 18:24:24.925380: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:24.925383: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.925386: | discarding INTEG=NONE Aug 26 18:24:24.925388: | discarding DH=NONE Aug 26 18:24:24.925391: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.925394: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925397: | prop #: 1 (0x1) Aug 26 18:24:24.925400: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.925402: | spi size: 4 (0x4) Aug 26 18:24:24.925405: | # transforms: 2 (0x2) Aug 26 18:24:24.925408: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.925411: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:24.925414: | our spi 5c 2f 00 b5 Aug 26 18:24:24.925417: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925423: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.925426: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.925429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925432: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.925435: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.925437: | length/value: 256 (0x100) Aug 26 18:24:24.925440: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.925443: | discarding INTEG=NONE Aug 26 18:24:24.925445: | discarding DH=NONE Aug 26 18:24:24.925447: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925450: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.925452: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.925455: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.925458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925461: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925464: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925467: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:24.925470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.925474: | discarding INTEG=NONE Aug 26 18:24:24.925476: | discarding DH=NONE Aug 26 18:24:24.925479: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.925481: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925484: | prop #: 2 (0x2) Aug 26 18:24:24.925486: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.925489: | spi size: 4 (0x4) Aug 26 18:24:24.925491: | # transforms: 2 (0x2) Aug 26 18:24:24.925494: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925497: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.925500: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:24.925503: | our spi 5c 2f 00 b5 Aug 26 18:24:24.925506: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925511: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.925513: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.925516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925519: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.925522: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.925524: | length/value: 128 (0x80) Aug 26 18:24:24.925527: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.925529: | discarding INTEG=NONE Aug 26 18:24:24.925531: | discarding DH=NONE Aug 26 18:24:24.925533: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925536: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.925538: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.925541: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.925544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925552: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:24.925555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.925557: | discarding DH=NONE Aug 26 18:24:24.925560: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.925563: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925566: | prop #: 3 (0x3) Aug 26 18:24:24.925568: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.925571: | spi size: 4 (0x4) Aug 26 18:24:24.925573: | # transforms: 4 (0x4) Aug 26 18:24:24.925576: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925580: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.925583: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:24.925585: | our spi 5c 2f 00 b5 Aug 26 18:24:24.925588: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925594: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.925596: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.925599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925602: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.925605: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.925610: | length/value: 256 (0x100) Aug 26 18:24:24.925613: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.925615: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925620: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.925623: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.925625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925630: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925633: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925635: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925638: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.925640: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.925643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925649: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925651: | discarding DH=NONE Aug 26 18:24:24.925654: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925656: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.925658: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.925661: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.925664: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925667: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925672: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:24.925675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.925678: | discarding DH=NONE Aug 26 18:24:24.925680: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.925683: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.925685: | prop #: 4 (0x4) Aug 26 18:24:24.925688: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.925690: | spi size: 4 (0x4) Aug 26 18:24:24.925692: | # transforms: 4 (0x4) Aug 26 18:24:24.925695: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:24.925698: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:24.925701: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:24.925704: | our spi 5c 2f 00 b5 Aug 26 18:24:24.925706: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925709: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.925710: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:24.925712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925714: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.925716: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.925717: | length/value: 128 (0x80) Aug 26 18:24:24.925721: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:24.925722: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925726: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.925727: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:24.925729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925733: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925734: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925737: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:24.925739: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:24.925741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925745: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925746: | discarding DH=NONE Aug 26 18:24:24.925748: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:24.925749: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.925751: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.925752: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.925754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.925756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:24.925758: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:24.925759: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:24.925761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:24.925763: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:24.925765: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:24.925767: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:24.925769: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.925771: | flags: none (0x0) Aug 26 18:24:24.925772: | number of TS: 1 (0x1) Aug 26 18:24:24.925774: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:24.925777: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.925778: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:24.925780: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.925782: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.925783: | start port: 0 (0x0) Aug 26 18:24:24.925785: | end port: 65535 (0xffff) Aug 26 18:24:24.925787: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:24.925789: | ipv4 start c0 00 03 00 Aug 26 18:24:24.925790: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:24.925792: | ipv4 end c0 00 03 ff Aug 26 18:24:24.925794: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:24.925795: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:24.925798: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:24.925800: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.925801: | flags: none (0x0) Aug 26 18:24:24.925803: | number of TS: 1 (0x1) Aug 26 18:24:24.925805: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:24.925807: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:24.925809: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:24.925810: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.925812: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.925813: | start port: 0 (0x0) Aug 26 18:24:24.925815: | end port: 65535 (0xffff) Aug 26 18:24:24.925817: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:24.925818: | ipv4 start c0 00 02 00 Aug 26 18:24:24.925820: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:24.925821: | ipv4 end c0 00 02 ff Aug 26 18:24:24.925823: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:24.925825: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:24.925826: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:24.925828: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:24.925830: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.925833: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:24.925835: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:24.925836: | emitting length of IKEv2 Encryption Payload: 2274 Aug 26 18:24:24.925838: | emitting length of ISAKMP Message: 2302 Aug 26 18:24:24.925841: | **parse ISAKMP Message: Aug 26 18:24:24.925843: | initiator cookie: Aug 26 18:24:24.925845: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.925846: | responder cookie: Aug 26 18:24:24.925848: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.925850: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:24.925852: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.925853: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.925855: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.925856: | Message ID: 1 (0x1) Aug 26 18:24:24.925858: | length: 2302 (0x8fe) Aug 26 18:24:24.925860: | **parse IKEv2 Encryption Payload: Aug 26 18:24:24.925861: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:24.925863: | flags: none (0x0) Aug 26 18:24:24.925865: | length: 2274 (0x8e2) Aug 26 18:24:24.925866: | **emit ISAKMP Message: Aug 26 18:24:24.925868: | initiator cookie: Aug 26 18:24:24.925869: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.925871: | responder cookie: Aug 26 18:24:24.925872: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.925874: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.925876: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.925877: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.925879: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.925880: | Message ID: 1 (0x1) Aug 26 18:24:24.925882: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.925884: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.925885: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:24.925887: | flags: none (0x0) Aug 26 18:24:24.925889: | fragment number: 1 (0x1) Aug 26 18:24:24.925890: | total fragments: 5 (0x5) Aug 26 18:24:24.925892: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 18:24:24.925894: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.925897: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.925899: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.925906: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.925908: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Aug 26 18:24:24.925910: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:24.925911: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:24.925913: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:24.925914: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.925916: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:24.925918: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Aug 26 18:24:24.925919: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Aug 26 18:24:24.925921: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.925922: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Aug 26 18:24:24.925924: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Aug 26 18:24:24.925925: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 18:24:24.925927: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Aug 26 18:24:24.925929: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Aug 26 18:24:24.925930: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Aug 26 18:24:24.925932: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Aug 26 18:24:24.925933: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Aug 26 18:24:24.925935: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Aug 26 18:24:24.925936: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Aug 26 18:24:24.925938: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Aug 26 18:24:24.925940: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Aug 26 18:24:24.925941: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Aug 26 18:24:24.925943: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Aug 26 18:24:24.925944: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Aug 26 18:24:24.925946: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.925947: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 Aug 26 18:24:24.925949: | cleartext fragment 30 39 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 Aug 26 18:24:24.925951: | cleartext fragment 33 30 39 30 37 35 33 5a 30 81 b6 31 0b 30 09 06 Aug 26 18:24:24.925952: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:24.925954: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Aug 26 18:24:24.925955: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.925957: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.925959: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.925961: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.925963: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.925974: | **emit ISAKMP Message: Aug 26 18:24:24.925976: | initiator cookie: Aug 26 18:24:24.925977: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.925979: | responder cookie: Aug 26 18:24:24.925980: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.925982: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.925984: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.925989: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.925990: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.925992: | Message ID: 1 (0x1) Aug 26 18:24:24.925994: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.925995: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.925997: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.925999: | flags: none (0x0) Aug 26 18:24:24.926000: | fragment number: 2 (0x2) Aug 26 18:24:24.926002: | total fragments: 5 (0x5) Aug 26 18:24:24.926004: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.926006: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.926007: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.926009: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.926011: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.926013: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Aug 26 18:24:24.926015: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Aug 26 18:24:24.926016: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Aug 26 18:24:24.926018: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Aug 26 18:24:24.926020: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Aug 26 18:24:24.926021: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 18:24:24.926023: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 18:24:24.926024: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Aug 26 18:24:24.926026: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Aug 26 18:24:24.926028: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Aug 26 18:24:24.926029: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Aug 26 18:24:24.926031: | cleartext fragment 82 01 81 00 c0 59 bd 4b 40 fd f4 2c e7 cf 9e f3 Aug 26 18:24:24.926032: | cleartext fragment 29 e6 61 73 de ab 42 3d cc 51 1a e8 79 d6 53 46 Aug 26 18:24:24.926034: | cleartext fragment a1 fd 66 d1 9e ab b4 65 76 51 ad 3f 6f 8f ef d2 Aug 26 18:24:24.926035: | cleartext fragment 73 f9 fd 8f 44 b0 6c 36 4b 95 c3 b2 45 0f 31 0c Aug 26 18:24:24.926037: | cleartext fragment e9 df 35 95 44 c0 19 53 8d df 6a 4b b2 af d6 d3 Aug 26 18:24:24.926039: | cleartext fragment e8 dd f5 20 df 9c cd 8a f7 6a 09 92 60 00 45 44 Aug 26 18:24:24.926040: | cleartext fragment 39 4c 17 6c 06 02 91 37 4b f5 6a c3 5e 21 c6 64 Aug 26 18:24:24.926042: | cleartext fragment 32 32 98 1d b7 99 1f 3c 13 fe ec c7 a4 a5 3b 37 Aug 26 18:24:24.926043: | cleartext fragment 30 df e4 31 95 47 91 b1 ca 96 66 b7 9e 49 65 a2 Aug 26 18:24:24.926045: | cleartext fragment 4c 79 54 17 ed 68 19 34 9d 7e 67 91 27 51 f0 ee Aug 26 18:24:24.926046: | cleartext fragment cb b3 90 68 7c 1d fd 83 32 06 2e e6 6f d5 f0 62 Aug 26 18:24:24.926048: | cleartext fragment 00 4d ef 11 90 b6 ad 61 83 0b 21 94 18 d9 2b 88 Aug 26 18:24:24.926050: | cleartext fragment 09 0d 33 2e 3b 71 18 f4 ce 4a 45 f3 37 f4 db c0 Aug 26 18:24:24.926051: | cleartext fragment d6 ab c2 da da cd 6d e0 a3 9d 21 53 19 34 b1 0c Aug 26 18:24:24.926053: | cleartext fragment d9 63 7c 45 b7 26 a4 d9 d6 93 25 1e 1f 74 3c 07 Aug 26 18:24:24.926054: | cleartext fragment 32 69 9b bc 0f db ba 3e 30 85 a4 3d ec 5c 70 fe Aug 26 18:24:24.926056: | cleartext fragment fe 7d 64 3c 2c 48 b3 8a eb 26 bf 05 d4 33 1e c3 Aug 26 18:24:24.926057: | cleartext fragment f7 1c 24 c9 99 e3 d1 99 91 df 32 10 d5 7c 31 7e Aug 26 18:24:24.926059: | cleartext fragment 9e 6f 70 01 dc 0d d7 21 03 76 4d f5 b2 e3 Aug 26 18:24:24.926062: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.926064: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.926065: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.926067: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.926069: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.926074: | **emit ISAKMP Message: Aug 26 18:24:24.926076: | initiator cookie: Aug 26 18:24:24.926078: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.926079: | responder cookie: Aug 26 18:24:24.926081: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926082: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.926084: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.926086: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.926087: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.926089: | Message ID: 1 (0x1) Aug 26 18:24:24.926090: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.926092: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.926094: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.926095: | flags: none (0x0) Aug 26 18:24:24.926097: | fragment number: 3 (0x3) Aug 26 18:24:24.926098: | total fragments: 5 (0x5) Aug 26 18:24:24.926100: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.926102: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.926104: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.926106: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.926108: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.926110: | cleartext fragment 87 30 94 8c b2 0a c0 b4 d9 0b d4 d9 37 e0 7a 73 Aug 26 18:24:24.926111: | cleartext fragment 13 50 8d 6f 93 9a 7c 5a 1a b2 87 7e 0c 64 60 cb Aug 26 18:24:24.926113: | cleartext fragment 4b 2c ef 22 75 b1 7c 60 3e e3 e5 f1 94 38 51 8f Aug 26 18:24:24.926114: | cleartext fragment 00 e8 35 7b b5 01 ed c1 c4 fd a3 4b 56 42 d6 8b Aug 26 18:24:24.926116: | cleartext fragment 64 38 74 95 c4 13 70 f0 f0 23 29 57 2b ef 74 97 Aug 26 18:24:24.926117: | cleartext fragment 97 76 8d 30 48 91 02 03 01 00 01 a3 81 e4 30 81 Aug 26 18:24:24.926119: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Aug 26 18:24:24.926121: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Aug 26 18:24:24.926122: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.926124: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Aug 26 18:24:24.926125: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Aug 26 18:24:24.926127: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Aug 26 18:24:24.926128: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Aug 26 18:24:24.926130: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Aug 26 18:24:24.926132: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Aug 26 18:24:24.926133: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Aug 26 18:24:24.926135: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Aug 26 18:24:24.926136: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Aug 26 18:24:24.926138: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Aug 26 18:24:24.926139: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Aug 26 18:24:24.926141: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Aug 26 18:24:24.926144: | cleartext fragment 00 03 81 81 00 9e e9 26 57 73 c2 4c 64 c6 ab d6 Aug 26 18:24:24.926145: | cleartext fragment d3 1a 13 4f 6b 48 e3 17 b2 3d fb 30 93 2d 15 92 Aug 26 18:24:24.926147: | cleartext fragment 6e a3 60 29 10 1d 3e a7 93 48 3c 40 5b af 9e e5 Aug 26 18:24:24.926148: | cleartext fragment 93 b7 2f d5 4b 9f db bd ab 5d 03 57 3a 1a f9 81 Aug 26 18:24:24.926150: | cleartext fragment 87 13 dd 32 e7 93 b5 9e 3b 40 3c c6 c9 d5 ce c6 Aug 26 18:24:24.926152: | cleartext fragment c7 5d da 89 36 3d d0 36 82 fd b2 ab 00 2a 7c 0e Aug 26 18:24:24.926153: | cleartext fragment a7 ad 3e e2 b1 5a 0d 88 45 26 48 51 b3 c7 79 d7 Aug 26 18:24:24.926155: | cleartext fragment 04 e7 47 5f 28 f8 63 fb ae 58 52 8b ba 60 ce 19 Aug 26 18:24:24.926156: | cleartext fragment ac fa 4e 65 7d 24 00 00 19 04 58 13 71 57 Aug 26 18:24:24.926158: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.926160: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.926162: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.926163: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.926165: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.926169: | **emit ISAKMP Message: Aug 26 18:24:24.926170: | initiator cookie: Aug 26 18:24:24.926172: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.926173: | responder cookie: Aug 26 18:24:24.926175: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926177: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.926178: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.926180: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.926182: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.926183: | Message ID: 1 (0x1) Aug 26 18:24:24.926185: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.926187: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.926188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.926190: | flags: none (0x0) Aug 26 18:24:24.926192: | fragment number: 4 (0x4) Aug 26 18:24:24.926193: | total fragments: 5 (0x5) Aug 26 18:24:24.926195: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.926197: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.926199: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.926201: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.926205: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.926207: | cleartext fragment 9d ee 1a 15 74 03 12 80 12 4d c1 85 2b 92 25 e9 Aug 26 18:24:24.926209: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 18:24:24.926210: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 18:24:24.926212: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 18:24:24.926214: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 18:24:24.926215: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 18:24:24.926217: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 18:24:24.926218: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 18:24:24.926220: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 18:24:24.926222: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 18:24:24.926223: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 18:24:24.926225: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 18:24:24.926228: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Aug 26 18:24:24.926229: | cleartext fragment 00 01 88 01 00 00 00 a4 24 92 9f 46 06 92 3b 9a Aug 26 18:24:24.926231: | cleartext fragment 38 2a 3f 46 f3 a3 d7 26 d3 33 5f 78 68 11 2a 4e Aug 26 18:24:24.926233: | cleartext fragment d2 f0 37 a4 bc 3e 3a 78 1e 0d 0d cf fc 25 4a 03 Aug 26 18:24:24.926234: | cleartext fragment ad d3 82 34 78 ac 7a 38 1f d0 25 01 bb a7 e5 7c Aug 26 18:24:24.926236: | cleartext fragment e8 72 41 21 68 c9 27 ff 37 3d 29 0c d4 e3 9e 4c Aug 26 18:24:24.926237: | cleartext fragment b5 49 b0 e8 55 a0 ca ff 62 23 d3 19 2a dc 70 fc Aug 26 18:24:24.926239: | cleartext fragment e5 fd 71 e4 53 1b 82 8e cc b3 e2 57 0d 65 b0 a8 Aug 26 18:24:24.926241: | cleartext fragment 6a f8 66 5f 46 d4 30 b4 ca b5 83 02 34 e4 c6 70 Aug 26 18:24:24.926242: | cleartext fragment 9f 54 c0 ac ea 17 a1 f2 8d 4f 02 2a 63 74 b0 a1 Aug 26 18:24:24.926244: | cleartext fragment ac 98 c2 92 34 e5 80 3c 25 ed 45 9c 01 c1 ed 03 Aug 26 18:24:24.926245: | cleartext fragment f5 fb f2 1c c6 f8 0d c4 30 c4 77 ef 14 81 cc df Aug 26 18:24:24.926247: | cleartext fragment 70 b7 58 dc fb d1 88 86 b3 d9 17 76 7a 97 58 e9 Aug 26 18:24:24.926249: | cleartext fragment 7a a9 99 fc 7f 1e 97 ac de 95 44 c2 79 fd 63 7c Aug 26 18:24:24.926250: | cleartext fragment 42 8c e4 8e 6f 1e 2b 84 34 96 f9 44 96 f7 c3 63 Aug 26 18:24:24.926252: | cleartext fragment f6 b0 7d f8 a1 28 fe 23 eb bb a0 12 ab 12 35 e3 Aug 26 18:24:24.926253: | cleartext fragment 4c 28 1d f0 38 34 59 7c 68 18 89 45 53 47 cb 2a Aug 26 18:24:24.926255: | cleartext fragment e8 b9 1d d8 5f d9 52 4a d1 53 4f 2e 95 7a Aug 26 18:24:24.926257: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.926259: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.926260: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.926262: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:24.926264: | emitting length of ISAKMP Message: 539 Aug 26 18:24:24.926269: | **emit ISAKMP Message: Aug 26 18:24:24.926272: | initiator cookie: Aug 26 18:24:24.926275: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.926277: | responder cookie: Aug 26 18:24:24.926279: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926282: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:24.926285: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.926292: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.926298: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:24.926300: | Message ID: 1 (0x1) Aug 26 18:24:24.926303: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:24.926305: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:24.926308: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.926310: | flags: none (0x0) Aug 26 18:24:24.926313: | fragment number: 5 (0x5) Aug 26 18:24:24.926315: | total fragments: 5 (0x5) Aug 26 18:24:24.926318: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:24.926322: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.926325: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:24.926328: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:24.926332: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:24.926335: | cleartext fragment d4 5c 86 b5 b6 06 bd f6 fe fa b7 b9 78 17 d2 2b Aug 26 18:24:24.926338: | cleartext fragment 2d 12 ac 78 b2 ff 1c e3 c1 6d fe 4e 07 9b dd 9a Aug 26 18:24:24.926341: | cleartext fragment d1 9f f1 80 c1 be 46 0c 58 c5 4b 7b 48 60 12 e5 Aug 26 18:24:24.926344: | cleartext fragment a0 e6 9f b4 30 1a 79 4f 10 89 7f 84 1b 5b a9 a7 Aug 26 18:24:24.926349: | cleartext fragment 69 0c 67 20 0b 95 2c df be 7d eb 70 bf ce d0 f9 Aug 26 18:24:24.926351: | cleartext fragment 68 70 a6 35 c3 11 59 d2 d2 cd b1 4c 0e cb 98 56 Aug 26 18:24:24.926354: | cleartext fragment 3d d9 b5 b4 1c 16 03 c4 ad 08 77 21 8e b0 dd 93 Aug 26 18:24:24.926357: | cleartext fragment c1 ea 76 02 3f 4e 1d 44 64 2c 00 00 a4 02 00 00 Aug 26 18:24:24.926359: | cleartext fragment 20 01 03 04 02 5c 2f 00 b5 03 00 00 0c 01 00 00 Aug 26 18:24:24.926362: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Aug 26 18:24:24.926365: | cleartext fragment 20 02 03 04 02 5c 2f 00 b5 03 00 00 0c 01 00 00 Aug 26 18:24:24.926367: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Aug 26 18:24:24.926370: | cleartext fragment 30 03 03 04 04 5c 2f 00 b5 03 00 00 0c 01 00 00 Aug 26 18:24:24.926373: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 18:24:24.926375: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Aug 26 18:24:24.926378: | cleartext fragment 30 04 03 04 04 5c 2f 00 b5 03 00 00 0c 01 00 00 Aug 26 18:24:24.926381: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 18:24:24.926384: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Aug 26 18:24:24.926386: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Aug 26 18:24:24.926389: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Aug 26 18:24:24.926392: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Aug 26 18:24:24.926395: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:24.926398: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:24.926401: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:24.926404: | emitting length of IKEv2 Encrypted Fragment: 366 Aug 26 18:24:24.926407: | emitting length of ISAKMP Message: 394 Aug 26 18:24:24.926419: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.926424: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:24.926430: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:24.926434: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:24.926437: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:24.926440: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:24.926446: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:24.926452: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:24.926457: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:24.926467: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:24.926469: | sending fragments ... Aug 26 18:24:24.926476: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.926479: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926481: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:24.926484: | 00 01 00 05 99 f8 a6 0e 20 e6 77 eb 71 c3 02 c5 Aug 26 18:24:24.926486: | 35 1f a3 3f 15 7f 29 4e 78 20 9a ab e1 ea c1 5c Aug 26 18:24:24.926489: | bb 68 29 32 d7 82 13 fe 95 21 88 8b d1 bd 01 e4 Aug 26 18:24:24.926493: | 1c 6b 15 6e ae bc 08 3a 32 9d 9e cc 13 8c 24 50 Aug 26 18:24:24.926496: | c2 44 25 74 2b 0d 41 99 ed 99 ea 27 5d f6 ba c2 Aug 26 18:24:24.926498: | 22 1c e2 68 fe e7 77 f0 d7 49 77 0e 3d 6f e7 11 Aug 26 18:24:24.926501: | b2 f5 e3 7f df 86 a0 44 c4 ee ad 54 d2 29 e9 bf Aug 26 18:24:24.926503: | 64 ec 7c e7 37 78 ec 18 2b a8 af 79 e1 e4 be 16 Aug 26 18:24:24.926506: | be 18 e5 4a d0 54 c3 fd 43 9c 16 2e e9 ef 60 a7 Aug 26 18:24:24.926508: | 80 e9 c6 7a 59 09 33 14 f4 af 40 12 bb 61 80 54 Aug 26 18:24:24.926511: | 6b f2 cb c7 82 f7 90 81 76 9c 93 66 c7 36 9e a4 Aug 26 18:24:24.926513: | 9c 2d 27 0f ab af 86 cf 4c ea 92 5e 89 b2 2a 87 Aug 26 18:24:24.926516: | 75 66 f4 79 52 13 82 9e 9b a0 49 1f 6f 0e d3 e9 Aug 26 18:24:24.926518: | 30 a5 54 4f e7 6d 0d 40 cb 9b 42 78 87 5e 3b 3a Aug 26 18:24:24.926521: | 77 2d 5a b0 8f 69 78 fe e8 ed c2 e0 f9 e0 64 ca Aug 26 18:24:24.926523: | 29 cf 90 77 c1 a0 03 b7 f9 bd a8 46 6f 19 94 57 Aug 26 18:24:24.926526: | 01 5f 52 ea 03 05 94 bb 3d b1 50 07 3e 5c 1d aa Aug 26 18:24:24.926528: | bc f8 0a 6b e2 08 0e a9 3c b3 2e 96 f6 fb cd 25 Aug 26 18:24:24.926531: | 3e 7e ba 50 1e 59 60 5c 26 6d de 4c b7 ca fa 62 Aug 26 18:24:24.926533: | 55 7b 27 3a 3e 40 82 88 ea 5a db 8c 01 93 c2 ce Aug 26 18:24:24.926536: | e4 08 68 e6 f3 72 56 fa a6 84 a3 67 9a 63 15 e7 Aug 26 18:24:24.926538: | 74 8d d8 4b e8 59 b8 f7 ed c8 15 81 aa 43 d9 9b Aug 26 18:24:24.926541: | ee 21 ed ce 76 8a 55 1c dd 85 3c c0 60 67 c3 66 Aug 26 18:24:24.926544: | 57 eb 9c e3 ce eb fd 29 39 4a 7f 5e 7b 2d 00 2d Aug 26 18:24:24.926546: | ac 31 75 f7 72 27 da ad a5 c9 53 00 7d 49 3f c4 Aug 26 18:24:24.926549: | 95 a7 9f ba 30 86 5c d6 fe 32 14 b2 b0 83 c3 07 Aug 26 18:24:24.926552: | 01 2e cb 07 98 35 a4 a4 a0 37 69 10 33 35 e9 64 Aug 26 18:24:24.926554: | 1a b7 8f 90 ef 38 2d b5 95 04 5c 2b 25 a7 5b 16 Aug 26 18:24:24.926557: | 0d 41 aa dd 3c 8c 23 39 77 a6 c1 c6 2a 81 40 6c Aug 26 18:24:24.926559: | 12 fd 9c af 3e 2d 59 e3 2a 51 89 ee 8b 91 34 57 Aug 26 18:24:24.926562: | 29 cd 2c c6 68 ba 66 eb 70 c6 f0 a7 35 79 b1 c4 Aug 26 18:24:24.926564: | 73 9b 2b 31 97 0b 41 cf 17 d5 31 Aug 26 18:24:24.926932: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.926939: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.926943: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.926945: | 00 02 00 05 ad a1 de 45 c8 e0 54 4e c6 2c d9 d8 Aug 26 18:24:24.926948: | 70 68 e0 48 6f 3f 2c ff e4 1d bb 1e f8 19 2e 02 Aug 26 18:24:24.926950: | 0d f5 2d 3e 9f 9a 76 df e9 fd 16 8e 9c fd 51 ac Aug 26 18:24:24.926953: | 04 b5 8c 5a fc 5c da 1e b6 9a fb 2a bb a8 70 c2 Aug 26 18:24:24.926956: | ce e4 e5 da ca 40 94 53 3c c6 87 18 14 b8 b8 1d Aug 26 18:24:24.926958: | a4 0c 71 a1 aa 13 60 0f c8 07 fd 1d f7 70 af 53 Aug 26 18:24:24.926960: | 3e df 6b 7c 3a e9 77 25 72 b8 f3 f6 ea dc 16 b2 Aug 26 18:24:24.926963: | 6b d7 db 16 47 5d 7b 67 d3 7b 1f f9 d5 41 00 34 Aug 26 18:24:24.926966: | 49 c3 a1 ba 8d 52 ad 72 01 9a 14 90 80 2f a2 15 Aug 26 18:24:24.926968: | dc 5d c8 b8 29 3c 25 56 67 c5 61 55 8c 1a c7 f4 Aug 26 18:24:24.926971: | e6 64 99 ef 6e 36 89 6e 75 57 2d 7b 93 13 2f 82 Aug 26 18:24:24.926973: | 26 9b 86 13 34 98 de 4a fa ec 8f f3 d7 8a 56 cd Aug 26 18:24:24.926976: | 0b 79 40 1c a7 b6 a9 2e 4d 2f 25 eb e8 03 f4 0e Aug 26 18:24:24.926978: | 3b fd 33 5e e4 db 7b bf 3f 17 88 68 20 68 6c 6a Aug 26 18:24:24.926981: | 07 50 3f a3 5a 92 80 0c ff 8b ea 93 e8 ae 1c f8 Aug 26 18:24:24.926983: | 03 08 d5 66 52 1a 6c 74 21 a4 b8 ef e0 53 0d 57 Aug 26 18:24:24.926986: | af 30 fd db 17 bd ee 4b bc 73 2a 78 2f 14 d0 be Aug 26 18:24:24.926989: | 52 e1 c7 ba f9 4d e4 5b 21 71 37 8f db 4d 50 97 Aug 26 18:24:24.926991: | cc 47 a0 29 85 d1 f4 98 8a b1 53 bd 7f 5a 05 00 Aug 26 18:24:24.926994: | 85 c2 c8 20 e9 1a f5 d5 15 97 d5 23 b0 02 db c9 Aug 26 18:24:24.927001: | ce f7 9d 40 ba 7a c5 bd b4 39 ec b0 c7 5e de 45 Aug 26 18:24:24.927004: | f1 76 6b bc a1 79 34 8f a6 54 8d 77 1a 0d 7e 1c Aug 26 18:24:24.927006: | 7c 27 fe 5a 28 16 00 ec 46 b6 fa 11 39 41 b9 03 Aug 26 18:24:24.927009: | 28 05 9c 25 9e 4f 2b 91 30 ba 12 bf 14 72 a1 e1 Aug 26 18:24:24.927011: | bd 01 d6 b4 b1 3c 37 fc b1 ec c4 64 33 d1 47 d8 Aug 26 18:24:24.927014: | 73 c0 21 03 8f b0 66 af 65 67 d6 b5 df 1d 8d f3 Aug 26 18:24:24.927016: | e2 ea f0 34 e2 f4 63 42 c3 cc f4 ca de c6 bc 2f Aug 26 18:24:24.927019: | 10 13 a2 4f 60 03 2e b6 ac d3 11 5b 9f ae d9 88 Aug 26 18:24:24.927021: | 1b 81 c6 91 52 7f ad b4 7d 0f ea cb 86 9b 55 a3 Aug 26 18:24:24.927024: | 46 17 8b 18 ec 18 ac 54 1e 50 73 d5 32 1f 5b c0 Aug 26 18:24:24.927026: | 4a a5 11 1f 13 3a ab cc 2f ab d9 12 b8 66 33 8c Aug 26 18:24:24.927028: | fd b2 8f 07 e8 9d 14 f6 50 0e af Aug 26 18:24:24.927305: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.927312: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927315: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.927318: | 00 03 00 05 7f 1c 53 03 c6 d9 57 e0 d1 c2 32 97 Aug 26 18:24:24.927320: | d2 93 82 7d 9b 41 a3 8d 49 d1 4c ef 39 ea 9b 4d Aug 26 18:24:24.927323: | 19 47 d6 bc 48 3d 2b 77 31 4d e6 16 80 27 ab a3 Aug 26 18:24:24.927325: | a1 db 66 b2 9a 0b 25 a5 10 67 e2 5f 36 97 a8 2c Aug 26 18:24:24.927328: | 55 24 b2 08 f0 f7 d8 9f e6 87 77 c2 70 53 98 3c Aug 26 18:24:24.927330: | 5c bf f7 1b df dd 3a 5d 12 25 01 58 6f ff 68 5c Aug 26 18:24:24.927333: | 52 61 83 84 a9 09 e3 7a 2d 90 ea a9 0d 20 94 22 Aug 26 18:24:24.927335: | 8c 6f 66 e9 af f3 4d d0 df 66 fc b2 c6 d7 40 fb Aug 26 18:24:24.927338: | be d9 eb 20 ab 96 f8 78 e3 e1 5d ff 9d c0 12 08 Aug 26 18:24:24.927341: | ce ee 31 e5 f2 d8 fc 8f 8f 90 29 1d 43 b6 bd f6 Aug 26 18:24:24.927343: | 7e 8c 29 c4 16 98 14 27 e5 57 37 78 a7 08 b6 45 Aug 26 18:24:24.927346: | 3d 83 70 42 cd 25 69 37 50 16 41 f7 3e c0 1e 6d Aug 26 18:24:24.927348: | 71 2e bf 12 02 87 5b 3f fe ae 09 f7 d4 b6 27 6b Aug 26 18:24:24.927351: | a8 6e e2 08 4f 48 3b 44 04 d9 2b c1 12 4c e8 c0 Aug 26 18:24:24.927353: | 7e f6 75 d9 33 8a 66 c5 b6 95 2b ac de 86 86 31 Aug 26 18:24:24.927356: | ea a5 4d 64 b5 98 0a ad d7 de c5 06 0b af 27 d6 Aug 26 18:24:24.927358: | d0 0c 47 77 aa 15 8e 59 93 7b 65 f4 e6 5d bc a7 Aug 26 18:24:24.927361: | 04 16 59 c0 4d 6b 98 d0 32 f6 32 0a f8 8c 9c 63 Aug 26 18:24:24.927363: | dd 1b d0 c1 1f 4e e3 b8 57 c9 64 a4 c2 2c 26 23 Aug 26 18:24:24.927366: | 9e d0 a6 2a af 68 3f 02 52 ea 72 d5 66 5c 39 6a Aug 26 18:24:24.927368: | 2f 11 2e d4 64 1a ff cb fe de 10 25 62 73 49 df Aug 26 18:24:24.927371: | 46 97 c6 ac 2c 70 12 1c 04 3a 9e 90 e3 c6 e8 f2 Aug 26 18:24:24.927373: | ac c9 35 4b b6 67 af 2b 55 29 66 46 1d 4b b4 da Aug 26 18:24:24.927376: | 70 e6 d2 c7 6a a7 95 5f 35 d0 f6 a7 35 02 e7 31 Aug 26 18:24:24.927378: | f6 66 84 1d 6a a3 c6 d3 b4 b9 60 8d 7d da 38 d1 Aug 26 18:24:24.927381: | 6d d9 0b 8a b9 8e ce eb fa e5 a9 26 c0 34 ad 7a Aug 26 18:24:24.927383: | ae 1e 39 88 77 41 2e 20 64 f6 75 7e 84 b9 58 a1 Aug 26 18:24:24.927386: | ea 4a 3a 28 84 1a 31 4c 7f 13 fd 74 e4 dc ba a7 Aug 26 18:24:24.927389: | 80 e5 66 4c 0c 7a 5b f0 11 55 44 bd d2 12 7e 13 Aug 26 18:24:24.927391: | a5 bd b7 6b d4 0d b9 76 d0 19 e1 08 91 59 c7 6d Aug 26 18:24:24.927394: | a1 85 ea 46 3b fe 63 61 cd 83 3e bc cb 0d 3c e3 Aug 26 18:24:24.927396: | e7 71 d5 45 c9 2f a6 b8 f2 f5 7b Aug 26 18:24:24.927660: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.927665: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.927668: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.927671: | 00 04 00 05 77 7a 6d c2 d1 62 52 bc f5 63 83 2f Aug 26 18:24:24.927675: | 8d 88 7c ad 9a 37 74 d6 eb dc a2 28 75 53 75 21 Aug 26 18:24:24.927677: | 89 ef bf 9e e1 dc bd 05 75 f9 7c 8d b1 47 06 e3 Aug 26 18:24:24.927680: | 4a df bb c2 80 a9 58 67 43 6e 49 b2 3b b3 39 f7 Aug 26 18:24:24.927682: | c9 7a 31 84 60 cf 1c 7f 56 d7 2f 5d 94 33 1f d0 Aug 26 18:24:24.927685: | 06 88 72 c6 70 25 58 5a e0 3e fc 07 b3 ba bf 4c Aug 26 18:24:24.927688: | 01 04 2f 68 d7 61 ea 64 6d c1 94 1c 26 59 27 de Aug 26 18:24:24.927690: | a2 a0 ba 6d 2d 51 72 1a b5 9f 7b 0d 33 4a 3c d5 Aug 26 18:24:24.927693: | 86 54 7f 4a dc 3f 92 b6 da d4 57 30 50 55 1c b2 Aug 26 18:24:24.927695: | 1c be be d5 54 2c c0 a1 28 2a 7a 79 24 2b 7d fc Aug 26 18:24:24.927698: | e0 44 94 70 a2 03 96 d9 32 9e 18 08 54 f9 55 10 Aug 26 18:24:24.927700: | 22 a9 ab f5 74 2e ae 36 a5 4f 84 89 9c dc e7 30 Aug 26 18:24:24.927703: | ed 4c b9 da 3d 90 ee 33 47 92 93 92 de de a4 c0 Aug 26 18:24:24.927706: | ea ed 5c 8d dc 9c 00 10 86 4e d5 da 4c d6 fb 6d Aug 26 18:24:24.927708: | 7f b3 23 f0 29 56 87 a1 0f 8a e2 d7 3c c2 68 33 Aug 26 18:24:24.927711: | 0b ad 6c ec 57 4f 26 39 ca 73 f7 c6 80 57 1b 21 Aug 26 18:24:24.927714: | 45 b2 b5 66 db b2 f1 a5 ff 34 b5 9f 1a 92 0c d5 Aug 26 18:24:24.927716: | e8 be 4d 68 df 43 e0 5b 69 0a d9 c1 da 2b 2c e7 Aug 26 18:24:24.927718: | 28 26 ab c0 a9 26 a2 03 3f ff 62 23 fe fd 69 99 Aug 26 18:24:24.927721: | 50 70 8b f0 1d 3e 8f 03 c9 17 39 60 7a 18 78 3a Aug 26 18:24:24.927723: | 4b e8 6b 1b 83 3a a3 91 9d ed 8b 60 7e 62 4f ef Aug 26 18:24:24.927726: | 5a 0f f9 5f 34 d3 27 40 e5 14 88 e6 21 f8 15 7d Aug 26 18:24:24.927728: | 77 b5 dc 39 0e 1f 41 c2 9e 0e 75 ae 95 ce 0d 65 Aug 26 18:24:24.927730: | 82 71 d1 3d a9 36 d4 99 05 d2 e9 b7 9e 73 47 c0 Aug 26 18:24:24.927733: | 58 6a d9 bd ec 0f 9d 54 35 00 25 2e 39 bc 97 cc Aug 26 18:24:24.927735: | c4 97 a8 2c 6c 8e da 15 bd 71 20 c1 0b d6 e3 ce Aug 26 18:24:24.927738: | 46 92 8c c7 c5 77 2f ac 7f 77 d5 67 ac 62 31 8d Aug 26 18:24:24.927741: | 17 71 7b 2b 49 09 03 2d d4 0c 26 c5 b8 49 99 ca Aug 26 18:24:24.927743: | 57 b7 fd b8 67 c5 51 3c 35 1a 8d 76 d9 ed 70 5a Aug 26 18:24:24.927746: | 3c 47 32 82 11 d8 99 f2 a2 90 ad 01 94 a7 91 cb Aug 26 18:24:24.927748: | df a5 5b 5e 4f ba c9 e1 7a e8 f6 c6 a4 25 20 b8 Aug 26 18:24:24.927751: | 00 2a 9d 74 46 15 33 85 3d b5 cc Aug 26 18:24:24.928010: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:24.928014: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.928017: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 18:24:24.928019: | 00 05 00 05 67 d0 bb 67 d0 7f 2f 60 e5 29 d8 ed Aug 26 18:24:24.928022: | 65 56 05 27 35 4d df cb c3 e5 48 63 d3 d1 30 a7 Aug 26 18:24:24.928024: | 95 d3 dc f1 10 b7 b5 39 fb 11 92 d6 2f 5a 26 bd Aug 26 18:24:24.928027: | d4 9a 30 3f 42 7d 75 1f 47 7f f6 a9 9f ce 18 7d Aug 26 18:24:24.928030: | d0 cf aa 0a 1d 81 be 3d 79 0a 28 26 fa ba ae 5f Aug 26 18:24:24.928032: | 6a 8c 59 5c 38 ed 33 e2 29 33 ed 53 51 9c df a6 Aug 26 18:24:24.928035: | f8 a8 d2 ab 8f 63 55 88 35 36 66 40 a1 22 c6 c6 Aug 26 18:24:24.928037: | 2c cf 75 c6 d8 a5 08 d5 94 fa 5f c3 87 4a 49 02 Aug 26 18:24:24.928040: | 7f 27 cd 46 d1 0b 83 8b 19 92 64 fe d2 d5 9d 4a Aug 26 18:24:24.928042: | 85 03 8a e6 a8 45 00 be d4 3f 86 0c 05 96 dc db Aug 26 18:24:24.928045: | 59 28 29 67 cc 75 d6 f7 32 b5 fa 0c af 6e aa eb Aug 26 18:24:24.928048: | 37 17 f5 3b 0d 05 37 a0 9f d5 69 5d 8f b0 f8 06 Aug 26 18:24:24.928050: | 33 4e 8a ea e5 8c b3 a5 9e 89 63 a2 23 7e f5 ec Aug 26 18:24:24.928053: | e2 5a 13 8a 71 2f 6c ba ef a1 1d 8f be 32 9b 25 Aug 26 18:24:24.928055: | 25 46 39 31 d2 08 c7 b6 71 f7 be ef 60 55 95 da Aug 26 18:24:24.928058: | 19 0f fa 6c f8 86 da 25 41 fd f4 2a e6 bf a7 34 Aug 26 18:24:24.928060: | 0d f6 38 73 66 30 d5 40 d9 af 34 7e ad 9f 58 db Aug 26 18:24:24.928065: | 57 40 de 57 1c d6 be ba 98 d9 f8 04 13 e7 b2 75 Aug 26 18:24:24.928067: | d4 8e 09 29 16 8d e3 82 78 ad ec fe 60 bd 9f 23 Aug 26 18:24:24.928070: | 3d e7 55 91 8f 74 44 39 5b 3d cc 26 f9 c5 03 22 Aug 26 18:24:24.928072: | d8 8f b8 65 7a 3d 8c 0f 02 60 98 8d 86 2b 4d 94 Aug 26 18:24:24.928074: | cf 2d e3 64 e8 9a 84 97 8a 1c a9 20 70 ed 56 1c Aug 26 18:24:24.928077: | 38 b8 09 e8 c1 73 63 20 d7 4f Aug 26 18:24:24.928371: | sent 5 fragments Aug 26 18:24:24.928424: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:24.928429: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:24.928440: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fcadc002b78 Aug 26 18:24:24.928444: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:24:24.928448: | libevent_malloc: new ptr-libevent@0x56371f10a4b8 size 128 Aug 26 18:24:24.928454: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29150.670905 Aug 26 18:24:24.928460: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:24.928466: | #1 spent 1.84 milliseconds Aug 26 18:24:24.928470: | #1 spent 11 milliseconds in resume sending helper answer Aug 26 18:24:24.928475: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:24.928480: | libevent_free: release ptr-libevent@0x7fcad4000f48 Aug 26 18:24:24.987263: | spent 0.0025 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.987282: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.987285: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987287: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 18:24:24.987348: | 00 01 00 05 9b 26 60 18 08 a3 04 f9 aa 4f 27 ac Aug 26 18:24:24.987353: | 76 ac 2a f2 39 f6 b0 a1 42 79 43 b4 04 00 26 3f Aug 26 18:24:24.987359: | 13 07 93 ac 53 df 7a 36 d5 cc 9a 62 1f ac 1b 0d Aug 26 18:24:24.987368: | 99 88 1c c6 1d 97 ee 27 91 11 85 1a de 1c 39 19 Aug 26 18:24:24.987371: | 4f 82 68 d2 07 83 7d 2f 96 12 8b 99 47 6d 3b 01 Aug 26 18:24:24.987373: | be 3d 97 f6 1c 7c 6c 24 50 dc b1 d7 ac 96 a7 c9 Aug 26 18:24:24.987376: | e3 59 77 7b 5d b9 15 20 eb 9a 53 55 a2 08 f6 15 Aug 26 18:24:24.987378: | 14 2f f5 70 c3 d6 65 db 69 60 55 5d 77 05 fc e9 Aug 26 18:24:24.987380: | 26 65 24 7e 39 f6 c4 0f 45 bb 4c e5 66 18 37 13 Aug 26 18:24:24.987382: | 74 69 96 d8 60 ea 1c cf b7 ae 32 eb 38 f2 e7 de Aug 26 18:24:24.987385: | be f9 b3 dc 8f fa 95 7e 83 df 07 9c 48 c8 0a 24 Aug 26 18:24:24.987387: | 34 7c 31 16 ae 43 ee 1a ef 82 1a 20 c9 68 23 c3 Aug 26 18:24:24.987389: | ad 6e b7 5c 81 02 56 9f e6 29 99 2e 38 bf 56 46 Aug 26 18:24:24.987391: | 44 52 d1 c1 30 a4 6b ca 95 95 eb b1 67 3c f3 f3 Aug 26 18:24:24.987394: | bb ce d4 ef 63 b2 73 6a 3d a2 59 dd 37 3a f6 9e Aug 26 18:24:24.987396: | 15 17 68 ea 59 11 af 50 e0 e1 e2 7c 6b 64 80 56 Aug 26 18:24:24.987398: | 99 bd 30 cf 3c 06 3b cc d4 d7 86 6f 25 0d 67 73 Aug 26 18:24:24.987401: | 7d 36 84 ab f2 e9 d6 4f a2 86 ad 9d 32 6e fa 44 Aug 26 18:24:24.987403: | 13 ab c0 c9 c7 fb 63 34 b7 54 b2 29 f5 f5 a8 52 Aug 26 18:24:24.987405: | 5c ac 4e 41 dc 31 39 86 bf 57 22 e8 fd b2 c0 64 Aug 26 18:24:24.987407: | b0 6c 4e 51 ce 95 20 13 69 bd 51 4a a9 2e 3c ba Aug 26 18:24:24.987410: | 4d ac 08 14 9f 5b a7 a6 b8 5e ed 0a d7 3e 63 19 Aug 26 18:24:24.987412: | ac 86 df 63 bb bb 7b 91 dd 2d f2 fa ab 64 b0 d5 Aug 26 18:24:24.987414: | 07 51 f0 a1 06 97 c0 2b a9 ec 58 ba 0e 13 9b f4 Aug 26 18:24:24.987417: | c7 1e a5 83 78 c0 48 66 cd 11 fe 27 dd b8 b1 b4 Aug 26 18:24:24.987419: | 86 c4 81 aa b5 96 71 2f 33 72 70 56 05 bd 05 6f Aug 26 18:24:24.987422: | ad 75 4b c3 6d 63 3e d6 34 3f f7 ce f4 92 17 7a Aug 26 18:24:24.987427: | 96 3e 25 22 89 50 79 33 04 96 c8 19 5f 17 68 a6 Aug 26 18:24:24.987429: | 28 4c c7 17 34 ad 60 4c aa 5d 00 63 f0 f8 51 a8 Aug 26 18:24:24.987431: | f2 ca 4a 5d e1 0d a4 d1 51 c8 b2 61 68 84 d7 b1 Aug 26 18:24:24.987433: | a1 19 01 ed c3 d3 bb 8f 02 2d 67 36 bd 9c 65 62 Aug 26 18:24:24.987435: | e3 ae 6d 51 2d cb be 80 bd 74 c3 Aug 26 18:24:24.987440: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.987444: | **parse ISAKMP Message: Aug 26 18:24:24.987448: | initiator cookie: Aug 26 18:24:24.987450: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.987452: | responder cookie: Aug 26 18:24:24.987455: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987457: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.987460: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.987462: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.987465: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.987468: | Message ID: 1 (0x1) Aug 26 18:24:24.987470: | length: 539 (0x21b) Aug 26 18:24:24.987473: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.987477: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:24.987481: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:24.987488: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.987492: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:24.987496: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987500: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987503: | #2 is idle Aug 26 18:24:24.987505: | #2 idle Aug 26 18:24:24.987508: | unpacking clear payload Aug 26 18:24:24.987510: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.987513: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.987516: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:24.987519: | flags: none (0x0) Aug 26 18:24:24.987521: | length: 511 (0x1ff) Aug 26 18:24:24.987523: | fragment number: 1 (0x1) Aug 26 18:24:24.987526: | total fragments: 5 (0x5) Aug 26 18:24:24.987528: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.987531: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:24.987534: | received IKE encrypted fragment number '1', total number '5', next payload '36' Aug 26 18:24:24.987538: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 18:24:24.987544: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.987549: | #1 spent 0.216 milliseconds in ikev2_process_packet() Aug 26 18:24:24.987553: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:24.987557: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.987560: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.987564: | spent 0.232 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.987573: | spent 0.00149 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.987583: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.987586: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987588: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.987591: | 00 02 00 05 57 c9 52 c7 bf 2c a4 4a 2c 28 c9 8a Aug 26 18:24:24.987593: | ce 6b 0c 48 4e cb c5 0e 39 0f c4 51 fd 72 86 55 Aug 26 18:24:24.987595: | 3a b6 aa 22 e1 e7 9d 0e b8 92 2f 84 12 17 29 0f Aug 26 18:24:24.987598: | a3 5b 4e ed 56 4f 18 13 a2 77 62 8e c7 f3 87 4d Aug 26 18:24:24.987602: | 79 8c e3 3c 47 e4 71 07 24 3b 78 ba 18 56 7e 65 Aug 26 18:24:24.987605: | 5c 3b c8 23 d8 b3 51 34 fd ee e5 d7 b9 c0 18 66 Aug 26 18:24:24.987607: | e7 75 06 08 24 81 11 71 8c 27 7e be 2c ed b2 55 Aug 26 18:24:24.987610: | cc 4f 38 a0 72 4c fc 50 b6 38 3f 82 66 f7 0b f6 Aug 26 18:24:24.987612: | 17 f2 4a 57 d0 44 ac 62 5a b5 27 a6 95 d4 fe 21 Aug 26 18:24:24.987614: | e2 21 9a 90 c7 13 4f 02 0d ab d7 fb 5f 93 04 e6 Aug 26 18:24:24.987617: | a4 ee 49 9e 50 ca 0b 5d a6 ba d8 4e d7 6f 30 d9 Aug 26 18:24:24.987620: | 03 03 f9 e5 75 63 40 ee 07 96 eb e1 39 21 b6 79 Aug 26 18:24:24.987622: | 9e c6 f2 78 9e 50 a7 e9 60 42 44 70 1a 32 df 46 Aug 26 18:24:24.987624: | ff 8b 2d c2 90 74 a3 83 eb 87 ff e9 56 60 c4 fb Aug 26 18:24:24.987627: | 8a 5c f6 18 b1 83 85 1d c2 e8 2e 58 3c 4a 9e f8 Aug 26 18:24:24.987629: | 58 fd da f4 dd da e7 07 da 42 99 cf 93 b9 5a 77 Aug 26 18:24:24.987632: | 3a 39 6a 38 d6 be c0 9e ec bf 5d 86 7b 29 89 f9 Aug 26 18:24:24.987634: | 22 0c 82 88 40 25 04 b3 3d 9d 94 0b f1 c3 22 55 Aug 26 18:24:24.987636: | cc e1 bc e1 c5 96 73 76 c4 46 31 4c 51 08 ac aa Aug 26 18:24:24.987639: | 02 54 c9 a3 49 28 21 f9 d2 78 7d 76 ad 33 76 c2 Aug 26 18:24:24.987641: | b2 96 b3 9e bd cc e3 16 0d 9a 5d f8 e1 0b 89 b9 Aug 26 18:24:24.987643: | 51 76 0a 89 19 b8 2f 31 56 1a fe a4 7b 9f 8f 8a Aug 26 18:24:24.987645: | be 72 c7 ab 18 df df 7a 3e 7b 90 dc 68 14 39 3f Aug 26 18:24:24.987647: | 95 09 cf 60 d4 93 1f 0f fc 0e 39 93 3d a0 5c ad Aug 26 18:24:24.987649: | ab ce 02 34 ba bf 28 3d 4e 9e c7 22 a2 f0 84 fb Aug 26 18:24:24.987651: | 3a b4 03 50 5b 20 ff c0 77 db 24 48 8b 42 67 5d Aug 26 18:24:24.987653: | e9 7e 08 73 72 74 1f 01 6a d8 5f 2b 0e 4a b6 29 Aug 26 18:24:24.987655: | 50 a5 ca 9f 2e 18 6d a0 a2 a0 12 e0 be 06 90 8f Aug 26 18:24:24.987658: | 38 ec 7c 0f 7e 72 95 30 a2 b8 7d 55 63 82 57 4f Aug 26 18:24:24.987660: | 48 67 7e 19 3e 54 36 66 82 98 da b5 65 89 f5 d3 Aug 26 18:24:24.987662: | 25 d7 69 13 78 c2 5e 98 6b aa b8 63 e1 60 47 0d Aug 26 18:24:24.987664: | 07 a4 8f bc 0e 21 49 96 e0 37 8a Aug 26 18:24:24.987667: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.987670: | **parse ISAKMP Message: Aug 26 18:24:24.987673: | initiator cookie: Aug 26 18:24:24.987675: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.987677: | responder cookie: Aug 26 18:24:24.987679: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987681: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.987684: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.987686: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.987688: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.987691: | Message ID: 1 (0x1) Aug 26 18:24:24.987693: | length: 539 (0x21b) Aug 26 18:24:24.987695: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.987698: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:24.987701: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:24.987706: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.987708: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:24.987712: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987715: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987718: | #2 is idle Aug 26 18:24:24.987720: | #2 idle Aug 26 18:24:24.987722: | unpacking clear payload Aug 26 18:24:24.987724: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.987727: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.987729: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.987733: | flags: none (0x0) Aug 26 18:24:24.987736: | length: 511 (0x1ff) Aug 26 18:24:24.987738: | fragment number: 2 (0x2) Aug 26 18:24:24.987740: | total fragments: 5 (0x5) Aug 26 18:24:24.987743: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.987745: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:24.987748: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 18:24:24.987752: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.987756: | #1 spent 0.179 milliseconds in ikev2_process_packet() Aug 26 18:24:24.987760: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:24.987764: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.987767: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.987771: | spent 0.194 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.987780: | spent 0.00159 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.987790: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.987794: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987797: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.987800: | 00 03 00 05 2f 97 16 a2 05 7d c9 0a 5d f6 61 f3 Aug 26 18:24:24.987803: | 06 ad 45 80 8f c7 03 56 7b 1e 32 47 a0 94 62 3e Aug 26 18:24:24.987806: | fd 82 69 7d c0 54 9a 9d bd 0d 33 99 7c e0 51 f6 Aug 26 18:24:24.987809: | 39 e0 08 61 8f 05 11 49 48 1f ec ef 31 62 2e 64 Aug 26 18:24:24.987812: | cf 41 76 d4 41 29 d9 2f 4d 2d 64 76 f3 a2 d1 67 Aug 26 18:24:24.987815: | f7 eb f4 10 a9 db a4 07 a6 b5 0d 33 b0 e0 10 68 Aug 26 18:24:24.987818: | 9d ca 22 2f 9f c6 63 88 96 af 1f 4f fa c4 03 3c Aug 26 18:24:24.987821: | 67 b5 56 24 73 ff 76 2f 2e 59 be ae a5 80 59 51 Aug 26 18:24:24.987824: | 32 62 88 90 03 53 17 fd 69 1e 6e 9a de 19 04 79 Aug 26 18:24:24.987826: | 74 f9 82 47 37 41 2c 58 6c 58 69 a5 9d 3d 36 8e Aug 26 18:24:24.987829: | af de cc 91 be 40 1f df 0e 6a 97 03 15 76 58 4d Aug 26 18:24:24.987832: | 37 ec 06 00 e8 dd f6 52 9b 60 31 ed 87 10 1f ce Aug 26 18:24:24.987835: | c3 dd 9d f6 56 84 e5 3c e0 86 d0 d6 8e c8 dc 24 Aug 26 18:24:24.987838: | f9 71 0f 82 d9 2c f5 b4 f4 80 f5 12 5e ac 00 d7 Aug 26 18:24:24.987841: | 6d 7b 4e bd c9 d1 03 0a 89 52 4f 56 ed 33 9c 2e Aug 26 18:24:24.987844: | f5 21 5c 08 14 a7 7b 76 b6 25 90 5d ad ad 77 54 Aug 26 18:24:24.987847: | 4f 82 f1 e0 ba 66 8c c4 56 03 12 3a de 82 f4 5d Aug 26 18:24:24.987850: | 57 bd 79 81 da 02 71 0a 84 8d c8 64 be 61 5c b5 Aug 26 18:24:24.987853: | 8a cf a2 e3 71 e9 c9 f0 24 3b c4 ae e6 5b 0b e9 Aug 26 18:24:24.987856: | 16 72 85 fd de e1 e1 b8 de b2 4f 2e 32 64 57 c3 Aug 26 18:24:24.987859: | 46 d2 b7 83 63 ad d4 8b d3 a7 9f a5 5e 62 56 5d Aug 26 18:24:24.987862: | bd d7 3b 21 1c cb a0 48 2d 75 2b 0e 07 a0 c4 75 Aug 26 18:24:24.987865: | 20 dc 60 ba 23 2e 39 31 54 18 85 af 72 09 ae 24 Aug 26 18:24:24.987867: | c1 20 54 a8 9d 1c ca 87 aa d1 81 93 bf 51 6d b9 Aug 26 18:24:24.987870: | 93 d4 ee db 97 0a d1 84 c6 ef e6 e9 9d f7 af fc Aug 26 18:24:24.987873: | 6e c0 eb ed 7b 4b 72 bb 70 38 14 51 a3 c5 18 d8 Aug 26 18:24:24.987876: | 66 ac f0 e4 21 d8 2e 42 92 7e 10 a0 a8 a2 a2 18 Aug 26 18:24:24.987879: | 00 f4 60 0f 03 40 36 f5 1d 26 92 87 e6 cf ac 3c Aug 26 18:24:24.987882: | 4c b1 25 43 51 46 35 59 03 ee 19 f7 59 45 6f 97 Aug 26 18:24:24.987885: | bd cc 4b 0d 50 2b f5 9d 48 38 05 a8 7d 2c fc 37 Aug 26 18:24:24.987888: | e4 1c a1 e3 66 23 4d 70 d5 25 1d e6 9a 80 38 73 Aug 26 18:24:24.987891: | 4f 77 6b 10 1d 80 bc 90 44 bc 8c Aug 26 18:24:24.987895: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.987899: | **parse ISAKMP Message: Aug 26 18:24:24.987904: | initiator cookie: Aug 26 18:24:24.987907: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.987909: | responder cookie: Aug 26 18:24:24.987912: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.987915: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.987918: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.987922: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.987924: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.987927: | Message ID: 1 (0x1) Aug 26 18:24:24.987931: | length: 539 (0x21b) Aug 26 18:24:24.987934: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.987937: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:24.987941: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:24.987947: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.987950: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:24.987955: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987960: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.987963: | #2 is idle Aug 26 18:24:24.987966: | #2 idle Aug 26 18:24:24.987969: | unpacking clear payload Aug 26 18:24:24.987972: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.987975: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.987978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.987981: | flags: none (0x0) Aug 26 18:24:24.987984: | length: 511 (0x1ff) Aug 26 18:24:24.987987: | fragment number: 3 (0x3) Aug 26 18:24:24.987990: | total fragments: 5 (0x5) Aug 26 18:24:24.987993: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.987996: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:24.987999: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 18:24:24.988005: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.988010: | #1 spent 0.225 milliseconds in ikev2_process_packet() Aug 26 18:24:24.988015: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:24.988019: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.988022: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.988026: | spent 0.242 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.988034: | spent 0.00168 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.988044: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.988047: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.988051: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 18:24:24.988054: | 00 04 00 05 00 a4 30 37 6a 67 8c 2f 67 f8 b4 74 Aug 26 18:24:24.988057: | 2e 05 e0 e1 1d 6f b7 36 40 39 60 66 38 66 c1 16 Aug 26 18:24:24.988060: | 76 2f bf 34 6d 36 f9 6c 5b e6 be d2 fa 7e a6 c2 Aug 26 18:24:24.988063: | 79 f2 ab af 25 e9 42 65 3f ea 87 4e 9e f7 7a d9 Aug 26 18:24:24.988066: | f5 46 55 c2 ed 57 4a 6d 77 b7 88 99 c2 fb 68 68 Aug 26 18:24:24.988069: | 8b f3 90 f0 66 6a 55 f8 82 5d 7a bf f2 b3 e7 57 Aug 26 18:24:24.988072: | ab 80 cf 81 37 e6 78 ec e2 1d 02 b0 80 ea e2 bf Aug 26 18:24:24.988075: | 44 91 16 c3 e5 90 a3 31 b8 86 52 f4 a8 11 f1 f7 Aug 26 18:24:24.988078: | 86 8c cd 85 fa 81 16 64 5a c7 93 c6 88 f8 63 05 Aug 26 18:24:24.988081: | be 20 82 c2 fe 44 db 7d dc cf 76 28 a9 23 70 04 Aug 26 18:24:24.988083: | ef c2 bc bc a9 e8 7f 8d f0 ef d0 67 54 9f b7 19 Aug 26 18:24:24.988085: | ad d1 91 58 dd 87 68 79 81 b8 89 c1 e6 5f fd bf Aug 26 18:24:24.988089: | da 83 af 46 91 e5 2b 66 65 34 0c 8b 2c e9 39 ef Aug 26 18:24:24.988091: | 80 ea 4f 1a d0 a7 23 e6 bf ef f5 ac 8e 46 d4 cc Aug 26 18:24:24.988093: | 57 49 59 a7 5f c9 1a fa 53 96 c5 96 2d b1 43 85 Aug 26 18:24:24.988095: | ef c3 91 57 75 57 d1 df 02 fb 13 e9 f0 84 74 5d Aug 26 18:24:24.988097: | 48 4e ac 8e 95 b7 c9 a2 1f 16 e4 16 00 ef 01 09 Aug 26 18:24:24.988099: | 8f c6 fa 24 88 79 0a 3d a0 0a 4b c5 75 3f 89 1e Aug 26 18:24:24.988101: | 10 f0 0a e4 c3 23 dd f1 9d 96 6a 29 87 29 88 ad Aug 26 18:24:24.988103: | c4 0d d7 6a 5c 5a 98 d4 94 27 71 f0 5b 9a 58 e6 Aug 26 18:24:24.988105: | a3 72 a5 87 ec 3a f8 dd c9 7a 78 12 c2 99 e8 6a Aug 26 18:24:24.988108: | 7f 2f cf cd aa 57 df 16 87 9c 4a 66 dd b5 14 a0 Aug 26 18:24:24.988111: | a6 ac 41 3b d9 5f 8b 08 47 b5 e2 6d 20 96 ff 49 Aug 26 18:24:24.988114: | c6 61 cf c0 d2 20 1b 5a 66 a2 57 49 2a 31 94 c6 Aug 26 18:24:24.988117: | f7 e6 28 96 2a a7 5e 23 e7 ad 74 28 bc 0c 26 8c Aug 26 18:24:24.988120: | 3a 14 89 d4 41 fa a6 a4 e6 9f e5 3b 03 0b 39 8e Aug 26 18:24:24.988123: | c8 4c 83 1a b7 b7 02 ef 7c 91 6f db ff 89 17 c0 Aug 26 18:24:24.988126: | 4f 29 e7 28 3f a1 9c ef a1 ea d6 f4 10 48 ee 1b Aug 26 18:24:24.988128: | 05 5e d3 42 5c ac a0 a7 0b 41 31 1d 13 38 62 74 Aug 26 18:24:24.988130: | 80 98 b3 cc f2 00 49 b1 1d 6b 53 62 39 8f 8f 13 Aug 26 18:24:24.988133: | 07 a0 57 04 63 d5 05 f3 08 4e ce 16 8d a9 73 0b Aug 26 18:24:24.988135: | fa d5 ab b9 42 e0 83 df a3 49 47 Aug 26 18:24:24.988138: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.988141: | **parse ISAKMP Message: Aug 26 18:24:24.988144: | initiator cookie: Aug 26 18:24:24.988146: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.988149: | responder cookie: Aug 26 18:24:24.988151: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.988154: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.988157: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.988159: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.988162: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.988165: | Message ID: 1 (0x1) Aug 26 18:24:24.988168: | length: 539 (0x21b) Aug 26 18:24:24.988171: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.988174: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:24.988178: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:24.988184: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.988187: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:24.988192: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.988196: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.988199: | #2 is idle Aug 26 18:24:24.988202: | #2 idle Aug 26 18:24:24.988204: | unpacking clear payload Aug 26 18:24:24.988207: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.988209: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.988212: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.988215: | flags: none (0x0) Aug 26 18:24:24.988217: | length: 511 (0x1ff) Aug 26 18:24:24.988220: | fragment number: 4 (0x4) Aug 26 18:24:24.988222: | total fragments: 5 (0x5) Aug 26 18:24:24.988225: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 18:24:24.988228: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:24.988231: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 18:24:24.988236: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:24.988243: | #1 spent 0.204 milliseconds in ikev2_process_packet() Aug 26 18:24:24.988248: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:24.988251: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:24.988255: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:24.988259: | spent 0.22 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:24.988267: | spent 0.00164 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:24.988276: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:24.988279: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.988282: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 18:24:24.988284: | 00 05 00 05 1b a0 ff 79 6f b8 99 d7 be e2 bf 6f Aug 26 18:24:24.988287: | fd 9f 69 df 13 7d 9f de 52 37 18 85 1c 37 35 cf Aug 26 18:24:24.988297: | 94 e0 ea 26 8c 09 06 68 e1 41 e4 1f 4f cd 60 bc Aug 26 18:24:24.988299: | 91 Aug 26 18:24:24.988304: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:24.988307: | **parse ISAKMP Message: Aug 26 18:24:24.988310: | initiator cookie: Aug 26 18:24:24.988313: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:24.988316: | responder cookie: Aug 26 18:24:24.988319: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:24.988323: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 18:24:24.988325: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:24.988328: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:24.988331: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:24.988333: | Message ID: 1 (0x1) Aug 26 18:24:24.988336: | length: 81 (0x51) Aug 26 18:24:24.988339: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:24.988342: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:24.988345: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:24.988350: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:24.988353: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:24.988357: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.988362: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:24.988364: | #2 is idle Aug 26 18:24:24.988366: | #2 idle Aug 26 18:24:24.988369: | unpacking clear payload Aug 26 18:24:24.988371: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 18:24:24.988374: | ***parse IKEv2 Encrypted Fragment: Aug 26 18:24:24.988376: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.988379: | flags: none (0x0) Aug 26 18:24:24.988381: | length: 53 (0x35) Aug 26 18:24:24.988384: | fragment number: 5 (0x5) Aug 26 18:24:24.988386: | total fragments: 5 (0x5) Aug 26 18:24:24.988389: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Aug 26 18:24:24.988391: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:24.988395: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 18:24:24.988426: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:24.988430: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:24.988433: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:24.988436: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 18:24:24.988437: | flags: none (0x0) Aug 26 18:24:24.988439: | length: 191 (0xbf) Aug 26 18:24:24.988441: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:24:24.988442: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 18:24:24.988444: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 18:24:24.988448: | **parse IKEv2 Certificate Payload: Aug 26 18:24:24.988449: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:24.988451: | flags: none (0x0) Aug 26 18:24:24.988453: | length: 1265 (0x4f1) Aug 26 18:24:24.988454: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:24.988456: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Aug 26 18:24:24.988458: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:24.988459: | **parse IKEv2 Authentication Payload: Aug 26 18:24:24.988461: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:24.988462: | flags: none (0x0) Aug 26 18:24:24.988464: | length: 392 (0x188) Aug 26 18:24:24.988466: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:24.988467: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 18:24:24.988469: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:24.988471: | **parse IKEv2 Security Association Payload: Aug 26 18:24:24.988472: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:24.988474: | flags: none (0x0) Aug 26 18:24:24.988475: | length: 36 (0x24) Aug 26 18:24:24.988477: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:24.988478: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:24.988480: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:24.988482: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:24.988483: | flags: none (0x0) Aug 26 18:24:24.988485: | length: 24 (0x18) Aug 26 18:24:24.988486: | number of TS: 1 (0x1) Aug 26 18:24:24.988488: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:24.988489: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:24.988491: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:24.988493: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:24.988494: | flags: none (0x0) Aug 26 18:24:24.988496: | length: 24 (0x18) Aug 26 18:24:24.988497: | number of TS: 1 (0x1) Aug 26 18:24:24.988499: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:24.988501: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:24.988502: | Now let's proceed with state specific processing Aug 26 18:24:24.988504: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:24.988509: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:24:24.988512: loading root certificate cache Aug 26 18:24:24.991517: | spent 2.98 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:24:24.991563: | spent 0.0294 milliseconds in get_root_certs() filtering CAs Aug 26 18:24:24.991571: | #1 spent 3.05 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:24:24.991576: | checking for known CERT payloads Aug 26 18:24:24.991579: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:24:24.991619: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.991627: | #1 spent 0.0494 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:24:24.991633: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.991681: | #1 spent 0.0467 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:24:24.991687: | missing or expired CRL Aug 26 18:24:24.991692: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:24:24.991696: | verify_end_cert trying profile IPsec Aug 26 18:24:24.991946: | certificate is valid (profile IPsec) Aug 26 18:24:24.991957: | #1 spent 0.151 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:24:24.991964: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:24:24.992474: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f110d68 Aug 26 18:24:24.992488: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f110bb8 Aug 26 18:24:24.992492: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f110a08 Aug 26 18:24:24.992496: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f110048 Aug 26 18:24:24.992499: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56371f11dfe8 Aug 26 18:24:24.992706: | unreference key: 0x56371f1228e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:24.992717: | #1 spent 0.34 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:24:24.992722: | #1 spent 4.05 milliseconds in decode_certs() Aug 26 18:24:24.992727: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:24:24.992730: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:24:24.992733: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:24:24.992735: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:24:24.992738: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:24:24.992741: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:24:24.992744: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:24:24.992746: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.992749: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:24:24.992752: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:24:24.992755: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:24:24.992757: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 18:24:24.992771: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:24.992776: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 18:24:24.992779: | X509: CERT and ID matches current connection Aug 26 18:24:24.992785: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.992792: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:24.992828: | verifying AUTH payload Aug 26 18:24:24.992850: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.992866: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:24:24.992875: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.992882: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.992889: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.993037: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 18:24:24.993045: | #1 spent 0.15 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:24.993049: "northnet-eastnets/0x1" #2: Authenticated using RSA Aug 26 18:24:24.993061: | #1 spent 0.227 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:24.993067: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:24.993072: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:24.993075: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:24.993081: | libevent_free: release ptr-libevent@0x7fcadc002888 Aug 26 18:24:24.993084: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f0fae08 Aug 26 18:24:24.993087: | event_schedule: new EVENT_SA_REKEY-pe@0x56371f0fae08 Aug 26 18:24:24.993090: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:24.993094: | libevent_malloc: new ptr-libevent@0x56371f123338 size 128 Aug 26 18:24:24.993278: | pstats #1 ikev2.ike established Aug 26 18:24:24.993286: | TSi: parsing 1 traffic selectors Aug 26 18:24:24.993317: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:24.993321: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.993324: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.993327: | length: 16 (0x10) Aug 26 18:24:24.993330: | start port: 0 (0x0) Aug 26 18:24:24.993333: | end port: 65535 (0xffff) Aug 26 18:24:24.993336: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:24.993339: | TS low c0 00 03 00 Aug 26 18:24:24.993342: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:24.993345: | TS high c0 00 03 ff Aug 26 18:24:24.993348: | TSi: parsed 1 traffic selectors Aug 26 18:24:24.993351: | TSr: parsing 1 traffic selectors Aug 26 18:24:24.993355: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:24.993358: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:24.993361: | IP Protocol ID: 0 (0x0) Aug 26 18:24:24.993363: | length: 16 (0x10) Aug 26 18:24:24.993366: | start port: 0 (0x0) Aug 26 18:24:24.993369: | end port: 65535 (0xffff) Aug 26 18:24:24.993373: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:24.993376: | TS low c0 00 02 00 Aug 26 18:24:24.993379: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:24.993382: | TS high c0 00 02 ff Aug 26 18:24:24.993385: | TSr: parsed 1 traffic selectors Aug 26 18:24:24.993392: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:24.993398: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.993405: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:24.993409: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:24.993412: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:24.993415: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:24.993419: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.993424: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:24.993431: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:24.993435: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:24.993439: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:24.993445: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:24.993449: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:24.993452: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:24.993455: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:24.993457: | printing contents struct traffic_selector Aug 26 18:24:24.993460: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:24.993463: | ipprotoid: 0 Aug 26 18:24:24.993465: | port range: 0-65535 Aug 26 18:24:24.993470: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:24.993473: | printing contents struct traffic_selector Aug 26 18:24:24.993475: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:24.993478: | ipprotoid: 0 Aug 26 18:24:24.993483: | port range: 0-65535 Aug 26 18:24:24.993487: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:24.993500: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:24.993504: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:24.993507: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:24.993509: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:24.993511: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:24.993513: | local proposal 1 type DH has 1 transforms Aug 26 18:24:24.993514: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:24.993517: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:24.993518: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:24.993520: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:24.993521: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:24.993523: | local proposal 2 type DH has 1 transforms Aug 26 18:24:24.993525: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:24.993527: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:24.993528: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:24.993530: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:24.993531: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:24.993533: | local proposal 3 type DH has 1 transforms Aug 26 18:24:24.993535: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:24.993536: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:24.993538: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:24.993540: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:24.993541: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:24.993543: | local proposal 4 type DH has 1 transforms Aug 26 18:24:24.993544: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:24.993546: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:24.993548: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:24.993550: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:24.993552: | length: 32 (0x20) Aug 26 18:24:24.993554: | prop #: 1 (0x1) Aug 26 18:24:24.993556: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:24.993557: | spi size: 4 (0x4) Aug 26 18:24:24.993559: | # transforms: 2 (0x2) Aug 26 18:24:24.993561: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:24.993562: | remote SPI c6 48 b9 13 Aug 26 18:24:24.993565: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:24.993567: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.993568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:24.993570: | length: 12 (0xc) Aug 26 18:24:24.993572: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:24.993573: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:24.993575: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:24.993577: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:24.993579: | length/value: 256 (0x100) Aug 26 18:24:24.993582: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:24.993583: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:24.993585: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:24.993587: | length: 8 (0x8) Aug 26 18:24:24.993588: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:24.993590: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:24.993593: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:24.993596: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:24.993599: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:24.993600: | remote proposal 1 matches local proposal 1 Aug 26 18:24:24.993602: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:24.993606: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=c648b913;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:24.993607: | converting proposal to internal trans attrs Aug 26 18:24:24.993612: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:24.993719: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:24.993723: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:24:24.993725: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:24.993727: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.993729: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:24.993731: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.993733: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:24.993735: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:24.993738: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:24.993740: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:24.993742: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:24.993744: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:24.993747: | setting IPsec SA replay-window to 32 Aug 26 18:24:24.993749: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:24.993751: | netlink: enabling tunnel mode Aug 26 18:24:24.993753: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:24.993755: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:24.993813: | netlink response for Add SA esp.c648b913@192.1.2.23 included non-error error Aug 26 18:24:24.993821: | set up outgoing SA, ref=0/0 Aug 26 18:24:24.993826: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:24.993830: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:24.993834: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:24.993837: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:24.993842: | setting IPsec SA replay-window to 32 Aug 26 18:24:24.993846: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:24:24.993849: | netlink: enabling tunnel mode Aug 26 18:24:24.993852: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:24.993856: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:24.994961: | netlink response for Add SA esp.5c2f00b5@192.1.3.33 included non-error error Aug 26 18:24:24.994975: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:24.994984: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:24.994987: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:24.995016: | raw_eroute result=success Aug 26 18:24:24.995023: | set up incoming SA, ref=0/0 Aug 26 18:24:24.995028: | sr for #2: unrouted Aug 26 18:24:24.995032: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:24.995036: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:24.995040: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.995044: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:24.995047: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:24.995053: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:24.995058: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:24.995063: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:24.995068: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:24.995077: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:24.995081: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:24.995097: | raw_eroute result=success Aug 26 18:24:24.995101: | running updown command "ipsec _updown" for verb up Aug 26 18:24:24.995105: | command executing up-client Aug 26 18:24:24.995138: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.995147: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:24.995175: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:24:24.995180: | popen cmd is 1406 chars long Aug 26 18:24:24.995185: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:24.995192: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 18:24:24.995196: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 18:24:24.995199: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:24.995202: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:24.995206: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 18:24:24.995210: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:24.995213: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 18:24:24.995217: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:24:24.995220: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:24.995224: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:24.995228: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 18:24:24.995232: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Aug 26 18:24:24.995236: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:24:24.995240: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:24:24.995243: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:24:24.995249: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:24:24.995252: | cmd(1360):c648b913 SPI_OUT=0x5c2f00b5 ipsec _updown 2>&1: Aug 26 18:24:25.008068: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.008087: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:25.008091: | command executing prepare-client Aug 26 18:24:25.008127: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.008135: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.008158: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 18:24:25.008162: | popen cmd is 1411 chars long Aug 26 18:24:25.008166: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:25.008169: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:25.008172: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.008175: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:25.008178: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:25.008181: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 18:24:25.008184: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 18:24:25.008188: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 18:24:25.008191: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:24:25.008194: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:25.008197: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:25.008200: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:25.008203: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 18:24:25.008206: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 18:24:25.008209: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 18:24:25.008212: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 18:24:25.008215: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 18:24:25.008218: | cmd(1360):IN=0xc648b913 SPI_OUT=0x5c2f00b5 ipsec _updown 2>&1: Aug 26 18:24:25.019367: | running updown command "ipsec _updown" for verb route Aug 26 18:24:25.019388: | command executing route-client Aug 26 18:24:25.019424: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.019431: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.019451: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 18:24:25.019456: | popen cmd is 1409 chars long Aug 26 18:24:25.019460: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:25.019463: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 18:24:25.019466: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 18:24:25.019469: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:25.019473: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:25.019476: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:24:25.019479: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:25.019482: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 18:24:25.019485: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:24:25.019488: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:24:25.019491: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 18:24:25.019494: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 18:24:25.019497: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Aug 26 18:24:25.019501: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 18:24:25.019504: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 18:24:25.019507: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 18:24:25.019510: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 18:24:25.019513: | cmd(1360):=0xc648b913 SPI_OUT=0x5c2f00b5 ipsec _updown 2>&1: Aug 26 18:24:25.041180: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x56371f0f0ed8,sr=0x56371f0f0ed8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.041305: | #1 spent 2.15 milliseconds in install_ipsec_sa() Aug 26 18:24:25.041317: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:25.041323: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:25.041332: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:25.041345: | libevent_free: release ptr-libevent@0x56371f10a4b8 Aug 26 18:24:25.041352: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fcadc002b78 Aug 26 18:24:25.041359: | #2 spent 7.22 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:25.041369: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.041374: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:25.041377: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:25.041382: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:25.041386: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:25.041392: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:25.041397: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.041401: | pstats #2 ikev2.child established Aug 26 18:24:25.041411: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:25.041423: | NAT-T: encaps is 'auto' Aug 26 18:24:25.041429: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xc648b913 <0x5c2f00b5 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.041434: | releasing whack for #2 (sock=fd@26) Aug 26 18:24:25.041438: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:24:25.041441: | releasing whack and unpending for parent #1 Aug 26 18:24:25.041444: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 18:24:25.041451: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Aug 26 18:24:25.041455: | removing pending policy for no connection {0x56371efdea58} Aug 26 18:24:25.041461: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:25.041468: | creating state object #3 at 0x56371f112a28 Aug 26 18:24:25.041471: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:25.041479: | pstats #3 ikev2.child started Aug 26 18:24:25.041483: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 18:24:25.041489: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:25.041505: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:25.041511: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:25.041516: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:25.041520: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 18:24:25.041523: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:25.041527: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Aug 26 18:24:25.041534: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:25.041541: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.041544: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:25.041548: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.041552: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.041556: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.041562: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:25.041566: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.041574: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.041585: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 18:24:25.041589: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fcadc002b78 Aug 26 18:24:25.041594: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:24:25.041599: | libevent_malloc: new ptr-libevent@0x56371f122d98 size 128 Aug 26 18:24:25.041606: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:25.041610: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:25.041614: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Aug 26 18:24:25.041616: | removing pending policy for no connection {0x56371f0f08e8} Aug 26 18:24:25.041620: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:24:25.041625: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:25.041629: | event_schedule: new EVENT_SA_REKEY-pe@0x56371f10b588 Aug 26 18:24:25.041632: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:25.041635: | libevent_malloc: new ptr-libevent@0x56371f0f37f8 size 128 Aug 26 18:24:25.041638: | libevent_realloc: release ptr-libevent@0x56371f08a5a8 Aug 26 18:24:25.041644: | libevent_realloc: new ptr-libevent@0x56371f0f2ed8 size 128 Aug 26 18:24:25.041650: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.041655: | #1 spent 7.75 milliseconds in ikev2_process_packet() Aug 26 18:24:25.041662: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.041665: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.041670: | spent 7.77 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.041683: | timer_event_cb: processing event@0x7fcadc002b78 Aug 26 18:24:25.041687: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:24:25.041693: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:25.041700: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:24:25.041703: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:25.041706: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.041710: | libevent_malloc: new ptr-libevent@0x56371f0f21b8 size 128 Aug 26 18:24:25.041729: | crypto helper 4 resuming Aug 26 18:24:25.041735: | crypto helper 4 starting work-order 3 for state #3 Aug 26 18:24:25.041740: | crypto helper 4 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 18:24:25.042687: | crypto helper 4 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000943 seconds Aug 26 18:24:25.042703: | (#3) spent 0.956 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 18:24:25.042709: | crypto helper 4 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:25.042714: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.042719: | libevent_malloc: new ptr-libevent@0x7fcad8002888 size 128 Aug 26 18:24:25.042730: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:25.042739: | libevent_free: release ptr-libevent@0x56371f122d98 Aug 26 18:24:25.042744: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fcadc002b78 Aug 26 18:24:25.042752: | #3 spent 0.0507 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:25.042760: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:25.042765: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.042773: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.042778: | spent 0.00744 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.042782: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.042786: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.042791: | spent 0.00457 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.042795: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.042799: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.042804: | spent 0.00482 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.042814: | processing resume sending helper answer for #3 Aug 26 18:24:25.042821: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.042826: | crypto helper 4 replies to request ID 3 Aug 26 18:24:25.042830: | calling continuation function 0x56371eceeb50 Aug 26 18:24:25.042835: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 18:24:25.042840: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.042844: | libevent_free: release ptr-libevent@0x56371f0f21b8 Aug 26 18:24:25.042848: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:25.042853: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:25.042858: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 18:24:25.042862: | libevent_malloc: new ptr-libevent@0x56371f0f21b8 size 128 Aug 26 18:24:25.042870: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.042874: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:25.042878: | libevent_malloc: new ptr-libevent@0x56371f122d98 size 128 Aug 26 18:24:25.042885: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.042891: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 18:24:25.042895: | suspending state #3 and saving MD Aug 26 18:24:25.042898: | #3 is busy; has a suspended MD Aug 26 18:24:25.042904: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.042910: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.042915: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 18:24:25.042921: | #3 spent 0.094 milliseconds in resume sending helper answer Aug 26 18:24:25.042928: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.042932: | libevent_free: release ptr-libevent@0x7fcad8002888 Aug 26 18:24:25.042938: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:25.042945: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 18:24:25.042953: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.042960: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:25.042968: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:25.042996: | **emit ISAKMP Message: Aug 26 18:24:25.043000: | initiator cookie: Aug 26 18:24:25.043003: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:25.043006: | responder cookie: Aug 26 18:24:25.043009: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.043013: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:25.043017: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.043021: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.043027: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:25.043030: | Message ID: 2 (0x2) Aug 26 18:24:25.043034: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:25.043039: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:25.043044: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043047: | flags: none (0x0) Aug 26 18:24:25.043052: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:25.043056: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.043061: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:25.043086: | netlink_get_spi: allocated 0x38338da6 for esp.0@192.1.3.33 Aug 26 18:24:25.043092: | Emitting ikev2_proposals ... Aug 26 18:24:25.043096: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:25.043099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043103: | flags: none (0x0) Aug 26 18:24:25.043108: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:25.043112: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.043116: | discarding INTEG=NONE Aug 26 18:24:25.043120: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.043124: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043127: | prop #: 1 (0x1) Aug 26 18:24:25.043131: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.043134: | spi size: 4 (0x4) Aug 26 18:24:25.043137: | # transforms: 3 (0x3) Aug 26 18:24:25.043142: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.043147: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.043150: | our spi 38 33 8d a6 Aug 26 18:24:25.043154: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043162: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.043165: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.043170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043174: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.043178: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.043181: | length/value: 256 (0x100) Aug 26 18:24:25.043186: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.043189: | discarding INTEG=NONE Aug 26 18:24:25.043192: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043196: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043200: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.043204: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.043209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043219: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043223: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043227: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.043231: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.043234: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.043239: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043248: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043252: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.043256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.043259: | discarding INTEG=NONE Aug 26 18:24:25.043262: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.043266: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043269: | prop #: 2 (0x2) Aug 26 18:24:25.043272: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.043276: | spi size: 4 (0x4) Aug 26 18:24:25.043279: | # transforms: 3 (0x3) Aug 26 18:24:25.043284: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043296: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.043303: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.043306: | our spi 38 33 8d a6 Aug 26 18:24:25.043309: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043316: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.043320: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.043324: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043328: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.043332: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.043335: | length/value: 128 (0x80) Aug 26 18:24:25.043339: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.043342: | discarding INTEG=NONE Aug 26 18:24:25.043346: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043353: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.043357: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.043362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043373: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043376: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.043380: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.043383: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.043388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043397: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043402: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:25.043407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.043411: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.043415: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043418: | prop #: 3 (0x3) Aug 26 18:24:25.043421: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.043424: | spi size: 4 (0x4) Aug 26 18:24:25.043427: | # transforms: 5 (0x5) Aug 26 18:24:25.043432: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043437: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.043441: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.043444: | our spi 38 33 8d a6 Aug 26 18:24:25.043448: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043455: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.043458: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.043463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043466: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.043470: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.043473: | length/value: 256 (0x100) Aug 26 18:24:25.043477: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.043481: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043488: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.043492: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.043496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043505: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043509: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043516: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.043519: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.043524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043536: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043540: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043543: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.043547: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.043552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043556: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043560: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043563: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043567: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.043572: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.043576: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.043581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043589: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043593: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:25.043598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.043601: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.043605: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.043608: | prop #: 4 (0x4) Aug 26 18:24:25.043611: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.043615: | spi size: 4 (0x4) Aug 26 18:24:25.043618: | # transforms: 5 (0x5) Aug 26 18:24:25.043622: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:25.043626: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:25.043631: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:25.043634: | our spi 38 33 8d a6 Aug 26 18:24:25.043638: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043645: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.043649: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:25.043653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043657: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.043660: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.043664: | length/value: 128 (0x80) Aug 26 18:24:25.043667: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:25.043671: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043678: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.043682: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:25.043687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043695: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043698: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043705: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:25.043708: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:25.043713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043721: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043725: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043732: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.043736: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.043745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043754: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043757: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:25.043760: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.043764: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.043768: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.043773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.043778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:25.043782: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:25.043785: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:25.043790: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:25.043793: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:25.043798: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:25.043801: | ****emit IKEv2 Nonce Payload: Aug 26 18:24:25.043805: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043809: | flags: none (0x0) Aug 26 18:24:25.043814: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.043818: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.043823: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:25.043827: | IKEv2 nonce 61 7a 0c 86 f3 ce ae bc 25 af d3 d3 a4 f1 4b 29 Aug 26 18:24:25.043830: | IKEv2 nonce 41 ae af e8 61 d2 11 31 9c 16 14 49 1b de d3 69 Aug 26 18:24:25.043834: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:25.043837: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:24:25.043841: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043844: | flags: none (0x0) Aug 26 18:24:25.043848: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.043853: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:25.043857: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.043862: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:25.043865: | ikev2 g^x 1f ad cb 7a 37 01 19 82 7c cc 5d 0b ef 8e b8 85 Aug 26 18:24:25.043869: | ikev2 g^x 09 10 f0 f2 ea af fb f1 57 21 b7 f6 cb e1 8b 41 Aug 26 18:24:25.043873: | ikev2 g^x 72 3a 23 ca ad 9f 11 70 de 9b 81 dc 38 42 7c 2f Aug 26 18:24:25.043876: | ikev2 g^x 73 35 c8 8a 7d f2 fb 35 c2 a1 fc 7a ad 85 24 67 Aug 26 18:24:25.043879: | ikev2 g^x f2 e8 75 e8 27 be 1d 84 09 6d d8 7f 0d 2c 53 68 Aug 26 18:24:25.043882: | ikev2 g^x 41 fd d7 4c 14 53 70 88 ac f1 4c 4f 3b 8b 04 b5 Aug 26 18:24:25.043886: | ikev2 g^x ed e3 02 90 fc df 4e 3b 6e 16 38 dd f1 a6 2a 67 Aug 26 18:24:25.043889: | ikev2 g^x 77 6a d2 ce ae f0 76 1a 18 55 50 16 92 11 44 46 Aug 26 18:24:25.043893: | ikev2 g^x 0f 40 be d9 5a 13 41 9b 8e 55 bb 2b 2e 88 56 49 Aug 26 18:24:25.043896: | ikev2 g^x 13 bb 97 78 85 e7 f9 ee 0f 3c 1d 82 8c e2 dc 9e Aug 26 18:24:25.043900: | ikev2 g^x d6 ef 49 fe 51 86 ad 94 ea 52 e5 be 34 eb fb 19 Aug 26 18:24:25.043903: | ikev2 g^x db 34 5f 0d 8a 05 b6 80 48 7f 0e 5d 53 b1 93 67 Aug 26 18:24:25.043909: | ikev2 g^x 3e ce 3b 8a 87 ca 0f b4 3f de e2 ae 64 fc 07 31 Aug 26 18:24:25.043912: | ikev2 g^x 93 49 dd ea 95 aa 29 38 07 c0 1a 70 76 b9 33 f2 Aug 26 18:24:25.043916: | ikev2 g^x 46 e0 bb ef 30 d1 39 98 d5 1b 9f b3 93 b7 d7 4c Aug 26 18:24:25.043920: | ikev2 g^x 36 0b 3b ef 6d 94 2d ef b0 e7 e7 da 4f 35 02 77 Aug 26 18:24:25.043923: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:25.043928: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.043931: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043935: | flags: none (0x0) Aug 26 18:24:25.043938: | number of TS: 1 (0x1) Aug 26 18:24:25.043943: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.043948: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.043952: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.043955: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.043959: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.043962: | start port: 0 (0x0) Aug 26 18:24:25.043966: | end port: 65535 (0xffff) Aug 26 18:24:25.043970: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.043973: | ipv4 start c0 00 03 00 Aug 26 18:24:25.043976: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.043980: | ipv4 end c0 00 03 ff Aug 26 18:24:25.043984: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.043988: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:25.043991: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.043995: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.043998: | flags: none (0x0) Aug 26 18:24:25.044002: | number of TS: 1 (0x1) Aug 26 18:24:25.044007: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.044011: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:25.044015: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:25.044019: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.044022: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.044025: | start port: 0 (0x0) Aug 26 18:24:25.044028: | end port: 65535 (0xffff) Aug 26 18:24:25.044033: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:25.044036: | ipv4 start c0 00 16 00 Aug 26 18:24:25.044040: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:25.044043: | ipv4 end c0 00 16 ff Aug 26 18:24:25.044046: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:25.044050: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:25.044054: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:25.044058: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:25.044062: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:25.044066: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:25.044070: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 18:24:25.044073: | emitting length of ISAKMP Message: 601 Aug 26 18:24:25.044106: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.044113: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 18:24:25.044117: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 18:24:25.044122: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 18:24:25.044128: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 18:24:25.044133: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:25.044141: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 18:24:25.044145: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:25.044161: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:25.044173: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:25.044177: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.044183: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:24:25.044186: | 94 7a 89 25 9f f7 04 a6 9e b7 25 22 95 ac ce 7f Aug 26 18:24:25.044189: | 6b d1 f9 02 ed 07 ca 4f 53 ac 1b 06 86 de 8a f1 Aug 26 18:24:25.044192: | 42 b2 67 ec 9d 61 66 00 4b 94 74 1d 23 e9 80 57 Aug 26 18:24:25.044196: | e3 03 1c 04 68 13 e8 50 5d ca 71 b6 81 6d fd 3c Aug 26 18:24:25.044199: | 54 89 fb a0 83 37 65 53 91 e9 d5 8b 16 c0 d9 c2 Aug 26 18:24:25.044202: | 35 4c 62 62 fa ab 14 52 1e 34 c7 40 26 34 77 39 Aug 26 18:24:25.044205: | 82 93 ca 8f e2 cb ad 1a 86 0a 26 a8 52 80 63 b5 Aug 26 18:24:25.044209: | a6 21 4c de 80 fd e3 16 75 50 6e 01 61 c4 af a1 Aug 26 18:24:25.044212: | 30 c3 2d f4 c1 07 94 45 96 04 7d 0b 81 26 8a d7 Aug 26 18:24:25.044215: | 8d e5 5f d8 03 b7 e2 ed 57 a3 22 4f 2c 66 59 b4 Aug 26 18:24:25.044218: | 23 35 3a e5 06 7f b1 63 13 65 ac 7e dd 22 03 d2 Aug 26 18:24:25.044222: | 3c c4 cc d5 52 55 47 79 f3 e2 7c f9 f3 f3 cb 62 Aug 26 18:24:25.044225: | c7 74 af f3 45 72 f5 28 80 23 68 db 29 2b f4 16 Aug 26 18:24:25.044228: | 83 57 01 de b8 69 e1 8f 44 58 f2 eb 08 5e 7c 33 Aug 26 18:24:25.044232: | 05 2d cd dd cb 4b f3 4e fc 65 a6 66 f3 30 ed 24 Aug 26 18:24:25.044235: | fd a6 66 58 0c c4 3c 83 4c be 9d 06 95 8b a0 1e Aug 26 18:24:25.044238: | dc 1e d2 7d 74 17 b6 f9 54 25 6e e1 9d 50 ee 91 Aug 26 18:24:25.044241: | 72 23 8e c2 86 9c 2f 3a eb 2c 8e b7 98 b5 3c 91 Aug 26 18:24:25.044244: | 5e a5 47 e8 3c 8f 71 33 b4 c2 ef ad 62 87 2b 27 Aug 26 18:24:25.044248: | 55 14 c4 50 67 f4 a3 76 c0 5c 74 1e 83 4e 4d 37 Aug 26 18:24:25.044251: | 12 7f 59 4b 8b 5d 42 fd 25 73 f5 97 8a 51 63 af Aug 26 18:24:25.044254: | 6f 6c b6 3f f4 9a c4 ec 21 b0 ac 50 28 7b 6d 0a Aug 26 18:24:25.044257: | ff ec d0 78 38 05 0c 13 a6 43 2e 05 36 d0 2b dc Aug 26 18:24:25.044260: | 8e 34 09 1e 13 73 d9 3e 97 4a 34 b6 70 40 3a 8d Aug 26 18:24:25.044263: | b5 0d b6 43 cf e6 2a 2f ad 65 cf b7 77 d8 2a bf Aug 26 18:24:25.044266: | f6 c2 e9 99 0c 57 cb f9 5e 0f b7 a6 1a 31 73 2b Aug 26 18:24:25.044270: | cc 48 64 69 fa a4 bd d7 93 e5 7a 44 fe 04 a3 92 Aug 26 18:24:25.044273: | 70 a3 6a 8d 9d ef 65 82 5e 18 23 84 91 5d 67 94 Aug 26 18:24:25.044276: | 9c 9b 63 2b 05 bd 17 b5 b9 4a 3a 18 77 91 4e 21 Aug 26 18:24:25.044279: | 1d dc 2f ef a3 61 19 86 01 16 44 fc 8f 43 07 aa Aug 26 18:24:25.044282: | 08 a0 08 c9 93 c7 55 ea 9f 66 c7 7e 3e dd 2c 44 Aug 26 18:24:25.044285: | db 14 1e eb 06 d8 0f b4 2d 87 35 34 ec b2 cb 81 Aug 26 18:24:25.044296: | dc a6 94 b7 7b 05 31 2d d0 b4 85 2b b2 ca 28 4d Aug 26 18:24:25.044302: | df 25 8c 73 9f 5c 13 22 d2 e3 eb 0c 8a 8b 2a 63 Aug 26 18:24:25.044306: | d7 d2 5a 12 b0 2b 9b 3d 7d 30 c8 eb a4 26 95 64 Aug 26 18:24:25.044309: | 74 e1 b5 0c 03 1f 67 98 81 Aug 26 18:24:25.044366: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:25.044373: | libevent_free: release ptr-libevent@0x56371f0f21b8 Aug 26 18:24:25.044377: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:25.044381: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:25.044385: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:25.044395: | event_schedule: new EVENT_RETRANSMIT-pe@0x56371f08a5a8 Aug 26 18:24:25.044400: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Aug 26 18:24:25.044405: | libevent_malloc: new ptr-libevent@0x56371f0f21b8 size 128 Aug 26 18:24:25.044411: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29150.786861 Aug 26 18:24:25.044418: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:25.044425: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:25.044432: | #1 spent 1.44 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:25.044439: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 18:24:25.044443: | libevent_free: release ptr-libevent@0x56371f122d98 Aug 26 18:24:25.063896: | spent 0.00241 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:25.063921: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:25.063925: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.063928: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:24:25.063931: | ba 6b 2c 65 9e ef 7b 30 5d a4 20 af 9e 16 1e 3f Aug 26 18:24:25.063933: | 03 3c b9 d8 76 c4 97 53 32 a0 c0 05 b5 d3 82 50 Aug 26 18:24:25.063936: | 70 ac 5b be b5 d9 77 e9 72 33 1d fd b8 19 37 bb Aug 26 18:24:25.063938: | 79 3c 9c 06 40 3f ba 18 1b 31 9a f1 cc d8 6c 2a Aug 26 18:24:25.063940: | ef 52 3d 70 03 6b 1e 26 60 77 dd ba 50 1d 80 05 Aug 26 18:24:25.063942: | 1b 0c a6 e1 38 b3 4d 2b 5b 99 5b d6 b6 8a 7b d6 Aug 26 18:24:25.063945: | 37 cd 3b a3 e4 6b 1d 02 3c 67 c0 8b 41 4c f9 de Aug 26 18:24:25.063947: | 12 38 1f 6d 76 de 6b 00 ac 6d e4 51 fe 10 a0 4a Aug 26 18:24:25.063949: | d4 bc ef dc b1 44 7b d4 63 75 97 c4 d5 d4 23 e7 Aug 26 18:24:25.063952: | e2 8f b8 e5 9e 04 50 f7 06 35 b3 85 be bd 80 5d Aug 26 18:24:25.063954: | ab 99 65 87 e8 00 8a bf b4 cf 3f 70 d9 9b 00 bc Aug 26 18:24:25.063957: | df 84 19 d9 7e c8 fe 69 cc 63 a6 44 57 a7 a9 35 Aug 26 18:24:25.063959: | ab 48 64 0a d3 a3 a8 ab 1a ff d4 8f 41 c0 db b8 Aug 26 18:24:25.063961: | 07 b0 11 95 f4 9e 1d 52 27 31 10 c8 38 83 27 da Aug 26 18:24:25.063964: | 99 ed 7a 51 8d ae df 99 90 73 86 92 86 62 37 90 Aug 26 18:24:25.063966: | d9 b4 4a d4 81 ef b5 02 ca 71 c7 40 1d b5 53 1b Aug 26 18:24:25.063969: | 18 f1 73 5a 11 f4 cc 5f 0e 9a 1a e9 81 43 ee c4 Aug 26 18:24:25.063972: | 2f 5c 7e 51 f6 10 80 7a df 6b fa fd 2b 17 14 53 Aug 26 18:24:25.063974: | c0 51 e6 cc b3 6b 51 09 15 be ec 33 29 ec 65 ea Aug 26 18:24:25.063977: | 98 b4 75 80 04 5b b9 e5 8c d7 4d f1 ba 62 99 72 Aug 26 18:24:25.063980: | 20 02 5c 7b 75 f2 8e 96 15 be e2 5e b7 63 76 6b Aug 26 18:24:25.063982: | 84 64 1c cd e1 46 44 36 5f 9c c4 1a c3 04 cf 6e Aug 26 18:24:25.063984: | a0 1e 71 00 ff af 45 d6 ce 83 49 e1 b8 32 59 fe Aug 26 18:24:25.063987: | ce 89 c9 f0 d4 a5 df a6 a5 65 74 38 25 71 b5 d3 Aug 26 18:24:25.063990: | d9 99 a6 15 0e 4a c1 05 b8 6d 3a 2b c7 fd 64 67 Aug 26 18:24:25.063992: | 78 4c e5 17 94 00 b4 2a f2 bd f9 02 d1 94 4a bc Aug 26 18:24:25.063994: | 29 Aug 26 18:24:25.064000: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:25.064004: | **parse ISAKMP Message: Aug 26 18:24:25.064007: | initiator cookie: Aug 26 18:24:25.064010: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:25.064013: | responder cookie: Aug 26 18:24:25.064015: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:25.064018: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:25.064021: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:25.064024: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:25.064030: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:25.064033: | Message ID: 2 (0x2) Aug 26 18:24:25.064036: | length: 449 (0x1c1) Aug 26 18:24:25.064040: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:24:25.064043: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 18:24:25.064049: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:25.064056: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:25.064060: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 18:24:25.064065: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.064069: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:25.064073: | #3 is idle Aug 26 18:24:25.064076: | #3 idle Aug 26 18:24:25.064078: | unpacking clear payload Aug 26 18:24:25.064082: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:25.064085: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:25.064088: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:25.064091: | flags: none (0x0) Aug 26 18:24:25.064094: | length: 421 (0x1a5) Aug 26 18:24:25.064097: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 18:24:25.064101: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:25.064120: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:24:25.064124: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:25.064127: | **parse IKEv2 Security Association Payload: Aug 26 18:24:25.064130: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:25.064133: | flags: none (0x0) Aug 26 18:24:25.064136: | length: 44 (0x2c) Aug 26 18:24:25.064139: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:24:25.064142: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:25.064145: | **parse IKEv2 Nonce Payload: Aug 26 18:24:25.064148: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:25.064151: | flags: none (0x0) Aug 26 18:24:25.064153: | length: 36 (0x24) Aug 26 18:24:25.064156: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:25.064159: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:25.064162: | **parse IKEv2 Key Exchange Payload: Aug 26 18:24:25.064164: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:25.064167: | flags: none (0x0) Aug 26 18:24:25.064169: | length: 264 (0x108) Aug 26 18:24:25.064172: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.064175: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:25.064177: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:25.064181: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:25.064183: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:25.064186: | flags: none (0x0) Aug 26 18:24:25.064189: | length: 24 (0x18) Aug 26 18:24:25.064192: | number of TS: 1 (0x1) Aug 26 18:24:25.064194: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:25.064197: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:25.064200: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:25.064203: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:25.064206: | flags: none (0x0) Aug 26 18:24:25.064208: | length: 24 (0x18) Aug 26 18:24:25.064211: | number of TS: 1 (0x1) Aug 26 18:24:25.064213: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:25.064216: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:25.064222: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:25.064225: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 18:24:25.064230: | Now let's proceed with state specific processing Aug 26 18:24:25.064233: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:25.064248: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.064252: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:25.064257: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:25.064259: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:25.064262: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:25.064265: | local proposal 1 type DH has 1 transforms Aug 26 18:24:25.064267: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:25.064271: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.064274: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:25.064276: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:25.064279: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:25.064281: | local proposal 2 type DH has 1 transforms Aug 26 18:24:25.064284: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:25.064287: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:25.064297: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:25.064300: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:25.064303: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:25.064305: | local proposal 3 type DH has 1 transforms Aug 26 18:24:25.064308: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:25.064311: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.064314: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:25.064317: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:25.064319: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:25.064322: | local proposal 4 type DH has 1 transforms Aug 26 18:24:25.064327: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:25.064332: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:25.064335: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:25.064338: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:25.064340: | length: 40 (0x28) Aug 26 18:24:25.064342: | prop #: 1 (0x1) Aug 26 18:24:25.064345: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:25.064347: | spi size: 4 (0x4) Aug 26 18:24:25.064349: | # transforms: 3 (0x3) Aug 26 18:24:25.064352: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:25.064355: | remote SPI c3 e9 9c 87 Aug 26 18:24:25.064358: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:25.064361: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.064363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.064365: | length: 12 (0xc) Aug 26 18:24:25.064368: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:25.064370: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:25.064373: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:25.064375: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:25.064378: | length/value: 256 (0x100) Aug 26 18:24:25.064382: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:25.064384: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.064387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:25.064389: | length: 8 (0x8) Aug 26 18:24:25.064391: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:25.064395: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:25.064399: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:25.064401: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:25.064404: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:25.064406: | length: 8 (0x8) Aug 26 18:24:25.064408: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:25.064410: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:25.064413: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:25.064417: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:24:25.064420: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:24:25.064423: | remote proposal 1 matches local proposal 1 Aug 26 18:24:25.064426: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 18:24:25.064431: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=c3e99c87;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:24:25.064433: | converting proposal to internal trans attrs Aug 26 18:24:25.064438: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:24:25.064446: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 18:24:25.064449: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:25.064452: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 18:24:25.064455: | libevent_free: release ptr-libevent@0x56371f0f21b8 Aug 26 18:24:25.064458: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56371f08a5a8 Aug 26 18:24:25.064461: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:25.064465: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:25.064468: | libevent_malloc: new ptr-libevent@0x56371f112808 size 128 Aug 26 18:24:25.064487: | crypto helper 5 resuming Aug 26 18:24:25.064493: | crypto helper 5 starting work-order 4 for state #3 Aug 26 18:24:25.064497: | crypto helper 5 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 18:24:25.065350: | crypto helper 5 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000852 seconds Aug 26 18:24:25.065365: | (#3) spent 0.862 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 18:24:25.065369: | crypto helper 5 sending results from work-order 4 for state #3 to event queue Aug 26 18:24:25.065373: | scheduling resume sending helper answer for #3 Aug 26 18:24:25.065376: | libevent_malloc: new ptr-libevent@0x7fcacc001f78 size 128 Aug 26 18:24:25.065382: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:25.065391: | #3 spent 0.24 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 18:24:25.065398: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.065402: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 18:24:25.065404: | suspending state #3 and saving MD Aug 26 18:24:25.065407: | #3 is busy; has a suspended MD Aug 26 18:24:25.065411: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:25.065415: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:25.065419: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:25.065424: | #1 spent 0.601 milliseconds in ikev2_process_packet() Aug 26 18:24:25.065428: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:25.065434: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:25.065437: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:25.065441: | spent 0.619 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:25.065451: | processing resume sending helper answer for #3 Aug 26 18:24:25.065457: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:25.065460: | crypto helper 5 replies to request ID 4 Aug 26 18:24:25.065463: | calling continuation function 0x56371ecef9d0 Aug 26 18:24:25.065467: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 18:24:25.065470: | TSi: parsing 1 traffic selectors Aug 26 18:24:25.065473: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.065477: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.065479: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.065482: | length: 16 (0x10) Aug 26 18:24:25.065485: | start port: 0 (0x0) Aug 26 18:24:25.065487: | end port: 65535 (0xffff) Aug 26 18:24:25.065490: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.065493: | TS low c0 00 03 00 Aug 26 18:24:25.065496: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.065498: | TS high c0 00 03 ff Aug 26 18:24:25.065501: | TSi: parsed 1 traffic selectors Aug 26 18:24:25.065503: | TSr: parsing 1 traffic selectors Aug 26 18:24:25.065506: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:25.065509: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:25.065511: | IP Protocol ID: 0 (0x0) Aug 26 18:24:25.065514: | length: 16 (0x10) Aug 26 18:24:25.065516: | start port: 0 (0x0) Aug 26 18:24:25.065519: | end port: 65535 (0xffff) Aug 26 18:24:25.065522: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:25.065524: | TS low c0 00 16 00 Aug 26 18:24:25.065527: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:25.065529: | TS high c0 00 16 ff Aug 26 18:24:25.065532: | TSr: parsed 1 traffic selectors Aug 26 18:24:25.065537: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 18:24:25.065542: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.065549: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:25.065553: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:25.065556: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:25.065560: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:25.065563: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.065569: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:25.065575: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 18:24:25.065579: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:25.065582: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:25.065585: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:25.065588: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:25.065591: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:25.065594: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:25.065597: | printing contents struct traffic_selector Aug 26 18:24:25.065600: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.065603: | ipprotoid: 0 Aug 26 18:24:25.065606: | port range: 0-65535 Aug 26 18:24:25.065610: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:25.065613: | printing contents struct traffic_selector Aug 26 18:24:25.065616: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:25.065618: | ipprotoid: 0 Aug 26 18:24:25.065621: | port range: 0-65535 Aug 26 18:24:25.065625: | ip range: 192.0.22.0-192.0.22.255 Aug 26 18:24:25.065630: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:25.065832: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:24:25.065839: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:24:25.065842: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.065846: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.065849: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.065852: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.065855: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.065859: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.065862: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.065866: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.065868: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.065871: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.065876: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.065879: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.065883: | netlink: enabling tunnel mode Aug 26 18:24:25.065886: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.065889: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.065967: | netlink response for Add SA esp.c3e99c87@192.1.2.23 included non-error error Aug 26 18:24:25.065972: | set up outgoing SA, ref=0/0 Aug 26 18:24:25.065975: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:25.065978: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:25.065981: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:25.065984: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:25.065988: | setting IPsec SA replay-window to 32 Aug 26 18:24:25.065991: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:24:25.065994: | netlink: enabling tunnel mode Aug 26 18:24:25.065997: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:25.066000: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:25.066035: | netlink response for Add SA esp.38338da6@192.1.3.33 included non-error error Aug 26 18:24:25.066040: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.066048: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:25.066051: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.066073: | raw_eroute result=success Aug 26 18:24:25.066076: | set up incoming SA, ref=0/0 Aug 26 18:24:25.066079: | sr for #3: unrouted Aug 26 18:24:25.066082: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:25.066085: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:25.066089: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.066092: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:25.066095: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:25.066098: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:25.066102: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:25.066106: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 18:24:25.066109: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:25.066117: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:25.066120: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:25.066132: | raw_eroute result=success Aug 26 18:24:25.066135: | running updown command "ipsec _updown" for verb up Aug 26 18:24:25.066138: | command executing up-client Aug 26 18:24:25.066172: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.066179: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.066198: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:24:25.066202: | popen cmd is 1408 chars long Aug 26 18:24:25.066205: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:24:25.066208: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 18:24:25.066210: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 18:24:25.066213: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:24:25.066215: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:24:25.066218: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 18:24:25.066220: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:24:25.066223: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 18:24:25.066225: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Aug 26 18:24:25.066228: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:25.066230: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:25.066233: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:25.066235: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Aug 26 18:24:25.066238: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:24:25.066240: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:24:25.066243: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:24:25.066245: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:24:25.066247: | cmd(1360):0xc3e99c87 SPI_OUT=0x38338da6 ipsec _updown 2>&1: Aug 26 18:24:25.084245: | route_and_eroute: firewall_notified: true Aug 26 18:24:25.084264: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:25.084268: | command executing prepare-client Aug 26 18:24:25.084307: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.084318: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.084344: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Aug 26 18:24:25.084349: | popen cmd is 1413 chars long Aug 26 18:24:25.084352: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:25.084356: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:25.084358: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:25.084361: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:25.084364: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:25.084366: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 18:24:25.084369: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 18:24:25.084372: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 18:24:25.084375: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:24:25.084377: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:24:25.084380: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Aug 26 18:24:25.084382: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Aug 26 18:24:25.084384: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Aug 26 18:24:25.084388: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Aug 26 18:24:25.084390: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Aug 26 18:24:25.084394: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Aug 26 18:24:25.084397: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Aug 26 18:24:25.084400: | cmd(1360):I_IN=0xc3e99c87 SPI_OUT=0x38338da6 ipsec _updown 2>&1: Aug 26 18:24:25.097891: | running updown command "ipsec _updown" for verb route Aug 26 18:24:25.097917: | command executing route-client Aug 26 18:24:25.097954: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.097962: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:25.097987: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Aug 26 18:24:25.097995: | popen cmd is 1411 chars long Aug 26 18:24:25.097999: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:25.098002: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 18:24:25.098005: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 18:24:25.098008: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:24:25.098011: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:24:25.098014: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Aug 26 18:24:25.098017: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:24:25.098020: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 18:24:25.098022: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Aug 26 18:24:25.098025: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:24:25.098028: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:24:25.098031: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:24:25.098034: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 18:24:25.098037: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 18:24:25.098040: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 18:24:25.098043: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 18:24:25.098046: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 18:24:25.098049: | cmd(1360):IN=0xc3e99c87 SPI_OUT=0x38338da6 ipsec _updown 2>&1: Aug 26 18:24:25.132064: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x56371f0fbbf8,sr=0x56371f0fbbf8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:25.132174: | #1 spent 2.18 milliseconds in install_ipsec_sa() Aug 26 18:24:25.132186: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:24:25.132190: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:25.132203: | libevent_free: release ptr-libevent@0x56371f112808 Aug 26 18:24:25.132210: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:25.132224: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:25.132228: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 18:24:25.132232: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 18:24:25.132237: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:25.132240: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:24:25.132246: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 18:24:25.132254: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:25.132258: | pstats #3 ikev2.child established Aug 26 18:24:25.132268: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Aug 26 18:24:25.132281: | NAT-T: encaps is 'auto' Aug 26 18:24:25.132286: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xc3e99c87 <0x38338da6 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:24:25.132299: | releasing whack for #3 (sock=fd@25) Aug 26 18:24:25.132306: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:24:25.132309: | releasing whack and unpending for parent #1 Aug 26 18:24:25.132312: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 18:24:25.132317: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 18:24:25.132321: | event_schedule: new EVENT_SA_REKEY-pe@0x56371f08a5a8 Aug 26 18:24:25.132324: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 18:24:25.132329: | libevent_malloc: new ptr-libevent@0x56371f105478 size 128 Aug 26 18:24:25.132339: | #3 spent 2.71 milliseconds in resume sending helper answer Aug 26 18:24:25.132345: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:25.132349: | libevent_free: release ptr-libevent@0x7fcacc001f78 Aug 26 18:24:25.132365: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.132371: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.132376: | spent 0.00549 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.132378: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.132382: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.132386: | spent 0.0035 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.132388: | processing signal PLUTO_SIGCHLD Aug 26 18:24:25.132392: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:25.132395: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:25.199114: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:25.199517: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:25.199530: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:25.199687: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:25.199694: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:25.199704: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:25.199722: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:25.199742: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:25.199751: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:25.199772: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:25.199781: | spent 0.67 milliseconds in whack Aug 26 18:24:27.463701: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:27.463721: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:27.463725: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:27.463731: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:27.463746: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:27.463764: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:27.463772: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:27.463791: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:27.463800: | spent 0.105 milliseconds in whack Aug 26 18:24:28.332008: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:28.332252: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:28.332261: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:28.332403: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:28.332411: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:28.332421: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:28.332440: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:28.332462: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:28.332473: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:28.332497: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:28.332506: | spent 0.737 milliseconds in whack Aug 26 18:24:28.686406: | spent 0.00259 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:28.686435: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:28.686439: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686442: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.686444: | 7e 16 36 9c 4f 81 1c fc 70 79 dd ed ae 84 64 17 Aug 26 18:24:28.686447: | 9b c7 9e 18 05 b7 a6 42 6f 76 b4 db 52 16 f1 21 Aug 26 18:24:28.686449: | cc 81 c4 c8 f2 Aug 26 18:24:28.686454: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:28.686459: | **parse ISAKMP Message: Aug 26 18:24:28.686461: | initiator cookie: Aug 26 18:24:28.686464: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.686467: | responder cookie: Aug 26 18:24:28.686469: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686472: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:28.686475: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.686478: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.686482: | flags: none (0x0) Aug 26 18:24:28.686485: | Message ID: 0 (0x0) Aug 26 18:24:28.686487: | length: 69 (0x45) Aug 26 18:24:28.686490: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:28.686494: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:28.686499: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:28.686505: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:28.686509: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:28.686513: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:28.686517: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:28.686521: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:24:28.686524: | unpacking clear payload Aug 26 18:24:28.686526: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:28.686529: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:28.686532: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:28.686535: | flags: none (0x0) Aug 26 18:24:28.686537: | length: 41 (0x29) Aug 26 18:24:28.686540: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:28.686545: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:28.686548: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:28.686573: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:28.686577: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:28.686580: | **parse IKEv2 Delete Payload: Aug 26 18:24:28.686583: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.686585: | flags: none (0x0) Aug 26 18:24:28.686588: | length: 12 (0xc) Aug 26 18:24:28.686590: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.686593: | SPI size: 4 (0x4) Aug 26 18:24:28.686596: | number of SPIs: 1 (0x1) Aug 26 18:24:28.686599: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:28.686604: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:28.686607: | Now let's proceed with state specific processing Aug 26 18:24:28.686609: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:28.686613: | an informational request should send a response Aug 26 18:24:28.686642: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:28.686646: | **emit ISAKMP Message: Aug 26 18:24:28.686649: | initiator cookie: Aug 26 18:24:28.686651: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.686654: | responder cookie: Aug 26 18:24:28.686656: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686659: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.686662: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.686665: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.686668: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:28.686670: | Message ID: 0 (0x0) Aug 26 18:24:28.686673: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.686676: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.686679: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.686682: | flags: none (0x0) Aug 26 18:24:28.686685: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.686694: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:28.686698: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.686710: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:28.686713: | SPI c3 e9 9c 87 Aug 26 18:24:28.686716: | delete PROTO_v2_ESP SA(0xc3e99c87) Aug 26 18:24:28.686719: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:28.686722: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:28.686725: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xc3e99c87) Aug 26 18:24:28.686729: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 18:24:28.686732: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.686736: | libevent_free: release ptr-libevent@0x56371f105478 Aug 26 18:24:28.686739: | free_event_entry: release EVENT_SA_REKEY-pe@0x56371f08a5a8 Aug 26 18:24:28.686742: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:28.686746: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 18:24:28.686750: | libevent_malloc: new ptr-libevent@0x7fcacc001f78 size 128 Aug 26 18:24:28.686754: | ****emit IKEv2 Delete Payload: Aug 26 18:24:28.686757: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.686759: | flags: none (0x0) Aug 26 18:24:28.686762: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.686764: | SPI size: 4 (0x4) Aug 26 18:24:28.686767: | number of SPIs: 1 (0x1) Aug 26 18:24:28.686770: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:28.686773: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:28.686777: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:28.686779: | local SPIs 38 33 8d a6 Aug 26 18:24:28.686782: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:28.686785: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.686788: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.686792: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.686794: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:28.686797: | emitting length of ISAKMP Message: 69 Aug 26 18:24:28.686816: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:28.686821: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.686823: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.686826: | f7 c9 f5 57 0b d1 c3 bf da d7 49 ba b4 cc f3 fc Aug 26 18:24:28.686828: | a2 ca 07 2b 0a c3 4f fb 95 c6 69 10 60 ba b4 ef Aug 26 18:24:28.686831: | eb cd 33 89 0d Aug 26 18:24:28.686867: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:28.686873: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:28.686880: | #1 spent 0.236 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:28.686885: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.686889: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:28.686893: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:28.686898: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:28.686902: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.686905: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:28.686910: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:28.686915: | #1 spent 0.466 milliseconds in ikev2_process_packet() Aug 26 18:24:28.686919: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:28.686922: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:28.686925: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:28.686929: | spent 0.481 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:28.686937: | timer_event_cb: processing event@0x56371f08a5a8 Aug 26 18:24:28.686940: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 18:24:28.686944: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.686948: | picked newest_ipsec_sa #3 for #3 Aug 26 18:24:28.686951: | replacing stale CHILD SA Aug 26 18:24:28.686955: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:28.686958: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:28.686962: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:28.686966: | creating state object #4 at 0x56371f117b08 Aug 26 18:24:28.686969: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:24:28.686978: | pstats #4 ikev2.child started Aug 26 18:24:28.686981: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 18:24:28.686987: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:28.686997: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:28.687002: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:28.687007: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:28.687011: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:28.687026: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.687032: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 18:24:28.687035: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56371f100128 Aug 26 18:24:28.687039: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 18:24:28.687042: | libevent_malloc: new ptr-libevent@0x56371f112808 size 128 Aug 26 18:24:28.687047: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:28.687052: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fcadc002b78 Aug 26 18:24:28.687055: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 18:24:28.687059: | libevent_malloc: new ptr-libevent@0x56371f122d98 size 128 Aug 26 18:24:28.687063: | libevent_free: release ptr-libevent@0x7fcacc001f78 Aug 26 18:24:28.687066: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:28.687070: | #3 spent 0.133 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:28.687073: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.687078: | timer_event_cb: processing event@0x56371f100128 Aug 26 18:24:28.687081: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 18:24:28.687086: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.687091: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 18:24:28.687094: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:28.687098: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:24:28.687101: | libevent_malloc: new ptr-libevent@0x7fcacc001f78 size 128 Aug 26 18:24:28.687108: | libevent_free: release ptr-libevent@0x56371f112808 Aug 26 18:24:28.687111: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56371f100128 Aug 26 18:24:28.687116: | #4 spent 0.0368 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:28.687120: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.687124: | timer_event_cb: processing event@0x7fcadc002b78 Aug 26 18:24:28.687127: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 18:24:28.687131: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.687135: | picked newest_ipsec_sa #3 for #3 Aug 26 18:24:28.687138: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:28.687141: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 18:24:28.687143: | pstats #3 ikev2.child deleted completed Aug 26 18:24:28.687147: | #3 spent 5.05 milliseconds in total Aug 26 18:24:28.687151: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:28.687155: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.645s and NOT sending notification Aug 26 18:24:28.687158: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:28.687162: | get_sa_info esp.c3e99c87@192.1.2.23 Aug 26 18:24:28.687176: | get_sa_info esp.38338da6@192.1.3.33 Aug 26 18:24:28.687184: "northnet-eastnets/0x2" #3: ESP traffic information: in=0B out=168B Aug 26 18:24:28.687187: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:28.687234: | crypto helper 6 resuming Aug 26 18:24:28.687242: | crypto helper 6 starting work-order 5 for state #4 Aug 26 18:24:28.687248: | crypto helper 6 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 18:24:28.688270: | crypto helper 6 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001021 seconds Aug 26 18:24:28.688282: | (#4) spent 0.995 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:28.688286: | crypto helper 6 sending results from work-order 5 for state #4 to event queue Aug 26 18:24:28.688293: | scheduling resume sending helper answer for #4 Aug 26 18:24:28.688298: | libevent_malloc: new ptr-libevent@0x7fcad0002888 size 128 Aug 26 18:24:28.688303: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:28.688314: | running updown command "ipsec _updown" for verb down Aug 26 18:24:28.688317: | command executing down-client Aug 26 18:24:28.688348: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:28.688354: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:28.688373: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843865' PLUTO_ Aug 26 18:24:28.688377: | popen cmd is 1419 chars long Aug 26 18:24:28.688380: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:28.688383: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 18:24:28.688386: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 18:24:28.688388: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 18:24:28.688391: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:28.688394: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 18:24:28.688397: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:28.688400: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 18:24:28.688402: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Aug 26 18:24:28.688405: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:24:28.688408: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Aug 26 18:24:28.688411: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Aug 26 18:24:28.688413: | cmd( 960): PLUTO_ADDTIME='1566843865' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Aug 26 18:24:28.688416: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Aug 26 18:24:28.688419: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 18:24:28.688426: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 18:24:28.688429: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 18:24:28.688432: | cmd(1360):no' SPI_IN=0xc3e99c87 SPI_OUT=0x38338da6 ipsec _updown 2>&1: Aug 26 18:24:28.701138: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:28.701156: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.701160: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.701164: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:28.701202: | delete esp.c3e99c87@192.1.2.23 Aug 26 18:24:28.701216: | netlink response for Del SA esp.c3e99c87@192.1.2.23 included non-error error Aug 26 18:24:28.701220: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.701227: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:28.701244: | raw_eroute result=success Aug 26 18:24:28.701249: | delete esp.38338da6@192.1.3.33 Aug 26 18:24:28.701258: | netlink response for Del SA esp.38338da6@192.1.3.33 included non-error error Aug 26 18:24:28.701270: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.701273: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:24:28.701279: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:28.701335: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:28.701365: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:28.701369: | can't expire unused IKE SA #1; it has the child #4 Aug 26 18:24:28.701377: | libevent_free: release ptr-libevent@0x56371f122d98 Aug 26 18:24:28.701385: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fcadc002b78 Aug 26 18:24:28.701388: | in statetime_stop() and could not find #3 Aug 26 18:24:28.701392: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.701417: | spent 0.00309 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:28.701440: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:28.701443: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.701446: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.701449: | f8 31 66 9f 50 9e b7 4c 05 09 75 9a 19 52 50 9d Aug 26 18:24:28.701452: | 32 d0 9b b8 b9 34 bc 37 4c a3 af 9b f0 d5 45 20 Aug 26 18:24:28.701454: | a4 df de 1b d3 Aug 26 18:24:28.701461: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:28.701466: | **parse ISAKMP Message: Aug 26 18:24:28.701469: | initiator cookie: Aug 26 18:24:28.701472: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.701474: | responder cookie: Aug 26 18:24:28.701477: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.701481: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:28.701484: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.701487: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.701491: | flags: none (0x0) Aug 26 18:24:28.701494: | Message ID: 1 (0x1) Aug 26 18:24:28.701497: | length: 69 (0x45) Aug 26 18:24:28.701500: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:28.701504: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:28.701508: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:28.701515: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:28.701519: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:28.701528: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:28.701532: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:28.701537: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:24:28.701540: | unpacking clear payload Aug 26 18:24:28.701543: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:28.701546: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:28.701549: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:28.701552: | flags: none (0x0) Aug 26 18:24:28.701554: | length: 41 (0x29) Aug 26 18:24:28.701557: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:28.701562: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:28.701565: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:28.701590: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:28.701594: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:28.701596: | **parse IKEv2 Delete Payload: Aug 26 18:24:28.701599: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.701602: | flags: none (0x0) Aug 26 18:24:28.701604: | length: 12 (0xc) Aug 26 18:24:28.701606: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.701609: | SPI size: 4 (0x4) Aug 26 18:24:28.701611: | number of SPIs: 1 (0x1) Aug 26 18:24:28.701613: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:28.701615: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:28.701617: | Now let's proceed with state specific processing Aug 26 18:24:28.701620: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:28.701623: | an informational request should send a response Aug 26 18:24:28.701645: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:28.701648: | **emit ISAKMP Message: Aug 26 18:24:28.701651: | initiator cookie: Aug 26 18:24:28.701653: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.701655: | responder cookie: Aug 26 18:24:28.701657: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.701659: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.701661: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.701664: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.701666: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:28.701668: | Message ID: 1 (0x1) Aug 26 18:24:28.701671: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.701674: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.701676: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.701678: | flags: none (0x0) Aug 26 18:24:28.701681: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.701683: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:28.701686: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.701704: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:28.701706: | SPI c6 48 b9 13 Aug 26 18:24:28.701708: | delete PROTO_v2_ESP SA(0xc648b913) Aug 26 18:24:28.701712: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:28.701714: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:28.701717: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xc648b913) Aug 26 18:24:28.701720: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:24:28.701723: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.701726: | libevent_free: release ptr-libevent@0x56371f0f37f8 Aug 26 18:24:28.701732: | free_event_entry: release EVENT_SA_REKEY-pe@0x56371f10b588 Aug 26 18:24:28.701736: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f10b588 Aug 26 18:24:28.701739: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:24:28.701742: | libevent_malloc: new ptr-libevent@0x7fcad8003878 size 128 Aug 26 18:24:28.701747: | ****emit IKEv2 Delete Payload: Aug 26 18:24:28.701749: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.701751: | flags: none (0x0) Aug 26 18:24:28.701753: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:28.701755: | SPI size: 4 (0x4) Aug 26 18:24:28.701758: | number of SPIs: 1 (0x1) Aug 26 18:24:28.701760: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:28.701763: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:28.701766: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:28.701768: | local SPIs 5c 2f 00 b5 Aug 26 18:24:28.701770: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:28.701772: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.701775: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.701777: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.701780: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:28.701782: | emitting length of ISAKMP Message: 69 Aug 26 18:24:28.701797: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:28.701800: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.701802: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:24:28.701804: | 2e a7 f1 bf 49 6d 13 73 4d 6c 44 da 90 ec c2 e7 Aug 26 18:24:28.701806: | 75 c0 11 54 cc d1 f2 7f 52 11 6b c7 a1 17 06 47 Aug 26 18:24:28.701808: | 50 c8 23 3a c8 Aug 26 18:24:28.701857: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:28.701864: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:28.701870: | #1 spent 0.22 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:28.701877: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.701881: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:28.701884: | Message ID: updating counters for #1 to 1 after switching state Aug 26 18:24:28.701889: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:24:28.701893: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.701896: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:28.701901: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:28.701906: | #1 spent 0.458 milliseconds in ikev2_process_packet() Aug 26 18:24:28.701910: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:28.701914: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:28.701917: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:28.701921: | spent 0.473 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:28.701930: | processing resume sending helper answer for #4 Aug 26 18:24:28.701936: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 18:24:28.701940: | crypto helper 6 replies to request ID 5 Aug 26 18:24:28.701942: | calling continuation function 0x56371eceeb50 Aug 26 18:24:28.701946: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 18:24:28.701949: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:28.701952: | libevent_free: release ptr-libevent@0x7fcacc001f78 Aug 26 18:24:28.701955: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:28.701959: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:28.701962: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 18:24:28.701965: | libevent_malloc: new ptr-libevent@0x56371f122d98 size 128 Aug 26 18:24:28.701970: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.701972: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:28.701975: | libevent_malloc: new ptr-libevent@0x56371f112808 size 128 Aug 26 18:24:28.701980: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.701984: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 18:24:28.701986: | suspending state #4 and saving MD Aug 26 18:24:28.701989: | #4 is busy; has a suspended MD Aug 26 18:24:28.701993: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:28.701997: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:28.702002: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 18:24:28.702007: | #4 spent 0.067 milliseconds in resume sending helper answer Aug 26 18:24:28.702012: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 18:24:28.702015: | libevent_free: release ptr-libevent@0x7fcad0002888 Aug 26 18:24:28.702020: | processing signal PLUTO_SIGCHLD Aug 26 18:24:28.702026: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:28.702030: | spent 0.00532 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:28.702036: | timer_event_cb: processing event@0x56371f10b588 Aug 26 18:24:28.702039: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:24:28.702044: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.702047: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:28.702050: | replacing stale CHILD SA Aug 26 18:24:28.702054: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:28.702057: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:28.702061: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:28.702066: | creating state object #5 at 0x56371f112a28 Aug 26 18:24:28.702069: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 18:24:28.702075: | pstats #5 ikev2.child started Aug 26 18:24:28.702078: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 18:24:28.702084: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:28.702090: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:28.702094: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.702099: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:28.702108: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:28.702113: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:28.702117: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:28.702121: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Aug 26 18:24:28.702126: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:28.702132: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.702136: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:28.702140: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.702143: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:28.702148: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.702152: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:28.702156: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.702165: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:28.702171: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:24:28.702174: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fcad0002b78 Aug 26 18:24:28.702178: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 18:24:28.702181: | libevent_malloc: new ptr-libevent@0x7fcad0002888 size 128 Aug 26 18:24:28.702186: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:28.702190: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fcadc002b78 Aug 26 18:24:28.702193: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:24:28.702196: | libevent_malloc: new ptr-libevent@0x56371f10a4b8 size 128 Aug 26 18:24:28.702199: | libevent_free: release ptr-libevent@0x7fcad8003878 Aug 26 18:24:28.702202: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f10b588 Aug 26 18:24:28.702207: | #2 spent 0.17 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:28.702210: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.702213: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:28.702218: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 18:24:28.702241: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.702247: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:28.702251: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:28.702257: | **emit ISAKMP Message: Aug 26 18:24:28.702259: | initiator cookie: Aug 26 18:24:28.702262: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.702265: | responder cookie: Aug 26 18:24:28.702267: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.702270: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.702274: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.702278: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:28.702280: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:28.702283: | Message ID: 3 (0x3) Aug 26 18:24:28.702286: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.702298: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.702301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.702303: | flags: none (0x0) Aug 26 18:24:28.702307: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.702310: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.702313: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.702332: | netlink_get_spi: allocated 0x459eb53f for esp.0@192.1.3.33 Aug 26 18:24:28.702336: | Emitting ikev2_proposals ... Aug 26 18:24:28.702339: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:28.702341: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.702344: | flags: none (0x0) Aug 26 18:24:28.702347: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:28.702351: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.702354: | discarding INTEG=NONE Aug 26 18:24:28.702356: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.702359: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702362: | prop #: 1 (0x1) Aug 26 18:24:28.702365: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.702368: | spi size: 4 (0x4) Aug 26 18:24:28.702370: | # transforms: 3 (0x3) Aug 26 18:24:28.702373: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.702377: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.702380: | our spi 45 9e b5 3f Aug 26 18:24:28.702382: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702388: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.702391: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.702394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702397: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.702400: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.702402: | length/value: 256 (0x100) Aug 26 18:24:28.702405: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.702408: | discarding INTEG=NONE Aug 26 18:24:28.702410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702416: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.702419: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.702422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702428: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702431: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702433: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.702436: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.702438: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.702443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702449: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702452: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:28.702455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.702458: | discarding INTEG=NONE Aug 26 18:24:28.702460: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.702463: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702465: | prop #: 2 (0x2) Aug 26 18:24:28.702468: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.702471: | spi size: 4 (0x4) Aug 26 18:24:28.702473: | # transforms: 3 (0x3) Aug 26 18:24:28.702476: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702479: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.702483: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.702485: | our spi 45 9e b5 3f Aug 26 18:24:28.702488: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702493: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.702496: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.702499: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702502: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.702504: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.702507: | length/value: 128 (0x80) Aug 26 18:24:28.702510: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.702512: | discarding INTEG=NONE Aug 26 18:24:28.702515: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702520: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.702523: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.702526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702534: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702537: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.702540: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.702542: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.702546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702554: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:28.702557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.702560: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.702563: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702567: | prop #: 3 (0x3) Aug 26 18:24:28.702570: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.702572: | spi size: 4 (0x4) Aug 26 18:24:28.702575: | # transforms: 5 (0x5) Aug 26 18:24:28.702578: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702581: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.702584: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.702587: | our spi 45 9e b5 3f Aug 26 18:24:28.702590: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702595: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.702598: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.702601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702604: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.702607: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.702609: | length/value: 256 (0x100) Aug 26 18:24:28.702612: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.702615: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702620: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.702623: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.702626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702629: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702632: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702635: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702640: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.702643: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.702646: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702649: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702652: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702654: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702660: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.702662: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.702665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702671: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702674: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702677: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.702679: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.702682: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.702685: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702692: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702695: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:28.702698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.702701: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.702704: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:28.702707: | prop #: 4 (0x4) Aug 26 18:24:28.702709: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.702712: | spi size: 4 (0x4) Aug 26 18:24:28.702714: | # transforms: 5 (0x5) Aug 26 18:24:28.702718: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.702721: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.702724: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.702726: | our spi 45 9e b5 3f Aug 26 18:24:28.702729: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702734: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.702737: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.702740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702743: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.702746: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.702748: | length/value: 128 (0x80) Aug 26 18:24:28.702751: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.702754: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702759: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.702762: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.702765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702771: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702774: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702779: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.702782: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.702785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702791: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702793: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702796: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.702801: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.702804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702814: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.702816: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.702819: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.702822: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.702825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.702828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.702831: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.702833: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:28.702836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.702839: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:28.702842: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:28.702846: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 18:24:28.702848: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 18:24:28.702854: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.702858: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 18:24:28.702939: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 18:24:28.702947: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:28.702952: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:28.702957: | #1 spent 0.709 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:28.702962: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 18:24:28.702966: | libevent_free: release ptr-libevent@0x56371f112808 Aug 26 18:24:28.702972: | timer_event_cb: processing event@0x7fcad0002b78 Aug 26 18:24:28.702975: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 18:24:28.702980: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.702986: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 18:24:28.702989: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f10b588 Aug 26 18:24:28.702992: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:24:28.702996: | libevent_malloc: new ptr-libevent@0x56371f112808 size 128 Aug 26 18:24:28.703013: | crypto helper 1 resuming Aug 26 18:24:28.703018: | crypto helper 1 starting work-order 6 for state #5 Aug 26 18:24:28.703023: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 18:24:28.703793: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000769 seconds Aug 26 18:24:28.703807: | (#5) spent 0.779 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:28.703812: | crypto helper 1 sending results from work-order 6 for state #5 to event queue Aug 26 18:24:28.703815: | scheduling resume sending helper answer for #5 Aug 26 18:24:28.703819: | libevent_malloc: new ptr-libevent@0x7fcac4002888 size 128 Aug 26 18:24:28.703824: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:28.703831: | libevent_free: release ptr-libevent@0x7fcad0002888 Aug 26 18:24:28.703834: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fcad0002b78 Aug 26 18:24:28.703839: | #5 spent 0.0426 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:28.703847: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.703851: | timer_event_cb: processing event@0x7fcadc002b78 Aug 26 18:24:28.703853: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:24:28.703857: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:28.703861: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:28.703863: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:28.703865: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:24:28.703868: | pstats #2 ikev2.child deleted completed Aug 26 18:24:28.703870: | #2 spent 7.39 milliseconds in total Aug 26 18:24:28.703874: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:28.703878: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 3.788s and NOT sending notification Aug 26 18:24:28.703880: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:28.703885: | get_sa_info esp.c648b913@192.1.2.23 Aug 26 18:24:28.703897: | get_sa_info esp.5c2f00b5@192.1.3.33 Aug 26 18:24:28.703904: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 18:24:28.703908: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:28.703959: | running updown command "ipsec _updown" for verb down Aug 26 18:24:28.703964: | command executing down-client Aug 26 18:24:28.703995: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:28.704002: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:24:28.704021: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843864' PLUTO_CO Aug 26 18:24:28.704025: | popen cmd is 1417 chars long Aug 26 18:24:28.704028: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:24:28.704031: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 18:24:28.704034: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 18:24:28.704037: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 18:24:28.704039: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:24:28.704042: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Aug 26 18:24:28.704045: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:24:28.704048: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 18:24:28.704050: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 18:24:28.704055: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:24:28.704058: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:24:28.704061: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:24:28.704064: | cmd( 960):LUTO_ADDTIME='1566843864' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Aug 26 18:24:28.704066: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Aug 26 18:24:28.704069: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Aug 26 18:24:28.704072: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Aug 26 18:24:28.704075: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Aug 26 18:24:28.704077: | cmd(1360):' SPI_IN=0xc648b913 SPI_OUT=0x5c2f00b5 ipsec _updown 2>&1: Aug 26 18:24:28.720014: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:28.720030: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:28.720035: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.720040: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:28.721794: | delete esp.c648b913@192.1.2.23 Aug 26 18:24:28.721949: | netlink response for Del SA esp.c648b913@192.1.2.23 included non-error error Aug 26 18:24:28.721958: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.721967: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:28.722214: | raw_eroute result=success Aug 26 18:24:28.722223: | delete esp.5c2f00b5@192.1.3.33 Aug 26 18:24:28.722356: | netlink response for Del SA esp.5c2f00b5@192.1.3.33 included non-error error Aug 26 18:24:28.722376: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:28.722381: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:24:28.722388: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:28.722401: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:28.722421: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:28.722425: | can't expire unused IKE SA #1; it has the child #5 Aug 26 18:24:28.722434: | libevent_free: release ptr-libevent@0x56371f10a4b8 Aug 26 18:24:28.722440: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fcadc002b78 Aug 26 18:24:28.722445: | in statetime_stop() and could not find #2 Aug 26 18:24:28.722448: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:28.722470: | processing resume sending helper answer for #5 Aug 26 18:24:28.722477: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 18:24:28.722483: | crypto helper 1 replies to request ID 6 Aug 26 18:24:28.722486: | calling continuation function 0x56371eceeb50 Aug 26 18:24:28.722494: | ikev2_child_outI_continue for #5 STATE_V2_REKEY_CHILD_I0 Aug 26 18:24:28.722498: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:28.722503: | libevent_free: release ptr-libevent@0x56371f112808 Aug 26 18:24:28.722507: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f10b588 Aug 26 18:24:28.722511: | event_schedule: new EVENT_SA_REPLACE-pe@0x56371f10b588 Aug 26 18:24:28.722516: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #5 Aug 26 18:24:28.722520: | libevent_malloc: new ptr-libevent@0x56371f10a4b8 size 128 Aug 26 18:24:28.722526: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.722534: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:28.722539: | libevent_malloc: new ptr-libevent@0x7fcad0002888 size 128 Aug 26 18:24:28.722547: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.722551: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 18:24:28.722554: | suspending state #5 and saving MD Aug 26 18:24:28.722557: | #5 is busy; has a suspended MD Aug 26 18:24:28.722562: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:28.722566: | "northnet-eastnets/0x1" #5 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:28.722571: | resume sending helper answer for #5 suppresed complete_v2_state_transition() Aug 26 18:24:28.722579: | #5 spent 0.0931 milliseconds in resume sending helper answer Aug 26 18:24:28.722585: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 18:24:28.722588: | libevent_free: release ptr-libevent@0x7fcac4002888 Aug 26 18:24:28.722594: | processing signal PLUTO_SIGCHLD Aug 26 18:24:28.722600: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:28.722605: | spent 0.00624 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:28.722611: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:28.722616: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 18:24:28.722622: | Message ID: #1.#5 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:28.722627: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:28.722631: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:28.722657: | **emit ISAKMP Message: Aug 26 18:24:28.722660: | initiator cookie: Aug 26 18:24:28.722663: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.722666: | responder cookie: Aug 26 18:24:28.722668: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.722671: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.722674: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.722677: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:28.722681: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:28.722684: | Message ID: 3 (0x3) Aug 26 18:24:28.722688: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.722691: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.722694: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.722697: | flags: none (0x0) Aug 26 18:24:28.722700: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.722703: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.722707: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.722734: | netlink_get_spi: allocated 0x6ef87082 for esp.0@192.1.3.33 Aug 26 18:24:28.722738: | Emitting ikev2_proposals ... Aug 26 18:24:28.722741: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:28.722743: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.722746: | flags: none (0x0) Aug 26 18:24:28.722749: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:28.722753: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.722758: | discarding INTEG=NONE Aug 26 18:24:28.722761: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.722763: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.722766: | prop #: 1 (0x1) Aug 26 18:24:28.722769: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.722772: | spi size: 4 (0x4) Aug 26 18:24:28.722775: | # transforms: 3 (0x3) Aug 26 18:24:28.722778: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.722782: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.722785: | our spi 6e f8 70 82 Aug 26 18:24:28.722788: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722793: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.722796: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.722799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722802: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.722805: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.722808: | length/value: 256 (0x100) Aug 26 18:24:28.722811: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.722814: | discarding INTEG=NONE Aug 26 18:24:28.722817: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722822: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.722824: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.722827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722833: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.722836: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722838: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.722841: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.722843: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.722846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722852: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.722855: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:28.722858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.722861: | discarding INTEG=NONE Aug 26 18:24:28.722864: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.722866: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.722869: | prop #: 2 (0x2) Aug 26 18:24:28.722871: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.722874: | spi size: 4 (0x4) Aug 26 18:24:28.722877: | # transforms: 3 (0x3) Aug 26 18:24:28.722880: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.722884: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.722887: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.722890: | our spi 6e f8 70 82 Aug 26 18:24:28.722892: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722900: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.722903: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.722906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722909: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.722912: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.722915: | length/value: 128 (0x80) Aug 26 18:24:28.722917: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.722920: | discarding INTEG=NONE Aug 26 18:24:28.722922: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722925: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722927: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.722930: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.722933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722939: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.722942: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.722945: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.722948: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.722950: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.722954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.722957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.722959: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.722962: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:28.722965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.722968: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.722971: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.722973: | prop #: 3 (0x3) Aug 26 18:24:28.722976: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.722979: | spi size: 4 (0x4) Aug 26 18:24:28.722982: | # transforms: 5 (0x5) Aug 26 18:24:28.722985: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.722988: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.722991: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.722994: | our spi 6e f8 70 82 Aug 26 18:24:28.722997: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.723000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723002: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.723005: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.723008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.723011: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.723014: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.723017: | length/value: 256 (0x100) Aug 26 18:24:28.723020: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.723022: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.723025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723030: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.723033: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.723036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723040: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.723043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.723046: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.723048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723051: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.723054: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.723057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.723063: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.723066: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.723068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.723071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.723073: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.723077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734326: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734331: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734335: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.734339: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.734342: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.734347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734355: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734358: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:28.734363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.734367: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.734370: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:28.734373: | prop #: 4 (0x4) Aug 26 18:24:28.734376: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:28.734379: | spi size: 4 (0x4) Aug 26 18:24:28.734382: | # transforms: 5 (0x5) Aug 26 18:24:28.734387: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.734391: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.734396: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:28.734399: | our spi 6e f8 70 82 Aug 26 18:24:28.734402: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734409: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.734412: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.734416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734423: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.734427: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.734430: | length/value: 128 (0x80) Aug 26 18:24:28.734434: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.734437: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734443: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.734447: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.734451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734459: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734462: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734469: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.734472: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.734476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734484: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734487: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.734497: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.734502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734513: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.734516: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.734519: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:28.734522: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:28.734527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.734531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.734534: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.734538: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:28.734542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.734545: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:28.734549: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:28.734555: "northnet-eastnets/0x1" #5: CHILD SA to rekey #2 vanished abort this exchange Aug 26 18:24:28.734559: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 18:24:28.734568: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.734573: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 18:24:28.734640: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 18:24:28.734650: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:28.734657: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:28.734666: | #1 spent 0.822 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:28.734672: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 18:24:28.734679: | libevent_free: release ptr-libevent@0x7fcad0002888 Aug 26 18:24:28.734695: | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:28.734712: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:28.734716: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.734719: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:24:28.734722: | 86 00 85 c2 91 c2 6a 76 ba 6f 0d f9 52 dc db 7b Aug 26 18:24:28.734725: | 06 e6 64 39 c8 b0 bc 02 17 f5 3d 60 75 a7 fc d6 Aug 26 18:24:28.734728: | 11 Aug 26 18:24:28.734733: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:28.734737: | **parse ISAKMP Message: Aug 26 18:24:28.734740: | initiator cookie: Aug 26 18:24:28.734743: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.734746: | responder cookie: Aug 26 18:24:28.734749: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.734752: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:28.734756: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.734759: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.734762: | flags: none (0x0) Aug 26 18:24:28.734765: | Message ID: 2 (0x2) Aug 26 18:24:28.734768: | length: 65 (0x41) Aug 26 18:24:28.734772: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:28.734776: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:28.734781: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:28.734788: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:28.734793: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:28.734799: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:28.734803: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:24:28.734808: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 18:24:28.734811: | unpacking clear payload Aug 26 18:24:28.734814: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:28.734818: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:28.734821: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:28.734824: | flags: none (0x0) Aug 26 18:24:28.734827: | length: 37 (0x25) Aug 26 18:24:28.734830: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:24:28.734836: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:24:28.734840: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:28.734868: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:28.734872: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:28.734875: | **parse IKEv2 Delete Payload: Aug 26 18:24:28.734879: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.734882: | flags: none (0x0) Aug 26 18:24:28.734885: | length: 8 (0x8) Aug 26 18:24:28.734888: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:28.734893: | SPI size: 0 (0x0) Aug 26 18:24:28.734896: | number of SPIs: 0 (0x0) Aug 26 18:24:28.734899: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:24:28.734903: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:28.734906: | Now let's proceed with state specific processing Aug 26 18:24:28.734909: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:28.734913: | an informational request should send a response Aug 26 18:24:28.734919: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:28.734923: | **emit ISAKMP Message: Aug 26 18:24:28.734926: | initiator cookie: Aug 26 18:24:28.734929: | 73 77 1e 27 b8 01 d1 a1 Aug 26 18:24:28.734932: | responder cookie: Aug 26 18:24:28.734935: | ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.734938: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.734941: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.734945: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:28.734948: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:28.734951: | Message ID: 2 (0x2) Aug 26 18:24:28.734955: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.734959: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:28.734962: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.734965: | flags: none (0x0) Aug 26 18:24:28.734969: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:28.734974: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:28.734978: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:28.734985: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:28.734990: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:28.734993: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:28.734997: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:24:28.735000: | emitting length of ISAKMP Message: 57 Aug 26 18:24:28.735021: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:28.735025: | 73 77 1e 27 b8 01 d1 a1 ba f2 59 ef 3f f8 6e a5 Aug 26 18:24:28.735028: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 18:24:28.735031: | 23 f0 3f 48 f9 fa 55 fc 4f 1e 8e e8 42 8a 13 2a Aug 26 18:24:28.735034: | 52 88 dd 70 87 fc 31 05 b8 Aug 26 18:24:28.735089: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:24:28.735099: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:24:28.735105: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:28.735109: | pstats #5 ikev2.child deleted other Aug 26 18:24:28.735113: | #5 spent 0.915 milliseconds in total Aug 26 18:24:28.735118: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:28.735123: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:28.735128: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.033s and NOT sending notification Aug 26 18:24:28.735132: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 18:24:28.735135: | state #5 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:28.735139: | libevent_free: release ptr-libevent@0x56371f10a4b8 Aug 26 18:24:28.735145: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f10b588 Aug 26 18:24:28.735151: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:28.735160: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:28.735178: | raw_eroute result=success Aug 26 18:24:28.735186: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:24:28.735192: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 18:24:28.735200: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:28.735234: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.735241: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.735249: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:28.735252: | pstats #4 ikev2.child deleted other Aug 26 18:24:28.735256: | #4 spent 1.1 milliseconds in total Aug 26 18:24:28.735261: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:28.735266: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:28.735270: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.048s and NOT sending notification Aug 26 18:24:28.735273: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 18:24:28.735277: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:28.735281: | libevent_free: release ptr-libevent@0x56371f122d98 Aug 26 18:24:28.735284: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56371f08a5a8 Aug 26 18:24:28.735294: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:28.735304: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:28.735317: | raw_eroute result=success Aug 26 18:24:28.735323: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.735327: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 18:24:28.735331: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:28.735349: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.735355: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.735360: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:24:28.735363: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:24:28.735367: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:28.735371: | #1 spent 31.6 milliseconds in total Aug 26 18:24:28.735376: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:24:28.735380: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 3.831s and NOT sending notification Aug 26 18:24:28.735384: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:24:28.738315: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:28.738339: | libevent_free: release ptr-libevent@0x56371f123338 Aug 26 18:24:28.738347: | free_event_entry: release EVENT_SA_REKEY-pe@0x56371f0fae08 Aug 26 18:24:28.738352: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:28.738356: | picked newest_isakmp_sa #0 for #1 Aug 26 18:24:28.738360: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:28.738364: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Aug 26 18:24:28.738368: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:24:28.738378: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:28.738382: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:24:28.738387: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:28.738399: | unreference key: 0x56371f0fe258 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 18:24:28.738436: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:24:28.738449: | unreference key: 0x56371f0fe258 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.738456: | unreference key: 0x56371f109a08 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.738464: | unreference key: 0x56371f1114b8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:28.738469: | unreference key: 0x56371f11cd58 east@testing.libreswan.org cnt 1-- Aug 26 18:24:28.738475: | unreference key: 0x56371f11e888 192.1.2.23 cnt 1-- Aug 26 18:24:28.738506: | in statetime_stop() and could not find #1 Aug 26 18:24:28.738511: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.738517: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:24:28.738520: | STF_OK but no state object remains Aug 26 18:24:28.738523: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:28.738526: | in statetime_stop() and could not find #1 Aug 26 18:24:28.738531: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:28.738535: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:28.738539: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:28.738547: | spent 0.937 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:28.738557: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:24:28.738561: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 18:24:28.738564: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:28.738569: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:28.738572: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 18:24:28.738576: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:28.738579: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:28.738590: | creating state object #6 at 0x56371f101418 Aug 26 18:24:28.738593: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 18:24:28.738599: | pstats #6 ikev2.ike started Aug 26 18:24:28.738603: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:28.738606: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:28.738612: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:28.738618: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:28.738623: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:28.738626: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:28.738631: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Aug 26 18:24:28.738635: "northnet-eastnets/0x2" #6: initiating v2 parent SA Aug 26 18:24:28.738652: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:28.738660: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 18:24:28.738665: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:28.738669: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:24:28.738673: | libevent_malloc: new ptr-libevent@0x7fcad0002888 size 128 Aug 26 18:24:28.738683: | #6 spent 0.114 milliseconds in ikev2_parent_outI1() Aug 26 18:24:28.738688: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:28.738691: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:28.738694: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:28.738699: | spent 0.138 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:24:28.739585: | crypto helper 2 resuming Aug 26 18:24:28.739601: | crypto helper 2 starting work-order 7 for state #6 Aug 26 18:24:28.739607: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 18:24:28.740591: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000983 seconds Aug 26 18:24:28.740608: | (#6) spent 0.994 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 18:24:28.740612: | crypto helper 2 sending results from work-order 7 for state #6 to event queue Aug 26 18:24:28.740615: | scheduling resume sending helper answer for #6 Aug 26 18:24:28.740619: | libevent_malloc: new ptr-libevent@0x7fcac8002888 size 128 Aug 26 18:24:28.740630: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:28.740641: | processing resume sending helper answer for #6 Aug 26 18:24:28.740653: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:28.740659: | crypto helper 2 replies to request ID 7 Aug 26 18:24:28.740663: | calling continuation function 0x56371eceeb50 Aug 26 18:24:28.740666: | ikev2_parent_outI1_continue for #6 Aug 26 18:24:28.740673: | **emit ISAKMP Message: Aug 26 18:24:28.740677: | initiator cookie: Aug 26 18:24:28.740680: | 0c d9 98 2f e1 b7 e5 58 Aug 26 18:24:28.740683: | responder cookie: Aug 26 18:24:28.740686: | 00 00 00 00 00 00 00 00 Aug 26 18:24:28.740689: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:28.740693: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:28.740697: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:28.740700: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:28.740703: | Message ID: 0 (0x0) Aug 26 18:24:28.740707: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:28.740734: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:28.740738: | Emitting ikev2_proposals ... Aug 26 18:24:28.740746: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:28.740750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.740753: | flags: none (0x0) Aug 26 18:24:28.740757: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:28.740761: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.740765: | discarding INTEG=NONE Aug 26 18:24:28.740768: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.740772: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.740775: | prop #: 1 (0x1) Aug 26 18:24:28.740778: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:28.740781: | spi size: 0 (0x0) Aug 26 18:24:28.740784: | # transforms: 11 (0xb) Aug 26 18:24:28.740788: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.740792: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740799: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.740802: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.740806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740810: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.740813: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.740816: | length/value: 256 (0x100) Aug 26 18:24:28.740820: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.740823: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740826: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740829: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.740832: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:28.740836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740844: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740848: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.740857: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:28.740862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740870: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740873: | discarding INTEG=NONE Aug 26 18:24:28.740877: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740883: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.740886: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.740891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740899: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740902: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.740914: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:28.740919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740923: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740927: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740930: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.740940: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:28.740945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740953: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.740967: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:28.740971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.740979: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.740983: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.740986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.740989: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.740992: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:28.740997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741004: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741008: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741014: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741018: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:28.741022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741030: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741033: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741037: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741040: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741043: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:28.741048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741057: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741061: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741064: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.741067: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741070: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:28.741075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741083: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741086: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:28.741090: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.741093: | discarding INTEG=NONE Aug 26 18:24:28.741097: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.741100: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.741103: | prop #: 2 (0x2) Aug 26 18:24:28.741106: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:28.741109: | spi size: 0 (0x0) Aug 26 18:24:28.741113: | # transforms: 11 (0xb) Aug 26 18:24:28.741117: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.741121: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.741125: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741131: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.741134: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:28.741139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741142: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.741145: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.741149: | length/value: 128 (0x80) Aug 26 18:24:28.741152: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.741155: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741162: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741165: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:28.741170: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741178: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741181: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741188: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741191: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:28.741195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741203: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741206: | discarding INTEG=NONE Aug 26 18:24:28.741209: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741217: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741220: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.741225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741236: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741239: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741243: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741246: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:28.741250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741258: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741261: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741271: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:28.741276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741283: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741287: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741302: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741306: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:28.741310: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741318: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741321: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741331: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:28.741335: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741343: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741346: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741350: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741353: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741356: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:28.741361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741373: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741380: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741383: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:28.741388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741399: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741402: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.741405: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741409: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:28.741413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741424: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:28.741428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.741432: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.741436: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.741439: | prop #: 3 (0x3) Aug 26 18:24:28.741442: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:28.741445: | spi size: 0 (0x0) Aug 26 18:24:28.741448: | # transforms: 13 (0xd) Aug 26 18:24:28.741453: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.741457: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.741460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741467: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.741470: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.741474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741478: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.741481: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.741484: | length/value: 256 (0x100) Aug 26 18:24:28.741488: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.741491: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741498: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741501: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:28.741506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741510: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741514: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741523: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741527: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:28.741533: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741541: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741544: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741550: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.741554: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.741558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741566: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741570: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741576: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.741579: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.741584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741588: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741592: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741605: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.741609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741617: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741620: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741630: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:28.741635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741639: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741642: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741646: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741652: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741655: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:28.741660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741667: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741671: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741682: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:28.741686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741694: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741697: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741704: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741707: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:28.741711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741719: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741722: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741732: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:28.741736: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741744: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741747: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741756: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:28.741760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741769: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741772: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741775: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.741778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741781: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:28.741786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741790: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741793: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741797: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:28.741801: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.741804: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:28.741808: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:28.741811: | prop #: 4 (0x4) Aug 26 18:24:28.741814: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:28.741817: | spi size: 0 (0x0) Aug 26 18:24:28.741820: | # transforms: 13 (0xd) Aug 26 18:24:28.741824: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:28.741830: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:28.741834: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741840: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:28.741843: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:28.741847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741851: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:28.741854: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:28.741857: | length/value: 128 (0x80) Aug 26 18:24:28.741861: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:28.741864: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741870: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741874: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:28.741878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741889: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741892: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741896: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:28.741899: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:28.741904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741912: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741915: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741921: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.741925: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:28.741929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741937: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741943: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741946: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:28.741950: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:28.741954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741958: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741962: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741965: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.741977: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.741981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.741989: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.741992: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.741996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.741999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742002: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:28.742007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742015: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742018: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742028: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:28.742032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742040: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742043: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742049: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742053: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:28.742057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742061: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742065: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742068: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742077: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:28.742082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742089: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742103: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:28.742107: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742115: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742118: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742123: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742126: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742129: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:28.742134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742141: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742145: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:28.742148: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:28.742151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:28.742154: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:28.742159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:28.742163: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:28.742167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:28.742170: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:28.742174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:28.742178: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:28.742181: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:28.742185: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:28.742188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.742192: | flags: none (0x0) Aug 26 18:24:28.742195: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:28.742200: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:28.742204: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.742208: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:28.742212: | ikev2 g^x dd 64 45 3d 22 08 c2 21 8d f6 a1 06 74 25 c4 8e Aug 26 18:24:28.742215: | ikev2 g^x 49 0d 87 7a b9 ad 5a 5e 37 21 6d 95 2d 35 9f 9b Aug 26 18:24:28.742218: | ikev2 g^x 27 3c 95 86 39 4d 5b 34 9d 7b c2 29 6b 98 d6 05 Aug 26 18:24:28.742222: | ikev2 g^x 2d 49 de 01 f7 dc 68 df 25 d6 76 7d 72 67 c7 c0 Aug 26 18:24:28.742225: | ikev2 g^x 0f 48 36 09 f9 48 10 c3 91 14 b1 2c 70 de 2a b9 Aug 26 18:24:28.742229: | ikev2 g^x fc 26 ec 79 27 8f 72 04 f5 b3 c2 2c 79 16 bf 0d Aug 26 18:24:28.742232: | ikev2 g^x 8a c5 56 c9 72 d6 8a 9e c5 5b 95 97 5d 11 ef 1c Aug 26 18:24:28.742235: | ikev2 g^x d2 67 39 1e b2 b1 3c 7a f3 6f dd d2 08 f2 98 ae Aug 26 18:24:28.742238: | ikev2 g^x 1f e4 63 eb 83 a0 8c 09 f7 cf e4 7e 26 71 a7 d2 Aug 26 18:24:28.742241: | ikev2 g^x 7a df 4f 22 d8 1d 6e 81 21 34 5b b3 7b 69 60 35 Aug 26 18:24:28.742245: | ikev2 g^x cf a4 6c 06 e2 79 2e d7 31 cd 8c b0 1f 0b 2a d1 Aug 26 18:24:28.742248: | ikev2 g^x 84 6d a0 5f d8 d8 5b 3f 0d 22 ad c4 7d 3a 3b 37 Aug 26 18:24:28.742251: | ikev2 g^x 5c 7b 27 9e ed 1d 92 94 2d 33 a4 4a f2 75 7b ed Aug 26 18:24:28.742255: | ikev2 g^x 45 fa ad 10 45 71 d1 91 e6 33 3a 52 dd 04 7b 2a Aug 26 18:24:28.742258: | ikev2 g^x d8 d1 97 2d 6c 04 fb 99 85 ab 36 dd 3a 5d af 23 Aug 26 18:24:28.742261: | ikev2 g^x 3f ee 45 47 80 18 cb 21 40 67 f3 fd 7c dd e9 8a Aug 26 18:24:28.742265: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:28.742268: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:28.742271: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:28.742275: | flags: none (0x0) Aug 26 18:24:28.742280: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:28.742284: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:28.742292: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.742298: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:28.742302: | IKEv2 nonce 8a e4 23 29 ef 4d 93 0f 06 e2 28 02 9e 05 d8 97 Aug 26 18:24:28.742305: | IKEv2 nonce 41 5d 0c 1c 64 10 62 6d 1b e2 0b 6c 0c 0b bf 46 Aug 26 18:24:28.742309: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:28.742312: | Adding a v2N Payload Aug 26 18:24:28.742315: | ***emit IKEv2 Notify Payload: Aug 26 18:24:28.742319: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.742322: | flags: none (0x0) Aug 26 18:24:28.742325: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:28.742329: | SPI size: 0 (0x0) Aug 26 18:24:28.742332: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:28.742337: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:28.742340: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.742344: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:28.742348: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:28.742352: | natd_hash: rcookie is zero Aug 26 18:24:28.742376: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:28.742380: | natd_hash: icookie= 0c d9 98 2f e1 b7 e5 58 Aug 26 18:24:28.742383: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:28.742386: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:28.742389: | natd_hash: port=500 Aug 26 18:24:28.742392: | natd_hash: hash= 21 d4 79 8e f9 2d 2d 6b 1f e9 a0 90 f8 f3 57 a3 Aug 26 18:24:28.742395: | natd_hash: hash= 20 21 00 b7 Aug 26 18:24:28.742398: | Adding a v2N Payload Aug 26 18:24:28.742401: | ***emit IKEv2 Notify Payload: Aug 26 18:24:28.742404: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.742407: | flags: none (0x0) Aug 26 18:24:28.742411: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:28.742414: | SPI size: 0 (0x0) Aug 26 18:24:28.742418: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:28.742422: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:28.742426: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.742430: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:28.742433: | Notify data 21 d4 79 8e f9 2d 2d 6b 1f e9 a0 90 f8 f3 57 a3 Aug 26 18:24:28.742436: | Notify data 20 21 00 b7 Aug 26 18:24:28.742439: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:28.742442: | natd_hash: rcookie is zero Aug 26 18:24:28.742449: | natd_hash: hasher=0x56371edc3800(20) Aug 26 18:24:28.742453: | natd_hash: icookie= 0c d9 98 2f e1 b7 e5 58 Aug 26 18:24:28.742456: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:28.742459: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:28.742461: | natd_hash: port=500 Aug 26 18:24:28.742465: | natd_hash: hash= 0b 76 fc b6 96 48 85 f5 81 a2 f5 25 98 e3 d8 5e Aug 26 18:24:28.742468: | natd_hash: hash= fd c0 3d 55 Aug 26 18:24:28.742470: | Adding a v2N Payload Aug 26 18:24:28.742473: | ***emit IKEv2 Notify Payload: Aug 26 18:24:28.742477: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:28.742479: | flags: none (0x0) Aug 26 18:24:28.742483: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:28.742486: | SPI size: 0 (0x0) Aug 26 18:24:28.742490: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:28.742496: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:28.742499: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:28.742503: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:28.742507: | Notify data 0b 76 fc b6 96 48 85 f5 81 a2 f5 25 98 e3 d8 5e Aug 26 18:24:28.742509: | Notify data fd c0 3d 55 Aug 26 18:24:28.742513: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:28.742516: | emitting length of ISAKMP Message: 828 Aug 26 18:24:28.742525: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:28.742534: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:28.742539: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:28.742543: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:28.742547: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:28.742551: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 18:24:28.742555: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 18:24:28.742562: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:28.742566: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:28.742572: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:28.742580: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 18:24:28.742583: | 0c d9 98 2f e1 b7 e5 58 00 00 00 00 00 00 00 00 Aug 26 18:24:28.742586: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:28.742589: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:28.742592: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:28.742596: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:28.742599: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:28.742602: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:28.742605: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:28.742608: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:28.742612: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:28.742615: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:28.742618: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:28.742621: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:28.742624: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:28.742627: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:28.742630: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:28.742633: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:28.742637: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:28.742640: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:28.742643: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:28.742646: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:28.742649: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:28.742652: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:28.742655: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:28.742658: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:28.742661: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:28.742665: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:28.742671: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:28.742675: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:28.742678: | 28 00 01 08 00 0e 00 00 dd 64 45 3d 22 08 c2 21 Aug 26 18:24:28.742681: | 8d f6 a1 06 74 25 c4 8e 49 0d 87 7a b9 ad 5a 5e Aug 26 18:24:28.742684: | 37 21 6d 95 2d 35 9f 9b 27 3c 95 86 39 4d 5b 34 Aug 26 18:24:28.742687: | 9d 7b c2 29 6b 98 d6 05 2d 49 de 01 f7 dc 68 df Aug 26 18:24:28.742691: | 25 d6 76 7d 72 67 c7 c0 0f 48 36 09 f9 48 10 c3 Aug 26 18:24:28.742694: | 91 14 b1 2c 70 de 2a b9 fc 26 ec 79 27 8f 72 04 Aug 26 18:24:28.742697: | f5 b3 c2 2c 79 16 bf 0d 8a c5 56 c9 72 d6 8a 9e Aug 26 18:24:28.742700: | c5 5b 95 97 5d 11 ef 1c d2 67 39 1e b2 b1 3c 7a Aug 26 18:24:28.742703: | f3 6f dd d2 08 f2 98 ae 1f e4 63 eb 83 a0 8c 09 Aug 26 18:24:28.742706: | f7 cf e4 7e 26 71 a7 d2 7a df 4f 22 d8 1d 6e 81 Aug 26 18:24:28.742709: | 21 34 5b b3 7b 69 60 35 cf a4 6c 06 e2 79 2e d7 Aug 26 18:24:28.742712: | 31 cd 8c b0 1f 0b 2a d1 84 6d a0 5f d8 d8 5b 3f Aug 26 18:24:28.742716: | 0d 22 ad c4 7d 3a 3b 37 5c 7b 27 9e ed 1d 92 94 Aug 26 18:24:28.742719: | 2d 33 a4 4a f2 75 7b ed 45 fa ad 10 45 71 d1 91 Aug 26 18:24:28.742722: | e6 33 3a 52 dd 04 7b 2a d8 d1 97 2d 6c 04 fb 99 Aug 26 18:24:28.742725: | 85 ab 36 dd 3a 5d af 23 3f ee 45 47 80 18 cb 21 Aug 26 18:24:28.742728: | 40 67 f3 fd 7c dd e9 8a 29 00 00 24 8a e4 23 29 Aug 26 18:24:28.742731: | ef 4d 93 0f 06 e2 28 02 9e 05 d8 97 41 5d 0c 1c Aug 26 18:24:28.742734: | 64 10 62 6d 1b e2 0b 6c 0c 0b bf 46 29 00 00 08 Aug 26 18:24:28.742738: | 00 00 40 2e 29 00 00 1c 00 00 40 04 21 d4 79 8e Aug 26 18:24:28.742741: | f9 2d 2d 6b 1f e9 a0 90 f8 f3 57 a3 20 21 00 b7 Aug 26 18:24:28.742744: | 00 00 00 1c 00 00 40 05 0b 76 fc b6 96 48 85 f5 Aug 26 18:24:28.742747: | 81 a2 f5 25 98 e3 d8 5e fd c0 3d 55 Aug 26 18:24:28.742804: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:28.742811: | libevent_free: release ptr-libevent@0x7fcad0002888 Aug 26 18:24:28.742816: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56371f08a5a8 Aug 26 18:24:28.742819: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:28.742823: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:28.742828: | event_schedule: new EVENT_RETRANSMIT-pe@0x56371f08a5a8 Aug 26 18:24:28.742832: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Aug 26 18:24:28.742836: | libevent_malloc: new ptr-libevent@0x56371f112808 size 128 Aug 26 18:24:28.742844: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29154.485293 Aug 26 18:24:28.742849: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:28.742858: | #6 spent 2.16 milliseconds in resume sending helper answer Aug 26 18:24:28.742864: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:28.742868: | libevent_free: release ptr-libevent@0x7fcac8002888 Aug 26 18:24:29.434946: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:29.434975: shutting down Aug 26 18:24:29.434986: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:29.434989: destroying root certificate cache Aug 26 18:24:29.435018: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:29.435022: forgetting secrets Aug 26 18:24:29.435032: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:29.435044: | unreference key: 0x56371f0fe048 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.435050: | unreference key: 0x56371f0fdaf8 user-east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.435060: | unreference key: 0x56371f0fd8d8 @east.testing.libreswan.org cnt 1-- Aug 26 18:24:29.435065: | unreference key: 0x56371f0fc128 east@testing.libreswan.org cnt 1-- Aug 26 18:24:29.435072: | unreference key: 0x56371f0fce78 192.1.2.23 cnt 1-- Aug 26 18:24:29.435082: | unreference key: 0x56371f0f75a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.435090: | unreference key: 0x56371f0f7388 user-north@testing.libreswan.org cnt 1-- Aug 26 18:24:29.435097: | unreference key: 0x56371f0f3eb8 @north.testing.libreswan.org cnt 1-- Aug 26 18:24:29.435104: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 18:24:29.435108: | removing pending policy for no connection {0x56371efdea58} Aug 26 18:24:29.435113: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.435116: | pass 0 Aug 26 18:24:29.435119: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.435122: | state #6 Aug 26 18:24:29.435127: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.435134: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:29.435137: | pstats #6 ikev2.ike deleted other Aug 26 18:24:29.435144: | #6 spent 3.27 milliseconds in total Aug 26 18:24:29.435150: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:29.435154: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.696s and NOT sending notification Aug 26 18:24:29.435158: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 18:24:29.435162: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:29.435166: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:29.435171: | libevent_free: release ptr-libevent@0x56371f112808 Aug 26 18:24:29.435175: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56371f08a5a8 Aug 26 18:24:29.435179: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:29.435183: | picked newest_isakmp_sa #0 for #6 Aug 26 18:24:29.435186: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:29.435191: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Aug 26 18:24:29.435195: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:24:29.435202: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:29.435206: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:29.435210: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:24:29.435213: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 18:24:29.435218: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:24:29.435234: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:29.435240: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:29.435243: | pass 1 Aug 26 18:24:29.435247: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.435252: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.435256: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.435260: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.435316: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:24:29.435331: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.435338: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.435342: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:29.435346: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.435350: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.435354: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 18:24:29.435358: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:29.435362: | command executing unroute-client Aug 26 18:24:29.435408: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Aug 26 18:24:29.435412: | popen cmd is 1282 chars long Aug 26 18:24:29.435416: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:29.435420: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:29.435423: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:29.435427: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:29.435431: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:29.435435: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 18:24:29.435438: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 18:24:29.435442: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 18:24:29.435446: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:24:29.435449: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 18:24:29.435453: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Aug 26 18:24:29.435457: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:24:29.435460: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:24:29.435464: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:24:29.435468: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:24:29.435472: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Aug 26 18:24:29.435474: | cmd(1280):&1: Aug 26 18:24:29.449986: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450045: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450078: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450111: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450142: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450174: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450213: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450245: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450275: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450309: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450477: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450510: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450538: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450568: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450598: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450628: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450661: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450693: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450725: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450761: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450797: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450829: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450858: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450887: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450916: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450944: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.450976: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451005: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451034: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451064: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451092: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451123: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451152: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451180: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451209: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451238: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451268: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451545: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.451586: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.479718: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Aug 26 18:24:29.479741: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:29.479768: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 18:24:29.479773: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:29.479776: | pass 0 Aug 26 18:24:29.479779: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.479782: | pass 1 Aug 26 18:24:29.479784: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:29.479789: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:29.479793: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:29.479797: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.479833: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:24:29.479846: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:29.479851: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:29.479857: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:29.479861: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:24:29.479865: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:29.479868: | command executing unroute-client Aug 26 18:24:29.479911: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Aug 26 18:24:29.479916: | popen cmd is 1280 chars long Aug 26 18:24:29.479919: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:29.479922: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 18:24:29.479925: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:24:29.479989: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 18:24:29.479994: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 18:24:29.479997: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 18:24:29.479999: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 18:24:29.480002: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 18:24:29.480005: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:24:29.480008: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:24:29.480010: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 18:24:29.480013: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 18:24:29.480016: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 18:24:29.480019: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 18:24:29.480022: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 18:24:29.480025: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:29.496639: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496694: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496706: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496717: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496731: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496759: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496765: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496777: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496783: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496797: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496808: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496926: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496934: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496937: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496940: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496942: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496945: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496978: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496981: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496984: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496987: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496991: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496994: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496996: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.496999: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497002: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497005: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497010: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497023: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497036: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497049: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497064: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497078: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497092: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497116: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497121: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497132: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497411: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.497453: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:29.503606: | free hp@0x56371f0fb9c8 Aug 26 18:24:29.503625: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 18:24:29.503631: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 18:24:29.503678: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:29.503682: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:29.503696: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:29.503701: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:29.503704: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:29.503707: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:24:29.503710: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:29.503713: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:24:29.503717: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:29.503730: | libevent_free: release ptr-libevent@0x56371f0e4688 Aug 26 18:24:29.503733: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0428 Aug 26 18:24:29.503745: | libevent_free: release ptr-libevent@0x56371f08b258 Aug 26 18:24:29.503748: | free_event_entry: release EVENT_NULL-pe@0x56371f0f04d8 Aug 26 18:24:29.503754: | libevent_free: release ptr-libevent@0x56371f08b308 Aug 26 18:24:29.503757: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0588 Aug 26 18:24:29.503763: | libevent_free: release ptr-libevent@0x56371f08a2c8 Aug 26 18:24:29.503766: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0638 Aug 26 18:24:29.503771: | libevent_free: release ptr-libevent@0x56371f0925d8 Aug 26 18:24:29.503774: | free_event_entry: release EVENT_NULL-pe@0x56371f0f06e8 Aug 26 18:24:29.503779: | libevent_free: release ptr-libevent@0x56371f0930f8 Aug 26 18:24:29.503782: | free_event_entry: release EVENT_NULL-pe@0x56371f0f0798 Aug 26 18:24:29.503789: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:29.504194: | libevent_free: release ptr-libevent@0x56371f0e4738 Aug 26 18:24:29.504203: | free_event_entry: release EVENT_NULL-pe@0x56371f0d8cc8 Aug 26 18:24:29.504209: | libevent_free: release ptr-libevent@0x56371f0d17a8 Aug 26 18:24:29.504212: | free_event_entry: release EVENT_NULL-pe@0x56371f0d8828 Aug 26 18:24:29.504216: | libevent_free: release ptr-libevent@0x56371f0d16f8 Aug 26 18:24:29.504219: | free_event_entry: release EVENT_NULL-pe@0x56371f092798 Aug 26 18:24:29.504224: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:29.504227: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:29.504229: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:29.504232: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:29.504235: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:29.504237: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:29.504240: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:29.504243: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:29.504245: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:29.504250: | libevent_free: release ptr-libevent@0x56371f096d68 Aug 26 18:24:29.504254: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:29.504258: | libevent_free: release ptr-libevent@0x56371f00c0a8 Aug 26 18:24:29.504262: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:29.504265: | libevent_free: release ptr-libevent@0x56371f00f558 Aug 26 18:24:29.504268: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:29.504271: | libevent_free: release ptr-libevent@0x56371f0efe48 Aug 26 18:24:29.504274: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:29.504276: | releasing event base Aug 26 18:24:29.504305: | libevent_free: release ptr-libevent@0x56371f0efd18 Aug 26 18:24:29.504312: | libevent_free: release ptr-libevent@0x56371f0d30e8 Aug 26 18:24:29.504316: | libevent_free: release ptr-libevent@0x56371f0d3098 Aug 26 18:24:29.504319: | libevent_free: release ptr-libevent@0x56371f0f2ed8 Aug 26 18:24:29.504322: | libevent_free: release ptr-libevent@0x56371f0d3058 Aug 26 18:24:29.504325: | libevent_free: release ptr-libevent@0x56371f0ef9a8 Aug 26 18:24:29.504328: | libevent_free: release ptr-libevent@0x56371f0efc18 Aug 26 18:24:29.504331: | libevent_free: release ptr-libevent@0x56371f0d3298 Aug 26 18:24:29.504333: | libevent_free: release ptr-libevent@0x56371f0d8898 Aug 26 18:24:29.504336: | libevent_free: release ptr-libevent@0x56371f0d84f8 Aug 26 18:24:29.504339: | libevent_free: release ptr-libevent@0x56371f0f0808 Aug 26 18:24:29.504344: | libevent_free: release ptr-libevent@0x56371f0f0758 Aug 26 18:24:29.504721: | libevent_free: release ptr-libevent@0x56371f0f06a8 Aug 26 18:24:29.504726: | libevent_free: release ptr-libevent@0x56371f0f05f8 Aug 26 18:24:29.504729: | libevent_free: release ptr-libevent@0x56371f0f0548 Aug 26 18:24:29.504731: | libevent_free: release ptr-libevent@0x56371f0f0498 Aug 26 18:24:29.504734: | libevent_free: release ptr-libevent@0x56371f00b948 Aug 26 18:24:29.504737: | libevent_free: release ptr-libevent@0x56371f0efc98 Aug 26 18:24:29.504740: | libevent_free: release ptr-libevent@0x56371f0efc58 Aug 26 18:24:29.504742: | libevent_free: release ptr-libevent@0x56371f0efb18 Aug 26 18:24:29.504745: | libevent_free: release ptr-libevent@0x56371f0efcd8 Aug 26 18:24:29.504748: | libevent_free: release ptr-libevent@0x56371f0ef9e8 Aug 26 18:24:29.504751: | libevent_free: release ptr-libevent@0x56371f0988f8 Aug 26 18:24:29.504753: | libevent_free: release ptr-libevent@0x56371f098878 Aug 26 18:24:29.504756: | libevent_free: release ptr-libevent@0x56371f00bcb8 Aug 26 18:24:29.504759: | releasing global libevent data Aug 26 18:24:29.504762: | libevent_free: release ptr-libevent@0x56371f098a78 Aug 26 18:24:29.504765: | libevent_free: release ptr-libevent@0x56371f0989f8 Aug 26 18:24:29.504768: | libevent_free: release ptr-libevent@0x56371f098978 Aug 26 18:24:29.504812: leak detective found no leaks